valkey (8.1.4+dfsg1-2) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/debian/valkey.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Repo size: 233472
Browser: https://salsa.debian.org/debian/valkey
Last scan: 2026-04-15 23:46:09+00
Next scan: 2026-04-23 17:19:00+00
Merge requests: 1

Debian changelog in Git:

valkey (8.1.4+dfsg1-2) unstable; urgency=medium

  * Fix CVE-2025-67733 (Closes: #1130911).
    A malicious user can use scripting commands to inject arbitrary
    information into the response stream for the given client, potentially
    corrupting or returning tampered data to other users on the same
    connection. The error handling code for lua scripts does not properly
    handle null characters.
    - d/p/CVE-2025-67733.patch
  * Fix CVE-2026-21863 (Closes: #1130911).
    A malicious actor with access to the Valkey clusterbus port can send an
    invalid packet that may cause an out bound read, which might result in
    the system crashing. The Valkey clusterbus packet processing code does
    not validate that a clusterbus ping extension packet is located within
    buffer of the clusterbus packet before attempting to read it.
    - d/p/CVE-2026-21863.patch

 -- Lucas Kanashiro <kanashiro@debian.org>  Mon, 30 Mar 2026 18:47:11 -0300

This branch is even with tag debian/8.1.4+dfsg1-2