SUSE alert openSUSE-SU-2025:0418-1 (git-bug)
| From: | opensuse-security@opensuse.org | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2025:0418-1: moderate: Security update for git-bug | |
| Date: | Sun, 02 Nov 2025 09:06:25 +0100 | |
| Message-ID: | <20251102080625.28E16FB9B@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE Security Update: Security update for git-bug ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0418-1 Rating: moderate References: #1251463 #1251664 Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58190 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git-bug fixes the following issues: - Revendor to include golang.org/x/net/html v 0.45.0 to prevent possible DoS by various algorithms with quadratic complexity when parsing HTML documents (boo#1251463, CVE-2025-47911 and boo#1251664, CVE-2025-58190). - Update to version 0.10.1: - cli: ignore missing sections when removing configuration (ddb22a2f) - Update to version 0.10.0: - bridge: correct command used to create a new bridge (9942337b) - web: simplify header navigation (7e95b169) - webui: remark upgrade + gfm + syntax highlighting (6ee47b96) - BREAKING CHANGE: dev-infra: remove gokart (89b880bd) - Update to version 0.10.0 - bridge: correct command used to create a new bridge (9942337b) - web: simplify header navigation (7e95b169) - web: remark upgrade + gfm + syntax highlighting (6ee47b96) - Update to version 0.9.0: - completion: remove errata from string literal (aa102c91) - tui: improve readability of the help bar (23be684a) - Update to version 0.8.1+git.1746484874.96c7a111: * docs: update install, contrib, and usage documentation (#1222) * fix: resolve the remote URI using url.*.insteadOf (#1394) * build(deps): bump the go_modules group across 1 directory with 3 updates (#1376) * chore: gofmt simplify gitlab/export_test.go (#1392) * fix: checkout repo before setting up go environment (#1390) * feat: bump to go v1.24.2 (#1389) * chore: update golang.org/x/net (#1379) * fix: use -0700 when formatting time (#1388) * fix: use correct url for gitlab PATs (#1384) * refactor: remove depdendency on pnpm for auto-label action (#1383) * feat: add action: auto-label (#1380) * feat: remove lifecycle/frozen (#1377) * build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378) * feat: support new exclusion label: lifecycle/pinned (#1375) * fix: refactor how gitlab title changes are detected (#1370) * revert: "Create Dependabot config file" (#1374) * refactor: rename //:git-bug.go to //:main.go (#1373) * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361) * fix: set GitLastTag to an empty string when git-describe errors (#1355) * chore: update go-git to v5@masterupdate_mods (#1284) * refactor: Directly swap two variables to optimize code (#1272) * Update README.md Matrix link to new room (#1275) - Update to version 0.8.0+git.1742269202.0ab94c9: * deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2025-418=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): git-bug-0.10.1-bp157.2.3.1 - openSUSE Backports SLE-15-SP7 (noarch): git-bug-bash-completion-0.10.1-bp157.2.3.1 git-bug-fish-completion-0.10.1-bp157.2.3.1 git-bug-zsh-completion-0.10.1-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2025-47911.html https://www.suse.com/security/cve/CVE-2025-58190.html https://bugzilla.suse.com/1251463 https://bugzilla.suse.com/1251664