[Git][security-tracker-team/security-tracker][master] Add CVE-2025-49112/valkey

Mon Jun 2 21:45:05 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f365b993 by Salvatore Bonaccorso at 2025-06-02T22:44:28+02:00
Add CVE-2025-49112/valkey

Track as well redict and redis and the issue at first analysis looks
present as well there.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -229,7 +229,11 @@ CVE-2025-49113 (Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows r
 	NOTE: https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695 (1.5.10)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e (1.5.10)
 CVE-2025-49112 (setDeferredReply in networking.c in Valkey through 8.1.1 has an intege ...)
-	TODO: check
+	- redict <unfixed>
+	- redis <unfixed>
+	- valkey <unfixed>
+	NOTE: https://github.com/valkey-io/valkey/pull/2101
+	NOTE: Fixed by: https://github.com/valkey-io/valkey/commit/374718b2a365ca69f715d542709b7d71540b1387
 CVE-2025-3951 (The WP-Optimize  WordPress plugin before 4.2.0 does not properly escap ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-25179 (Software installed and run as a non-privileged user may conduct improp ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f365b9933e217a1f88aa4c26456aa33233a72a5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f365b9933e217a1f88aa4c26456aa33233a72a5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250602/7fb4cf93/attachment.htm>
