[Git][security-tracker-team/security-tracker][master] Add two new valkey issues (and mirror to redis and redict)

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 24 20:02:41 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af50b0ef by Salvatore Bonaccorso at 2026-02-24T21:01:15+01:00
Add two new valkey issues (and mirror to redis and redict)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -503,7 +503,11 @@ CVE-2026-23521 (Versions of the Traccar open-source GPS tracking system up to an
 CVE-2026-21864 (Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter ...)
 	NOT-FOR-US: Valkey-Bloom
 CVE-2026-21863 (Valkey is a distributed key-value database. Prior to versions 9.0.2, 8 ...)
-	TODO: check
+	- redis <unfixed>
+	- redict <unfixed>
+	- valkey <unfixed>
+	NOTE: https://github.com/valkey-io/valkey/security/advisories/GHSA-c677-q3wr-gggq
+	NOTE: Fixed by: https://github.com/valkey-io/valkey/commit/416939303d2550aefff73ac180f41b84c12ba6c0 (8.1.6)
 CVE-2026-21665 (The Print Service component of Fiserv Originate Loans Peripherals (for ...)
 	NOT-FOR-US: Fiserv Originate Loans Peripherals
 CVE-2026-1459 (A post-authentication command injection vulnerability in the TR-369 ce ...)
@@ -537,7 +541,11 @@ CVE-2025-69208 (free5GC UDR is the user data repository (UDR) for free5GC, an an
 CVE-2025-68930 (Versions of the Traccar open-source GPS tracking system up to and incl ...)
 	NOT-FOR-US: Traccar
 CVE-2025-67733 (Valkey is a distributed key-value database. Prior to versions 9.0.2, 8 ...)
-	TODO: check
+	- redis <unfixed>
+	- redict <unfixed>
+	- valkey <unfixed>
+	NOTE: https://github.com/valkey-io/valkey/security/advisories/GHSA-p876-p7q5-hv2m
+	NOTE: Fixed by: https://github.com/valkey-io/valkey/commit/3d7598e8c7db4857a0e76582861dec14b555c343 (8.1.6)
 CVE-2025-40541 (An Insecure Direct Object Reference (IDOR) vulnerability exists in Ser ...)
 	NOT-FOR-US: SolarWinds
 CVE-2025-40540 (A type confusion vulnerability exists in Serv-U which when exploited,  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af50b0ef1018b8ae0a6132b408075245cfe2cb0a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af50b0ef1018b8ae0a6132b408075245cfe2cb0a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260224/63d4b5ee/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list