aerc (0.20.0-2) unstable; urgency=medium . * Add patch to fix temp file creation python-fakeredis (2.29.0-4) unstable; urgency=medium . * Update the list of flaky tests that are not run during autopkgtest execution; some of these had been renamed/reorganised since they were originally added. (Closes: #1105992) python-fakeredis (2.29.0-3) unstable; urgency=medium . * Address autopkgtest regression issues: - Require Redis >= 8.x and python3-mock to run the latest autopkgtests. - Disable the "test_time" test due to an incompatibility with the new version of Mock and mock_use_standalone_module. (Closes: #1105992) python-fakeredis (2.29.0-2) unstable; urgency=medium . * Additionally allow the test_hsetex_expiration_ex_and_keepttl autopkgtest to fail, following other failed tests. python-fakeredis (2.29.0-1) unstable; urgency=medium . * New upstream release. - Prevents autopkgtest regressions in src:python-redis which is, in turn, affecting the migration of src:redis. * Bump Standards-Version to 4.7.2. * Add myself to Uploaders. * Use py3versions -s ("supported") over -i ("installed") in autopkgtests in order to avoid issues during Python transitions. python-redis (6.1.0-2) unstable; urgency=medium . * Use math.isclose() over testing for floating point equality. This should fix broken autopkgtests on the arm64, ppc64el, riscv64 and s390x architectures. (Closes: #1106376) python-redis (6.1.0-1) unstable; urgency=medium . * New upstream release. * Rework patches. * Add new build requirement, python3-hatchling. * Autopkgtests: - Add python3-mock as a requirement to run the autopkgtests. - Don't run the (failing) get_set_retry_object_for_cluster_client test during autopkgtests. * Update renamed Lintian tag to the new value, debian-watch-does-not-check-openpgp-signature. * Fix package long description to avoid Lintian warnings. * Bump Standards-Verison to 4.7.2. redis (5:8.0.0-2) unstable; urgency=medium . * Upload 8.x series to unstable after relicensing; we should always prefer to ship the latest upstream version, especially given Debian's support timelines. * Drop all CVE-related patches; applied upstream. * Update debian/gbp.conf. redis (5:8.0.0-1) experimental; urgency=medium . * New upstream release under new AGPL-3 licensing scheme. - Update debian/copyright. - Drop all CVE-related patches; applied upstream. - Update and simplify Debian's USE_SYSTEM_JEMALLOC patch. * Pass CXXFLAGS when compiling fast_float so that hardening flags are correctly passed to this dependency. * Refresh patches. * Drop unversioned Depends on Essential: yes package sysvinit-utils. * Build-Depend on pkgconf over pkg-config. * Bump Standards-Version to 4.7.2. redis (5:7.2.5-3) experimental; urgency=high . * Fix two security vulnerabilities: . - CVE-2024-46981: An authenticated user could have used a specially-crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. . * CVE-2024-51741: An authenticated user with sufficient privileges may have created a malformed ACL selector which, when accessed, would have triggered a server panic and subsequent denial of service. . (Closes: #1092370) redis (5:7.2.5-2) experimental; urgency=high . * Fix three new security vulnerabilities: . - CVE-2024-31227: An authenticated with sufficient privileges could have created a malformed ACL selector which, when accessed, triggered a server panic and subsequent denial of service. . - CVE-2024-31228: Authenticated users could have triggered a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND | LIST` and ACL definitions. Matching of extremely long patterns may have resulted in unbounded recursion, leading to stack overflow and process crash. . - CVE-2024-31449: An authenticated user may have used a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may have potentially led to remote code execution. . (Closes: #1084805) redis (5:7.2.5-1) experimental; urgency=medium . * New upstream [BSD-licensed] release. redis (5:7.2.4-1) experimental; urgency=medium . * New upstream security release: . - CVE-2023-41056: In some cases, Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execution. (Closes: #1060316) . - For more information, please see: . * Refresh patches. redis (5:7.2.3-1) experimental; urgency=medium . * New upstream release. redis (5:7.2.2-2) experimental; urgency=medium . * Drop ProcSubset=pid hardening flag from the systemd unit files it appears to cause crashes with memory allocation errors. A huge thanks to Arnaud Rebillout for the extensive investigation. (Closes: #1055039) redis (5:7.2.2-1) experimental; urgency=high . * New upstream security release: . - CVE-2023-45145: On startup, Redis began listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) was used, this created a race condition that enabled, during a short period of time, another process to establish an otherwise unauthorized connection. (Closes: #1054225) . * Refresh patches. redis (5:7.2.1-2) experimental; urgency=medium . * Only install systemd units once. Thanks, Helmut! (Closes: #1054091) redis (5:7.2.1-1) experimental; urgency=medium . * New upstream security release: . - CVE-2023-41053: Redis did not correctly identify keys accessed by `SORT_RO`, and as a result Redis may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. (Closes: #1051512) . redis (5:7.2.0-2) experimental; urgency=medium . * Try and clean up better. (Closes: #1047506) * Replace lsb-base dependencies with sysvinit-utils. * Drop very old debian/NEWS entry. redis (5:7.2.0-1) experimental; urgency=medium . * New upstream stable release. * Refresh patches. redis (5:7.2-rc3-1) experimental; urgency=high . * New upstream security release. . - CVE-2022-24834: A specially-crafted Lua script executing in Redis could have triggered a heap overflow in the cjson and cmsgpack libraries and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support and affects only authenticated/authorised users. . - CVE-2023-36824: Extracting key names from a command and a list of arguments may, in some cases, have triggered a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. (Specifically using COMMAND GETKEYS* and validation of key names in ACL rules). (Closes: #1040879) . * Refresh patches redis (5:7.2-rc2-1) experimental; urgency=medium . * New upstream release. * Refresh patches. redis (5:7.2~rc1-1) experimental; urgency=medium . * New upstream experimental 7.2 release. * Refresh patches. redis (5:7.0.15-3.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-21605: Limit output buffer for unauthenticated clients (Closes: #1104010) REMOVED: rust-protoc-rust 2.27.1-1 REMOVED: rust-protobuf-codegen-pure 2.27.1-1 REMOVED: rust-protobuf 2.27.1-1 REMOVED: rust-ttrpc 0.8.2-1 REMOVED: rust-protobuf-codegen 2.27.1-1