OPENSUSE-SU-2025:20143-1

Advisory lineage Upstream: 7 Downstream: 0
Published: 04 Dec 2025, 13:08
Last modified:23 Mar 2026, 04:54

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

04 Dec 2025, 13:08
Published
Vulnerability first disclosed
23 Mar 2026, 04:54
Last Modified
Vulnerability information updated

Description

Security update for git-bug This update for git-bug fixes the following issues: Changes in git-bug: - Revendor to include fixed version of depending libraries: - GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade golang.org/x/crypto to v0.43.0 - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade github.com/go-viper/mapstructure/v2 to v2.4.0 - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade github.com/cloudflare/circl to v1.6.1 - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade golang.org/x/crypto/ssh to v0.45.0 - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade golang.org/x/crypto/ssh/agent to v0.45.0 - Revendor to include golang.org/x/net/html v 0.45.0 to prevent possible DoS by various algorithms with quadratic complexity when parsing HTML documents (bsc#1251463, CVE-2025-47911 and bsc#1251664, CVE-2025-58190). Update to version 0.10.1: - cli: ignore missing sections when removing configuration (ddb22a2f) Update to version 0.10.0: - bridge: correct command used to create a new bridge (9942337b) - web: simplify header navigation (7e95b169) - webui: remark upgrade + gfm + syntax highlighting (6ee47b96) - BREAKING CHANGE: dev-infra: remove gokart (89b880bd) Update to version 0.10.0: - bridge: correct command used to create a new bridge (9942337b) - web: simplify header navigation (7e95b169) - web: remark upgrade + gfm + syntax highlighting (6ee47b96) Update to version 0.9.0: - completion: remove errata from string literal (aa102c91) - tui: improve readability of the help bar (23be684a) Update to version 0.8.1+git.1746484874.96c7a111: * docs: update install, contrib, and usage documentation (#1222) * fix: resolve the remote URI using url.*.insteadOf (#1394) * build(deps): bump the go_modules group across 1 directory with 3 updates (#1376) * chore: gofmt simplify gitlab/export_test.go (#1392) * fix: checkout repo before setting up go environment (#1390) * feat: bump to go v1.24.2 (#1389) * chore: update golang.org/x/net (#1379) * fix: use -0700 when formatting time (#1388) * fix: use correct url for gitlab PATs (#1384) * refactor: remove depdendency on pnpm for auto-label action (#1383) * feat: add action: auto-label (#1380) * feat: remove lifecycle/frozen (#1377) * build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378) * feat: support new exclusion label: lifecycle/pinned (#1375) * fix: refactor how gitlab title changes are detected (#1370) * revert: "Create Dependabot config file" (#1374) * refactor: rename //:git-bug.go to //:main.go (#1373) * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361) * fix: set GitLastTag to an empty string when git-describe errors (#1355) * chore: update go-git to v5@masterupdate_mods (#1284) * refactor: Directly swap two variables to optimize code (#1272) * Update README.md Matrix link to new room (#1275) - Update to version 0.8.0+git.1742269202.0ab94c9: * deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312) - Update golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494, CVE-2025-22869). - Add missing Requires to completion subpackages. Update to version 0.8.0+git.1733745604.d499b6e: * fix typos in docs (#1266) * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289) - bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337, bsc#1234565).

Affected Systems

  • opensusegit-bug&distro=openSUSE Leap 16.0

    < 0.10.1-bp160.1.1

References (14)