Public bug reported: This bug tracks an update for the Valkey package, moving to versions:
* resolute (26.04) - 9.0.3 * questing (25.10) - 8.1.6 * noble (24.04) - 7.2.12 These updates include bug fixes following the SRU special case documentation at https://documentation.ubuntu.com/sru/en/latest/reference/exception- Valkey-Updates [Upstream changes] CVE Fixes: All versions: (CVE-2025-67733) RESP Protocol Injection via Lua error_reply (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message 9.0.x: (CVE-2026-27623) Reset request type after handling empty requests Additional bug fixes: 9.0.3: https://github.com/valkey-io/valkey/pull/3160 https://github.com/valkey-io/valkey/pull/3182 https://github.com/valkey-io/valkey/pull/3205 8.1.6: https://github.com/valkey-io/valkey/pull/2944 https://github.com/valkey-io/valkey/pull/2983 https://github.com/valkey-io/valkey/pull/3005 https://github.com/valkey-io/valkey/pull/3160 https://github.com/valkey-io/valkey/pull/3182 https://github.com/valkey-io/valkey/pull/3205 7.2.12 https://github.com/valkey-io/valkey/pull/2787 https://github.com/valkey-io/valkey/pull/2830 https://github.com/valkey-io/valkey/pull/3160 changelog - https://github.com/valkey-io/valkey/releases TODO: Specifically note any backwards-incompatible changes or features added by upstream and their announcements/release notes and relevant commits. [Test Plan] TODO: Check DEP-8 and reverse-depends DEP-8 tests pass TODO: if there are any non passing tests - explain why that is ok in this case TODO: add results of an autopkgtest run against all the new versions [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu- specific integrations. Previous Backports: (LP: #2127122) (LP: #2097546) (LP: #2091129) (LP: #2115258) ** Affects: valkey (Ubuntu) Importance: Undecided Assignee: Lena Voytek (lvoytek) Status: In Progress ** Affects: valkey (Ubuntu Noble) Importance: Critical Assignee: Lena Voytek (lvoytek) Status: New ** Affects: valkey (Ubuntu Questing) Importance: Critical Assignee: Lena Voytek (lvoytek) Status: New ** Affects: valkey (Ubuntu Resolute) Importance: Undecided Assignee: Lena Voytek (lvoytek) Status: In Progress ** Also affects: valkey (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: valkey (Ubuntu Resolute) Importance: Undecided Status: New ** Also affects: valkey (Ubuntu Questing) Importance: Undecided Status: New ** Changed in: valkey (Ubuntu Noble) Assignee: (unassigned) => Lena Voytek (lvoytek) ** Changed in: valkey (Ubuntu Questing) Assignee: (unassigned) => Lena Voytek (lvoytek) ** Changed in: valkey (Ubuntu Resolute) Assignee: (unassigned) => Lena Voytek (lvoytek) ** Changed in: valkey (Ubuntu Noble) Importance: Undecided => Critical ** Changed in: valkey (Ubuntu Questing) Importance: Undecided => Critical ** Changed in: valkey (Ubuntu Resolute) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2142590 Title: Update Valkey to 7.2.12 in noble, 8.1.6 in questing, and 9.0.3 in resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2142590/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
