|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2025-a10fad6506 (gitleaks)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 42 Update: gitleaks-8.29.0-1.fc42


Date:
              Fri, 14 Nov 2025 00:56:50 +0000


Message-ID:
              <20251114005650.79DA26C8DD@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a10fad6506
2025-11-14 00:51:38.962233+00:00
--------------------------------------------------------------------------------

Name        : gitleaks
Product     : Fedora 42
Version     : 8.29.0
Release     : 1.fc42
URL         : https://github.com/zricethezav/gitleaks
Summary     : Scan git repos (or files) for secrets using regex and entropy
Description :
Scan git repos (or files) for secrets using regex and entropy.

--------------------------------------------------------------------------------
Update Information:

Update to 8.29.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  5 2025 Packit <hello@packit.dev> - 8.29.0-1
- Update to 8.29.0 upstream release
- Resolves: rhbz#2412408
* Fri Oct 10 2025 Alejandro Sáez <asm@redhat.com> - 8.28.0-2
- rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2398693 - CVE-2025-47910 gitleaks: CrossOriginProtection bypass in net/http
[fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2398693
  [ 2 ] Bug #2399374 - CVE-2025-47906 gitleaks: Unexpected paths returned from LookPath in os/exec
[fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2399374
  [ 3 ] Bug #2403150 - CVE-2025-11579 gitleaks: RarDecode Out Of Memory Crash [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2403150
  [ 4 ] Bug #2407897 - CVE-2025-58189 gitleaks: go crypto/tls ALPN negotiation error contains
attacker controlled information [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2407897
  [ 5 ] Bug #2408173 - CVE-2025-58189 gitleaks: go crypto/tls ALPN negotiation error contains
attacker controlled information [fedora-43]
        https://bugzilla.redhat.com/show_bug.cgi?id=2408173
  [ 6 ] Bug #2408645 - CVE-2025-61725 gitleaks: Excessive CPU consumption in ParseAddress in
net/mail [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2408645
  [ 7 ] Bug #2408707 - CVE-2025-61725 gitleaks: Excessive CPU consumption in ParseAddress in
net/mail [fedora-43]
        https://bugzilla.redhat.com/show_bug.cgi?id=2408707
  [ 8 ] Bug #2409366 - CVE-2025-61723 gitleaks: Quadratic complexity when parsing some invalid
inputs in encoding/pem [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409366
  [ 9 ] Bug #2409643 - CVE-2025-61723 gitleaks: Quadratic complexity when parsing some invalid
inputs in encoding/pem [fedora-43]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409643
  [ 10 ] Bug #2410316 - CVE-2025-58185 gitleaks: Parsing DER payload can cause memory exhaustion in
encoding/asn1 [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2410316
  [ 11 ] Bug #2410594 - CVE-2025-58185 gitleaks: Parsing DER payload can cause memory exhaustion in
encoding/asn1 [fedora-43]
        https://bugzilla.redhat.com/show_bug.cgi?id=2410594
  [ 12 ] Bug #2411217 - CVE-2025-58188 gitleaks: Panic when validating certificates with DSA public
keys in crypto/x509 [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2411217
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a10fad6506' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------





Attachment: None (type=text/plain)

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds