From 60e7b0a97e87ba1dcb4835ac452b9ab13282ea57beece275ba5ccefaa40a500c Mon Sep 17 00:00:00 2001
From: Robert Frohl <rfrohl@noreply.src.opensuse.org>
Date: Wed, 26 Nov 2025 13:03:41 +0100
Subject: [PATCH 1/2] Update submodules from pool/redis#1 and create
 patchinfo.20251126120323268597.93181000773252/_patchinfo

---
 .../_patchinfo                                | 63 +++++++++++++++++++
 redis                                         |  2 +-
 2 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 patchinfo.20251126120323268597.93181000773252/_patchinfo

diff --git a/patchinfo.20251126120323268597.93181000773252/_patchinfo b/patchinfo.20251126120323268597.93181000773252/_patchinfo
new file mode 100644
index 0000000..5bc834c
--- /dev/null
+++ b/patchinfo.20251126120323268597.93181000773252/_patchinfo
@@ -0,0 +1,63 @@
+<patchinfo>
+  <issue tracker="cve" id="2025-46817">cve#2025-46817 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-46817</issue>
+  <issue tracker="cve" id="2025-62507">cve#2025-62507 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-62507</issue>
+  <issue tracker="cve" id="2025-49844">cve#2025-49844 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-49844</issue>
+  <issue tracker="cve" id="2025-46818">cve#2025-46818 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-46818</issue>
+  <issue tracker="bnc" id="1250995">VUL-0: CVE-2025-49844,CVE-2025-46817,CVE-2025-46818,CVE-2025-46819: valkey,redis,redis7: multiple LUA issues</issue>
+  <issue tracker="bnc" id="1252996">VUL-0: CVE-2025-62507: redis,redis7,valkey: XACKDEL - potential stack overflow and RCE</issue>
+  <issue tracker="cve" id="2025-46819">cve#2025-46819 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-46819</issue>
+  <packager>ateixeira</packager>
+  <rating>critical</rating>
+  <category>security</category>
+  <summary>Security update for redis</summary>
+  <description>This update for redis fixes the following issues:
+
+- Updated to 8.2.3 (boo#1252996 CVE-2025-62507)
+  * https://github.com/redis/redis/releases/tag/8.2.3
+  - Security fixes
+    - (CVE-2025-62507) Bug in `XACKDEL` may lead to stack overflow
+      and potential RCE
+  - Bug fixes
+    - `HGETEX`: A missing `numfields` argument when `FIELDS` is
+      used can lead to Redis crash
+    - An overflow in `HyperLogLog` with 2GB+ entries may result in
+      a Redis crash
+    - Cuckoo filter - Division by zero in Cuckoo filter insertion
+    - Cuckoo filter - Counter overflow
+    - Bloom filter - Arbitrary memory read/write with invalid
+      filter
+    - Bloom filter - Out-of-bounds access with empty chain
+    - Top-k - Out-of-bounds access
+    - Bloom filter - Restore invalid filter [We thank AWS security
+      for responsibly disclosing the security bug]
+
+- Updated to 8.2.2 (boo#1250995)
+  * https://github.com/redis/redis/releases/tag/8.2.2
+  * Fixed Lua script may lead to remote code execution (CVE-2025-49844).
+  * Fixed Lua script may lead to integer overflow (CVE-2025-46817).
+  * Fixed Lua script can be executed in the context of another user
+    (CVE-2025-46818).
+  * Fixed LUA out-of-bound read (CVE-2025-46819).
+  * Fixed potential crash on Lua script or streams and HFE defrag.
+  * Fixed potential crash when using ACL rules.
+  * Added VSIM: new EPSILON argument to specify maximum distance.
+  * Added SVS-VAMANA: allow use of BUILD_INTEL_SVS_OPT flag.
+  * Added RESP3 serialization performance.
+  * Added INFO SEARCH: new SVS-VAMANA metrics.
+
+- Updated to 8.2.1
+  * https://github.com/redis/redis/releases/tag/8.2.1
+  - Bug fixes
+    * #14240 INFO KEYSIZES - potential incorrect histogram updates
+      on cluster mode with modules
+    * #14274 Disable Active Defrag during flushing replica
+    * #14276 XADD or XTRIM can crash the server after loading RDB
+    * #Q6601 Potential crash when running FLUSHDB (MOD-10681)
+  * Performance and resource utilization
+    * Query Engine - LeanVec and LVQ proprietary Intel
+      optimizations were removed from Redis Open Source
+    * #Q6621 Fix regression in INFO (MOD-10779)
+</description>
+  <package>redis</package>
+  <seperate_build_arch/>
+</patchinfo>
diff --git a/redis b/redis
index 17306a0..b68befe 160000
--- a/redis
+++ b/redis
@@ -1 +1 @@
-Subproject commit 17306a0a532803d605ecb04f7a061b7b96020b33029d9c1e328c747dc84f160f
+Subproject commit b68befea6b91488a763c0a7fe0a9a825fa4e01006261b48928de69eb9e6c74f2
-- 
2.51.1


From ba6df4c40635e69b59142250f39da2988af3cb2daf420aa89d41d7bae5285254 Mon Sep 17 00:00:00 2001
From: Robert Frohl <rfrohl@noreply.src.opensuse.org>
Date: Thu, 27 Nov 2025 15:50:22 +0100
Subject: [PATCH 2/2] Update
 patchinfo.20251126120323268597.93181000773252/_patchinfo

removed <seperate_build_arch/>
---
 patchinfo.20251126120323268597.93181000773252/_patchinfo | 1 -
 1 file changed, 1 deletion(-)

diff --git a/patchinfo.20251126120323268597.93181000773252/_patchinfo b/patchinfo.20251126120323268597.93181000773252/_patchinfo
index 5bc834c..92f6cc7 100644
--- a/patchinfo.20251126120323268597.93181000773252/_patchinfo
+++ b/patchinfo.20251126120323268597.93181000773252/_patchinfo
@@ -59,5 +59,4 @@
     * #Q6621 Fix regression in INFO (MOD-10779)
 </description>
   <package>redis</package>
-  <seperate_build_arch/>
 </patchinfo>
-- 
2.51.1