oss-security - Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <7ddbe893-6bf2-4142-bbcd-c382a21dbed8@oracle.com>
Date: Thu, 16 Apr 2026 10:34:14 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com, yangjincheng1998@...il.com
Subject: Re: Apache Kvrocks affected by CVE-2024-31449 and
 CVE-2025-49844 (Redis Lua); fixed but no formal advisory

On 4/16/26 05:25, yangjincheng1998@...il.com wrote:
> Both downstream impacts were reported to the Kvrocks project and
> acknowledged by the maintainers; fixes have been merged:
> 
>    CVE-2024-31449 -> https://github.com/apache/kvrocks/issues/3433
>    CVE-2025-49844 -> https://github.com/apache/kvrocks/issues/3434

Are those the links you intended to send?  Both have subjects of
"Duplicate - please ignore" and their descriptions were edited to
just say "This issue was submitted in error. Please ignore."
-- 
         -Alan Coopersmith-                 alan.coopersmith@...cle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.