[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2026-23479 in redis for bullseye LTS.

Chris Lamb (@lamby) lamby at debian.org
Tue Jun 9 22:18:25 BST 2026 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b08b8e8 by Chris Lamb at 2026-06-09T14:18:16-07:00
Triage CVE-2026-23479 in redis for bullseye LTS.

- - - - -
bf5f9bcd by Chris Lamb at 2026-06-09T14:18:17-07:00
Triage CVE-2026-23631 in redis for bullseye LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25887,6 +25887,7 @@ CVE-2026-25243 (Redis is an in-memory data structure store. In versions of redis
 CVE-2026-23631 (Redis is an in-memory data structure store. In all versions of redis-s ...)
 	[experimental] - redis 5:8.6.3-1
 	- redis <unfixed>
+	[bullseye] - redis <ignored> (Invasive to backport entire timedOut mechanism etc.)
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-8ghh-qpmp-7826
 	NOTE: https://www.zeroday.cloud/blog/redis-cve-2026-23631-dark-replica
 	NOTE: Fixed by: https://github.com/redis/redis/commit/0cca172a174642bdae03b871615227896274d9bb (8.6.3)
@@ -25894,6 +25895,7 @@ CVE-2026-23631 (Redis is an in-memory data structure store. In all versions of r
 CVE-2026-23479 (Redis is an in-memory data structure store. In redis-server from 7.2.0 ...)
 	[experimental] - redis 5:8.6.3-1
 	- redis <unfixed>
+	[bullseye] - redis <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-93m2-935m-8rj3
 	NOTE: https://www.zeroday.cloud/blog/redis-cve-2026-23479-deep-dive
 	NOTE: Fixed by: https://github.com/redis/redis/commit/c14e9925e571c3c8ecbeb8632fe834faa32175ea (8.6.3)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f5fcdc41c75cecb4457dbb3b27bda879baf575d6...bf5f9bcdfef9ae79278571fc2e8ad108c980c24c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f5fcdc41c75cecb4457dbb3b27bda879baf575d6...bf5f9bcdfef9ae79278571fc2e8ad108c980c24c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260609/f7b19003/attachment.htm>

More information about the debian-security-tracker-commits mailing list