redis (5:8.0.2-3+deb13u1) trixie-security; urgency=medium
* CVE-2025-49844 / CVE-2025-46819 / CVE-2025-46818 / CVE-2025-46817
-- Moritz Mühlenhoff <jmm@debian.org> Tue, 07 Oct 2025 20:00:58 +0200
redis (5:8.0.2-3) unstable; urgency=medium
* Add a patch to re-add "Redis ver. $REDIS_VERSION" output to the LOLWUT
~Easter Egg command output as a some testsuites were relying on it
existing. This upstream change was made in 8.0.2, not in 8.0.0.
-- Chris Lamb <lamby@debian.org> Mon, 14 Jul 2025 09:47:32 -0700
redis (5:8.0.2-2) unstable; urgency=high
* CVE-2025-32023: An authenticated user may have used a specially-crafted
string to trigger a stack/heap out-of-bounds write during hyperloglog
operations, potentially leading to remote code execution. Installations
that used Redis' ACL system to restrict hyperloglog "HLL" commands are
unaffected by this issue. (Closes: #1108975)
* CVE-2025-48367: An unauthenticated connection could have caused repeated IP
protocol errors, leading to client starvation and ultimately become a
Denial of Service (DoS) attack. (Closes: #1108981)
-- Chris Lamb <lamby@debian.org> Tue, 08 Jul 2025 14:02:33 -0700
redis (5:8.0.2-1) unstable; urgency=medium
* New upstream security release:
- CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof
caused by the use of memcpy with strlen(filepath) when copying a
user-supplied file path into a fixed-size stack buffer. This allowed an
attacker to overflow the stack and potentially achieve arbitrary code
execution. (Closes: #1106822)
* Update debian/watch to consider 8.x versions again after the recent
licensing change.
-- Chris Lamb <lamby@debian.org> Fri, 30 May 2025 12:05:58 -0700
redis (5:8.0.0-2) unstable; urgency=medium
* Upload 8.x series to unstable after relicensing; we should always prefer to
ship the latest upstream version, especially given Debian's support
timelines.
* Drop all CVE-related patches; applied upstream.
* Update debian/gbp.conf.
-- Chris Lamb <lamby@debian.org> Mon, 12 May 2025 14:43:28 -0700
redis (5:8.0.0-1) experimental; urgency=medium
* New upstream release under new AGPL-3 licensing scheme.
- Update debian/copyright.
- Drop all CVE-related patches; applied upstream.
- Update and simplify Debian's USE_SYSTEM_JEMALLOC patch.
* Pass CXXFLAGS when compiling fast_float so that hardening flags are
correctly passed to this dependency.
* Refresh patches.
* Drop unversioned Depends on Essential: yes package sysvinit-utils.
* Build-Depend on pkgconf over pkg-config.
* Bump Standards-Version to 4.7.2.
-- Chris Lamb <lamby@debian.org> Sun, 11 May 2025 15:23:26 -0700
redis (5:7.2.5-3) experimental; urgency=high
* Fix two security vulnerabilities:
- CVE-2024-46981: An authenticated user could have used a specially-crafted
Lua script to manipulate the garbage collector and potentially lead to
remote code execution.
* CVE-2024-51741: An authenticated user with sufficient privileges may have
created a malformed ACL selector which, when accessed, would have
triggered a server panic and subsequent denial of service.
(Closes: #1092370)
-- Chris Lamb <lamby@debian.org> Tue, 21 Jan 2025 10:00:03 +0000
redis (5:7.2.5-2) experimental; urgency=high
* Fix three new security vulnerabilities:
- CVE-2024-31227: An authenticated with sufficient privileges could have
created a malformed ACL selector which, when accessed, triggered a server
panic and subsequent denial of service.
- CVE-2024-31228: Authenticated users could have triggered a
denial-of-service by using specially crafted, long string match patterns
on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION
LIST`, `COMMAND | LIST` and ACL definitions. Matching of extremely long
patterns may have resulted in unbounded recursion, leading to stack overflow
and process crash.
- CVE-2024-31449: An authenticated user may have used a specially crafted
Lua script to trigger a stack buffer overflow in the bit library, which
may have potentially led to remote code execution.
(Closes: #1084805)
-- Chris Lamb <lamby@debian.org> Wed, 09 Oct 2024 13:51:24 -0700
redis (5:7.2.5-1) experimental; urgency=medium
* New upstream [BSD-licensed] release.
-- Chris Lamb <lamby@debian.org> Tue, 04 Jun 2024 08:35:47 +0100
redis (5:7.2.4-1) experimental; urgency=medium
* New upstream security release:
- CVE-2023-41056: In some cases, Redis may incorrectly handle resizing of
memory buffers which can result in incorrect accounting of buffer sizes
and lead to heap overflow and potential remote code execution. (Closes:
#1060316)
- For more information, please see:
<https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES>
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Tue, 09 Jan 2024 14:29:59 +0000
redis (5:7.2.3-1) experimental; urgency=medium
* New upstream release.
-- Chris Lamb <lamby@debian.org> Sat, 04 Nov 2023 10:20:29 +0100
redis (5:7.2.2-2) experimental; urgency=medium
* Drop ProcSubset=pid hardening flag from the systemd unit files it appears
to cause crashes with memory allocation errors. A huge thanks to Arnaud
Rebillout <arnaudr@kali.org> for the extensive investigation.
(Closes: #1055039)
-- Chris Lamb <lamby@debian.org> Tue, 31 Oct 2023 16:44:01 +0100
redis (5:7.2.2-1) experimental; urgency=high
* New upstream security release:
- CVE-2023-45145: On startup, Redis began listening on a Unix socket before
adjusting its permissions to the user-provided configuration. If a
permissive umask(2) was used, this created a race condition that enabled,
during a short period of time, another process to establish an otherwise
unauthorized connection. (Closes: #1054225)
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Thu, 19 Oct 2023 15:59:56 +0100
redis (5:7.2.1-2) experimental; urgency=medium
* Only install systemd units once. Thanks, Helmut! (Closes: #1054091)
-- Chris Lamb <lamby@debian.org> Tue, 17 Oct 2023 11:21:34 +0100
redis (5:7.2.1-1) experimental; urgency=medium
* New upstream security release:
- CVE-2023-41053: Redis did not correctly identify keys accessed by
`SORT_RO`, and as a result Redis may grant users executing this command
access to keys that are not explicitly authorized by the ACL
configuration. (Closes: #1051512)
<https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES>
-- Chris Lamb <lamby@debian.org> Fri, 08 Sep 2023 14:13:40 -0700
redis (5:7.2.0-2) experimental; urgency=medium
* Try and clean up better. (Closes: #1047506)
* Replace lsb-base dependencies with sysvinit-utils.
* Drop very old debian/NEWS entry.
-- Chris Lamb <lamby@debian.org> Thu, 24 Aug 2023 10:30:17 -0700
redis (5:7.2.0-1) experimental; urgency=medium
* New upstream stable release.
<https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES>
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Fri, 18 Aug 2023 14:17:31 -0400
redis (5:7.2-rc3-1) experimental; urgency=high
* New upstream security release.
<https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES>
- CVE-2022-24834: A specially-crafted Lua script executing in Redis could
have triggered a heap overflow in the cjson and cmsgpack libraries and
result in heap corruption and potentially remote code execution. The
problem exists in all versions of Redis with Lua scripting support and
affects only authenticated/authorised users.
- CVE-2023-36824: Extracting key names from a command and a list of
arguments may, in some cases, have triggered a heap overflow and result
in reading random heap memory, heap corruption and potentially remote
code execution. (Specifically using COMMAND GETKEYS* and validation of
key names in ACL rules). (Closes: #1040879)
* Refresh patches
-- Chris Lamb <lamby@debian.org> Wed, 12 Jul 2023 09:57:10 +0100
redis (5:7.2-rc2-1) experimental; urgency=medium
* New upstream release.
<https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES>
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Mon, 29 May 2023 07:03:00 -0400
redis (5:7.2-rc1-1) experimental; urgency=medium
* New upstream security release.
- CVE-2023-28856: Authenticated users could have used the HINCRBYFLOAT
command to create an invalid hash field that will crash the Redis server
on access. (Closes: #1034613)
For more information, please see:
<https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES>
-- Chris Lamb <lamby@debian.org> Thu, 20 Apr 2023 07:35:03 +0100
redis (5:7.2~rc1-1) experimental; urgency=medium
* New upstream experimental 7.2 release.
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Sat, 25 Mar 2023 10:07:53 +0000
redis (5:7.0.15-3.1) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2025-21605: Limit output buffer for unauthenticated clients
(Closes: #1104010)
-- Adrian Bunk <bunk@debian.org> Fri, 09 May 2025 16:03:22 +0300
redis (5:7.0.15-3) unstable; urgency=high
* Fix two security vulnerabilities:
- CVE-2024-46981: An authenticated user could have used a specially-crafted
Lua script to manipulate the garbage collector and potentially lead to
remote code execution.
* CVE-2024-51741: An authenticated user with sufficient privileges may have
created a malformed ACL selector which, when accessed, would have
triggered a server panic and subsequent denial of service.
(Closes: #1092370)
-- Chris Lamb <lamby@debian.org> Tue, 21 Jan 2025 10:10:10 +0000
redis (5:7.0.15-2) unstable; urgency=high
* Fix three new security vulnerabilities:
- CVE-2024-31227: An authenticated with sufficient privileges could have
created a malformed ACL selector which, when accessed, triggered a server
panic and subsequent denial of service.
- CVE-2024-31228: Authenticated users could have triggered a
denial-of-service by using specially crafted, long string match patterns
on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION
LIST`, `COMMAND | LIST` and ACL definitions. Matching of extremely long
patterns may have resulted in unbounded recursion, leading to stack overflow
and process crash.
- CVE-2024-31449: An authenticated user may have used a specially crafted
Lua script to trigger a stack buffer overflow in the bit library, which
may have potentially led to remote code execution.
(Closes: #1084805)
* Correct a link in previous changelog message.
-- Chris Lamb <lamby@debian.org> Wed, 09 Oct 2024 13:41:44 -0700
redis (5:7.0.15-1) unstable; urgency=medium
* New upstream security release:
- CVE-2023-41056: In some cases, Redis may incorrectly handle resizing of
memory buffers which can result in incorrect accounting of buffer sizes
and lead to heap overflow and potential remote code execution.
(Closes: #1060316)
- For more information, please see:
<https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES>
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Tue, 09 Jan 2024 13:42:30 +0000
redis (5:7.0.14-2) unstable; urgency=medium
* Drop ProcSubset=pid hardening flag from the systemd unit files it appears
to cause crashes with memory allocation errors. A huge thanks to Arnaud
Rebillout <arnaudr@kali.org> for the extensive investigation.
(Closes: #1055039)
-- Chris Lamb <lamby@debian.org> Tue, 31 Oct 2023 16:34:25 +0100
redis (5:7.0.14-1) unstable; urgency=high
* New upstream security release:
- CVE-2023-45145: On startup, Redis began listening on a Unix socket before
adjusting its permissions to the user-provided configuration. If a
permissive umask(2) was used, this created a race condition that enabled,
during a short period of time, another process to establish an otherwise
unauthorized connection. (Closes: #1054225)
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Thu, 19 Oct 2023 15:50:56 +0100
redis (5:7.0.13-2) unstable; urgency=medium
* Only install systemd units once. Thanks, Helmut Grohne. (Closes: #1054091)
-- Chris Lamb <lamby@debian.org> Tue, 17 Oct 2023 11:15:21 +0100
redis (5:7.0.13-1) unstable; urgency=high
* New upstream security release:
- CVE-2023-41053: Redis did not correctly identify keys accessed by
`SORT_RO`, and as a result Redis may grant users executing this command
access to keys that are not explicitly authorized by the ACL
configuration. (Closes: #1051512)
<https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES>
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Fri, 08 Sep 2023 14:04:13 -0700
redis (5:7.0.12-2) unstable; urgency=medium
* Try and clean up better. (Closes: #1047506)
* Allow arm64 crossbuild to run but not to fail the build if, for
instance, build-dependencies cannot be satisfied.
* Replace dependency on lsb-base with sysvinit-utils.
* Drop very debian/NEWS entry.
-- Chris Lamb <lamby@debian.org> Thu, 24 Aug 2023 10:33:48 -0700
redis (5:7.0.12-1) unstable; urgency=high
* New upstream security release:
- CVE-2022-24834: A specially-crafted Lua script executing in Redis could
have triggered a heap overflow in the cjson and cmsgpack libraries and
result in heap corruption and potentially remote code execution. The
problem exists in all versions of Redis with Lua scripting support and
affects only authenticated/authorised users.
- CVE-2023-36824: Extracting key names from a command and a list of
arguments may, in some cases, have triggered a heap overflow and result
in reading random heap memory, heap corruption and potentially remote
code execution. (Specifically using COMMAND GETKEYS* and validation of
key names in ACL rules). (Closes: #1040879)
For more information, please see:
<https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES>
-- Chris Lamb <lamby@debian.org> Wed, 12 Jul 2023 10:07:09 +0100
redis (5:7.0.11-1) unstable; urgency=high
* New upstream security release:
- CVE-2023-28856: Authenticated users could have used the HINCRBYFLOAT
command to create an invalid hash field that would have crashed the Redis
server on access. (Closes: #1034613)
For more information, please see:
https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Thu, 20 Apr 2023 07:38:23 +0100
redis (5:7.0.10-1) unstable; urgency=medium
* New upstream release.
- CVE-2023-28425: Unauthenticated users could have used the MSETNX command
to trigger a runtime assertion and termination of the Redis server
process. (Closes: #1033340)
* Refresh patches.
* Bump Standards-Version.
* Extend our USE_SYSTEM_JEMALLOC patch to support latest version.
-- Chris Lamb <lamby@debian.org> Sat, 25 Mar 2023 13:04:38 +0000
redis (5:7.0.9-1) unstable; urgency=high
* New upstream security release:
- CVE-2023-25155: Authenticated users issuing specially crafted
`SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an
integer overflow, resulting in a runtime assertion and termination of the
Redis server process. (Closes: #1032279)
- CVE-2022-36021: Authenticated users can use string matching commands
(like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a
denial-of-service attack on Redis, causing it to hang and consume 100%
CPU time.
* Refresh patches.
* Extend our USE_SYSTEM_JEMALLOC patch to support latest version.
-- Chris Lamb <lamby@debian.org> Sat, 04 Mar 2023 11:01:59 +0000
redis (5:7.0.8-4) unstable; urgency=medium
* Correct "delaycompress" typo in redis-server.logrotate, not just
redis-sentinel.logrotate. (Closes: #1031750)
-- Chris Lamb <lamby@debian.org> Tue, 21 Feb 2023 16:48:01 -0800
redis (5:7.0.8-3) unstable; urgency=medium
* Correct "delaycompress" typo. (Closes: #1031206)
-- Chris Lamb <lamby@debian.org> Mon, 13 Feb 2023 08:39:23 -0800
redis (5:7.0.8-2) unstable; urgency=medium
* Add delaycompess to logrotate configuration. Thanks, Marc Haber.
(Closes: #1029844)
-- Chris Lamb <lamby@debian.org> Mon, 30 Jan 2023 08:11:34 -0800
redis (5:7.0.8-1) unstable; urgency=high
* New upstream release.
<https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES>
* CVE-2023-22458: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
commands may have led to denial-of-service. (Closes: #1029363)
* CVE-2022-35977: Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands could have driven Redis to an OOM panic.
-- Chris Lamb <lamby@debian.org> Sun, 22 Jan 2023 08:46:14 -0800
redis (5:7.0.7-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Sat, 17 Dec 2022 10:21:39 +0000
redis (5:7.0.5-1) unstable; urgency=medium
* New upstream security release:
- CVE-2022-35951: Fix a heap overflow vulnerability in XAUTOCLAIM.
Executing an XAUTOCLAIM command on a stream key in a specific state, with
a specially crafted COUNT argument may have caused an integer overflow, a
subsequent heap overflow and potentially lead to remote code execution.
(Closes: #1020512)
* Refresh patches.
* Update debian/watch.
-- Chris Lamb <lamby@debian.org> Fri, 23 Sep 2022 11:12:24 +0100
redis (5:7.0.4-1) unstable; urgency=high
* New upstream security release.
* CVE-2022-31144: Prevent a potential heap overflow in Redis 7.0's
XAUTOCLAIM command.
-- Chris Lamb <lamby@debian.org> Mon, 18 Jul 2022 15:49:44 +0100
redis (5:7.0.3-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Bump Standards-Version to 4.6.1.
-- Chris Lamb <lamby@debian.org> Sat, 16 Jul 2022 07:27:57 +0100
redis (5:7.0.2-2) unstable; urgency=medium
* Add /lib to allowed ExecPaths to support both usr-merged and non-usr-merged
systems. Thanks to Christian Göttsche for the report. (Closes: #1013172)
-- Chris Lamb <lamby@debian.org> Sun, 19 Jun 2022 11:12:13 +0100
redis (5:7.0.2-1) unstable; urgency=medium
* New upstream release.
* Drop 0005-Fix-crash-when-systemd-ProcSubset-pid.patch; applied upstream.
-- Chris Lamb <lamby@debian.org> Fri, 17 Jun 2022 14:34:25 +0100
redis (5:7.0.1-4) unstable; urgency=medium
* Upload 7.x branch to unstable.
* Update gbp.conf.
-- Chris Lamb <lamby@debian.org> Fri, 17 Jun 2022 10:09:07 +0100
redis (5:7.0.1-3) experimental; urgency=medium
* Fix crash when systemd's ProcSubset=pid. /proc/sys/vm/overcommit_memory was
inaccessible and a log warning message was incorrectly constructed.
* Add missing CPPFLAGS when building hdr_histogram.
* Update Lintian overrides:
- Ignore maintainer-manual-page warnings.
- Ignore very-long-line-length-in-source-file warnings.
* Update my entry in debian/copyright.
* Update and renumber patches.
-- Chris Lamb <lamby@debian.org> Fri, 17 Jun 2022 10:09:03 +0100
redis (5:7.0.1-2) experimental; urgency=medium
* Drop support (in patches, etc.) for using the systemwide hiredis and Lua,
reverting to using the built-in cjson (etc.). (Closes: #1012658)
* Add an internal timeout for the cluster tests to prevent FTBFS.
(Closes: #1011187)
* Drop a duplicate comment in debian/rules.
-- Chris Lamb <lamby@debian.org> Tue, 14 Jun 2022 15:41:53 +0100
redis (5:7.0.1-1) experimental; urgency=medium
* New upstream release.
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Sat, 11 Jun 2022 07:34:58 +0100
redis (5:7.0.0-1) experimental; urgency=medium
* New upstream release.
- Disable, hopefully temporarily, the use of the systemwide Lua due to
Redis' fork gaining security/hardening features (eg.
lua_enablereadonlytable).
- Refresh patches.
-- Chris Lamb <lamby@debian.org> Sat, 30 Apr 2022 16:19:20 -0700
redis (5:7.0~rc3-1) experimental; urgency=medium
* New upstream release.
- Refresh patches.
-- Chris Lamb <lamby@debian.org> Thu, 14 Apr 2022 09:20:33 +0100
redis (5:7.0~rc2-2) experimental; urgency=high
* CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability.
This vulnerability existed because the Lua library in Debian is provided as
a dynamic library. A "package" variable was automatically populated that
in turn permitted access to arbitrary Lua functionality. As this extended
to, for example, the "execute" function from the "os" module, an attacker
with the ability to execute arbitrary Lua code could potentially execute
arbitrary shell commands.
Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and
reporting this issue. (Closes: #1005787)
-- Chris Lamb <lamby@debian.org> Tue, 08 Mar 2022 11:05:56 +0000
redis (5:7.0~rc2-1) experimental; urgency=medium
* New upstream RC release.
- Refresh patches.
-- Chris Lamb <lamby@debian.org> Sat, 05 Mar 2022 08:10:49 +0000
redis (5:7.0~rc1-1) experimental; urgency=medium
* New upstream 7.x release candidate.
* Refresh patches.
* Set some DEP-3 forwarded headers.
-- Chris Lamb <lamby@debian.org> Sat, 05 Feb 2022 16:36:54 -0800
redis (5:6.2.6-1) experimental; urgency=medium
* New upstream security release:
- CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less
common platforms.
- CVE-2021-32687: Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very
large value.
- CVE-2021-32675: Denial Of Service when processing RESP request payloads
with a large number of elements on many connections.
- CVE-2021-32672: Random heap reading issue with Lua Debugger.
- CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value,
zset-max-ziplist-entries or zset-max-ziplist-value.
- CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit.
- CVE-2021-32626: Specially crafted Lua scripts may result with Heap
buffer overflow.
- CVE-2021-41099: Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually
configured to a non-default, very large value.
* Refresh patches.
* Bump Standards-Version to 4.6.0.
-- Chris Lamb <lamby@debian.org> Mon, 04 Oct 2021 14:33:02 +0100
redis (5:6.2.5-4) experimental; urgency=medium
* Use /run instead of /var/run for PID and UNIX socket files. Thanks to
@MichaIng-guest for the patch. (Closes: lamby/pkg-redis!5)
-- Chris Lamb <lamby@debian.org> Thu, 26 Aug 2021 11:48:59 +0100
redis (5:6.2.5-3) experimental; urgency=medium
* Skip OOM-related tests on incompatible platforms. (Closes: #982122)
-- Chris Lamb <lamby@debian.org> Wed, 18 Aug 2021 14:26:17 +0100
redis (5:6.2.5-2) experimental; urgency=medium
* Explicitly specify USE_JEMALLOC to override upstream's detection of ARM
systems. This was affecting reproducibility as the aarch64 kernel flavour
was using Jemalloc whilst armv7l was not.
* Increase the verbosity of logging when testing. (Re: #991476)
-- Chris Lamb <lamby@debian.org> Wed, 11 Aug 2021 16:45:54 +0100
redis (5:6.2.5-1) experimental; urgency=medium
* New upstream security release:
- CVE-2021-32761: Integer overflow issues with BITFIELD command
on 32-bit systems.
* Bump Standards-Version to 4.5.1.
-- Chris Lamb <lamby@debian.org> Wed, 21 Jul 2021 22:17:19 +0100
redis (5:6.2.4-1) experimental; urgency=medium
* CVE-2021-32625: Fix a vulnerability in the STRALGO LCS command.
(Closes: #989351)
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Tue, 01 Jun 2021 17:33:02 +0100
redis (5:6.2.3-1) experimental; urgency=medium
* New upstream security release:
- CVE-2021-29477: Vulnerability in the STRALGO LCS command.
- CVE-2021-29478: Vulnerability in the COPY command for large intsets.
(Closes: #988045)
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Tue, 04 May 2021 11:00:25 +0100
redis (5:6.2.2-1) experimental; urgency=medium
* New upstream release.
* Apply wrap-and-sort -sa.
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Sat, 24 Apr 2021 12:37:27 +0100
redis (5:6.2.1-1) experimental; urgency=medium
* New upstream release.
-- Chris Lamb <lamby@debian.org> Sat, 06 Mar 2021 11:09:08 +0000
redis (5:6.2.0-1) experimental; urgency=medium
* New upstream release, incorporating some security fixes. (Closes: 983446)
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Wed, 24 Feb 2021 10:52:50 +0000
redis (5:6.2~rc3-1) experimental; urgency=medium
* New upstream RC release.
- Refresh patches.
-- Chris Lamb <lamby@debian.org> Wed, 03 Feb 2021 10:10:59 +0000
redis (5:6.2~rc2-2) experimental; urgency=medium
* Also remove the /etc/redis directory in purge.
* Allow /etc/redis to be rewritten. Thanks to Yossi Gottlieb for the patch.
(Closes: #981000)
-- Chris Lamb <lamby@debian.org> Mon, 25 Jan 2021 12:46:25 +0000
redis (5:6.2~rc2-1) experimental; urgency=medium
* New upstream release.
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Mon, 25 Jan 2021 12:46:23 +0000
redis (5:6.2~rc1-3) experimental; urgency=medium
* Specify "--supervised systemd" now that we specify "Type=notify" to prevent
failure under systemd. Thanks to Michael Prokop for the report.
-- Chris Lamb <lamby@debian.org> Wed, 23 Dec 2020 10:36:55 +0000
redis (5:6.2~rc1-2) experimental; urgency=medium
[ Michael Prokop ]
* Enable systemd support by compiling against libsystemd-dev.
(Closes: #977852)
[ Chris Lamb ]
* Use Type=notify to use systemd supervisor when generating our systemd
service files.
* Explicitly request systemd support when building the package.
-- Chris Lamb <lamby@debian.org> Tue, 22 Dec 2020 12:27:42 +0000
redis (5:6.2~rc1-1) experimental; urgency=medium
* New upstream RC release.
- Update patches.
* Bump Standards-Version to 4.5.1.
-- Chris Lamb <lamby@debian.org> Sat, 19 Dec 2020 11:19:11 +0000
redis (5:6.0.1-1) experimental; urgency=medium
* New upstream "General Availability" release.
<https://raw.githubusercontent.com/antirez/redis/6.0/00-RELEASENOTES>
-- Chris Lamb <lamby@debian.org> Wed, 06 May 2020 16:27:19 +0100
redis (5:6.0~rc4-1) experimental; urgency=medium
* New upstream beta release.
<https://raw.githubusercontent.com/antirez/redis/6.0/00-RELEASENOTES>
* Use the newly-package liblzf-dev package over the local version.
(Closes: #958321)
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Tue, 21 Apr 2020 11:51:41 +0100
redis (5:6.0~rc3-1) experimental; urgency=medium
* New upstream beta release.
<https://raw.githubusercontent.com/antirez/redis/6.0/00-RELEASENOTES>
-- Chris Lamb <lamby@debian.org> Wed, 15 Apr 2020 11:22:59 +0100
redis (5:6.0~rc2-1) experimental; urgency=medium
* New upstream beta release.
<https://raw.githubusercontent.com/antirez/redis/6.0/00-RELEASENOTES>
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Wed, 11 Mar 2020 13:32:21 +0000
redis (5:6.0~rc1-3) experimental; urgency=medium
* Install openssl in the testsuite; required for generating test
certificates.
* Correct a typo in a previous changelog entry.
-- Chris Lamb <lamby@debian.org> Wed, 04 Mar 2020 08:22:14 -0800
redis (5:6.0~rc1-2) experimental; urgency=medium
* Add support for TLS added in Redis 6.x. Thanks to Jason Perrin for the
patch. (Closes: #951255)
* Add a comment regarding why we export a MAKEFLAGS variable in debian/rules.
* Bump Standards-Version to 4.5.0.
-- Chris Lamb <lamby@debian.org> Thu, 13 Feb 2020 14:20:15 +0000
redis (5:6.0~rc1-1) experimental; urgency=medium
* New upstream RC1 release.
<http://antirez.com/news/131>
* Refresh patches.
* Disable using the system hiredis for now, awaiting a a new upstream
release.
-- Chris Lamb <lamby@debian.org> Sat, 21 Dec 2019 15:28:01 +0000
redis (5:5.0.7-1) unstable; urgency=medium
* New upstream bugfix release.
<https://groups.google.com/forum/#!topic/redis-db/LYBeXlUKU6c>
* Bump Standards-Version to 4.4.1.
* Run wrap-and-sort -sa.
-- Chris Lamb <lamby@debian.org> Fri, 22 Nov 2019 20:46:19 -0500
redis (5:5.0.6-1) unstable; urgency=medium
* New upstream release.
<https://groups.google.com/forum/#!topic/redis-db/qTRdgyEbyYU>
* Specify "Rules-Requires-Root: no">.
-- Chris Lamb <lamby@debian.org> Fri, 27 Sep 2019 16:48:24 +0100
redis (5:5.0.5-2) unstable; urgency=medium
* Sourceful upload to unstable to ensure testing migration.
* Bump Standards-Version to 4.4.0.
* Don't build release tags in gitlab-ci.yml.
-- Chris Lamb <lamby@debian.org> Sat, 20 Jul 2019 17:14:37 -0300
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog redis-server`.
Generated by dwww version 1.16 on Tue Dec 16 07:39:50 CET 2025.