** Description changed: This bug tracks an update for the Valkey package, moving to versions: * resolute (26.04) - 9.0.3 * questing (25.10) - 8.1.6 * noble (24.04) - 7.2.12 These updates include bug fixes following the SRU special case documentation at https://documentation.ubuntu.com/sru/en/latest/reference/exception- Valkey-Updates [Upstream changes] CVE Fixes: All versions: (CVE-2025-67733) RESP Protocol Injection via Lua error_reply (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message 9.0.x: (CVE-2026-27623) Reset request type after handling empty requests Additional bug fixes: 9.0.3: https://github.com/valkey-io/valkey/pull/3160 https://github.com/valkey-io/valkey/pull/3182 https://github.com/valkey-io/valkey/pull/3205 8.1.5-8.1.6: https://github.com/valkey-io/valkey/pull/2944 https://github.com/valkey-io/valkey/pull/2983 https://github.com/valkey-io/valkey/pull/3005 https://github.com/valkey-io/valkey/pull/3160 https://github.com/valkey-io/valkey/pull/3182 https://github.com/valkey-io/valkey/pull/3205 https://github.com/valkey-io/valkey/pull/1826 https://github.com/valkey-io/valkey/pull/2753 https://github.com/valkey-io/valkey/pull/2817 https://github.com/valkey-io/valkey/pull/2840 https://github.com/valkey-io/valkey/pull/2899 7.2.12 https://github.com/valkey-io/valkey/pull/2787 https://github.com/valkey-io/valkey/pull/2830 https://github.com/valkey-io/valkey/pull/3160 changelog - https://github.com/valkey-io/valkey/releases Based on release notes and commit logs, I do not see any backwards- incompatible changes that will affect users in the new versions. [Test Plan] - TODO: Check DEP-8 and reverse-depends DEP-8 tests pass - TODO: if there are any non passing tests - explain why that is ok in this case - TODO: add results of an autopkgtest run against all the new versions + Valkey autopkgtests: + + Direct links for autopkgtest results on amd64: + + https://autopkgtest.ubuntu.com/results/autopkgtest-resolute-lvoytek- + valkey-sru/resolute/amd64/v/valkey/20260224_193852_d8c8b@/log.gz + + https://autopkgtest.ubuntu.com/results/autopkgtest-questing-lvoytek- + valkey-sru/questing/amd64/v/valkey/20260224_200406_6008a@/log.gz + + https://autopkgtest.ubuntu.com/results/autopkgtest-noble-lvoytek-valkey- + sru/noble/amd64/v/valkey/20260224_193905_c799b@/log.gz + + All other architectures were also successful against the PPA: + https://launchpad.net/~lvoytek/+archive/ubuntu/valkey-sru [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu- specific integrations. Previous Backports: (LP: #2127122) (LP: #2097546) (LP: #2091129) (LP: #2115258)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2142590 Title: Update Valkey to 7.2.12 in noble, 8.1.6 in questing, and 9.0.3 in resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2142590/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
