Package "valkey"

  valkey (8.0.6+dfsg1-0ubuntu0.1) plucky; urgency=medium

  * New upstream version 8.0.6 (LP: #2127122)
    - Security fixes:
      + CVE-2025-49844: Lua script may lead to remote code execution.
      + CVE-2025-46817: Lua script may lead to int overflow and potential RCE.
      + CVE-2025-46818: Lua script can be executed in context of another user.
      + CVE-2025-46819: LUA out-of-bound read.
      + CVE-2025-49112: Integer underflow in setDeferredReply networking.c.
      + CVE-2025-27151: Check length of AOF file name in valkey-check-aof and
        reject paths longer than PATH_MAX.
    - Bug fixes:
      + Fix accounting for dual channel RDB bytes in replication stats.
      + Fix dual rdb channel connection conn error log.
      + Only mark the client reprocessing flag when unblocked on keys.
      + Fix memory corruption in sharded pubsub unsubscribe.
      + Free module context even if there was no content written in auxsave2.
      + Do not unpause paused clients with client unblock.
      + Fix Detect SSL_new() returning NULL in outgoing connections.
      + Correctly cast the extension lengths.
      + Fix replica can't finish failover when config epoch is outdated.
      + Fix cluster wrong myself port after updating port/tls-port.
      + Ensure empty error tables in scripts don't crash Valkey.
      + Fix client tracking memory overhead calculation.
      + Converge shard-id persisted in nodes.conf to primary's shard id.
      + Fix pre-size hashtables per slot when reading RDB files.
    - Updates:
      + Trigger the election as soon as possible when doing a forced manual
        failover.
      + Make manual failover reset the on-going election to promote failover.
      + Fix logs when failover auth denied due to slot epoch.
    - Features:
      + Add a filter option to drop all cluster packets.

 -- Lena Voytek <email address hidden> Sat, 11 Oct 2025 23:25:21 -0400

  valkey (8.0.4+dfsg1-0ubuntu0.1) plucky; urgency=medium

  * New upstream version 8.0.4 (LP: #2115258)
    - Security fixes:
      + CVE-2025-21605: Allocation of Resources Without Limits or Throttling.
      + CVE-2025-32023: Out-of-bounds write during hyperloglog operations
      + CVE-2025-48367: IP Protocol errors resulting in DoS
    - Bug fixes:
      + Optimize RDB Load Performance and Fix Cluster Mode Resizing.
      + Fix memory leak in forgotten node ping ext code path.
      + Fix cluster info sent stats for message with light header.
      + Fix module LatencyAddSample still work when latency-monitor-threshold
        is 0.
      + Fix raxRemove crash at memcpy() due to key size exceeds max Rax size.
      + Fix error "SSL routines::bad length" when connTLSWrite is called
        second time with smaller buffer.
      + Fix temp file leak druing replication error handling.
      + Fix ACL LOAD crash on replica since the primary client don't has a
        user.
      + Fix RANDOMKEY infinite loop during CLIENT PAUSE.
      + Fix adding samples to stream object consumer trees.
      + Fix cluster slot stats assertion during promotion of replica.
      + Fix panic in primary when blocking shutdown after previous block with
        timeout.
      + Ignore stale gossip packets that arrive out of order.
      + Fix incorrect lag reported in XINFO GROUPS.
      + Avoid shard id update of replica if not matching with primary shard id.

 -- Lena Voytek <email address hidden> Tue, 24 Jun 2025 14:45:07 -0400