File _patchinfo of Package patchinfo.29845

<patchinfo incident="29845">
  <issue tracker="cve" id="2022-36021"/>
  <issue tracker="cve" id="2022-24834"/>
  <issue tracker="cve" id="2023-36824"/>
  <issue tracker="cve" id="2023-28856"/>
  <issue tracker="cve" id="2023-25155"/>
  <issue tracker="cve" id="2023-28425"/>
  <issue tracker="bnc" id="1213193">VUL-0: CVE-2022-24834: redis: heap overflow in the cjson and cmsgpack libraries</issue>
  <issue tracker="bnc" id="1213249">VUL-0: CVE-2023-36824: redis: redis: heap overflow in COMMAND GETKEYS and ACL evaluation</issue>
  <issue tracker="bnc" id="1208790">VUL-0: CVE-2022-36021: redis: redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow</issue>
  <issue tracker="bnc" id="1210548">VUL-0: CVE-2023-28856: redis: HINCRBYFLOAT invalid key crash</issue>
  <issue tracker="bnc" id="1208793">VUL-0: CVE-2023-25155: redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow</issue>
  <issue tracker="bnc" id="1209528">VUL-0: CVE-2023-28425: redis: specially crafted MSETNX command can lead to assertion and denial-of-service</issue>
  <packager>dspinella</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for redis7</summary>
  <description>This update for redis7 fixes the following issues:

  - CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries (bsc#1213193).
  - CVE-2023-28856: Fixed HINCRBYFLOAT invalid key crash (bsc#1210548).
  - CVE-2022-36021: Fixed integer overflow via Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD (bsc#1208790).
  - CVE-2023-25155: Fixed Integer Overflow in RAND commands (bsc#1208793).
  - CVE-2023-28425: Fixed denial-of-service via Specially crafted MSETNX command (bsc#1209528).
  - CVE-2023-36824: Fixed heap overflow in COMMAND GETKEYS and ACL evaluation (bsc#1213249).
</description>
</patchinfo>