[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2025:20143-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":28,"duplicates":29,"related":30,"reserved_at":9,"published_at":38,"modified_at":39,"state":9,"summary":40,"references_raw":42,"kevs":102,"epss":9,"epss_history":103,"metrics":104,"affected":105},"OPENSUSE-SU-2025:20143-1","Security update for git-bug\n\nThis update for git-bug fixes the following issues:\n\nChanges in git-bug:\n\n- Revendor to include fixed version of depending libraries:\n  - GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade\n    golang.org/x/crypto to v0.43.0\n  - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade\n    github.com/go-viper/mapstructure/v2 to v2.4.0\n  - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous\n  - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade\n    github.com/cloudflare/circl to v1.6.1\n  - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade\n    golang.org/x/crypto/ssh to v0.45.0\n  - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade\n    golang.org/x/crypto/ssh/agent to v0.45.0\n\n- Revendor to include golang.org/x/net/html v 0.45.0 to prevent\n  possible DoS by various algorithms with quadratic complexity\n  when parsing HTML documents (bsc#1251463, CVE-2025-47911 and\n  bsc#1251664, CVE-2025-58190).\n\nUpdate to version 0.10.1:\n\n  - cli: ignore missing sections when removing configuration (ddb22a2f)\n\nUpdate to version 0.10.0:\n\n  - bridge: correct command used to create a new bridge (9942337b)\n  - web: simplify header navigation (7e95b169)\n  - webui: remark upgrade + gfm + syntax highlighting (6ee47b96)\n  - BREAKING CHANGE: dev-infra: remove gokart (89b880bd)\n\nUpdate to version 0.10.0:\n\n  - bridge: correct command used to create a new bridge (9942337b)\n  - web: simplify header navigation (7e95b169)\n  - web: remark upgrade + gfm + syntax highlighting (6ee47b96)\n\nUpdate to version 0.9.0:\n\n  - completion: remove errata from string literal (aa102c91)\n  - tui: improve readability of the help bar (23be684a)\n\nUpdate to version 0.8.1+git.1746484874.96c7a111:\n\n  * docs: update install, contrib, and usage documentation (#1222)\n  * fix: resolve the remote URI using url.*.insteadOf (#1394)\n  * build(deps): bump the go_modules group across 1 directory with 3 updates (#1376)\n  * chore: gofmt simplify gitlab/export_test.go (#1392)\n  * fix: checkout repo before setting up go environment (#1390)\n  * feat: bump to go v1.24.2 (#1389)\n  * chore: update golang.org/x/net (#1379)\n  * fix: use -0700 when formatting time (#1388)\n  * fix: use correct url for gitlab PATs (#1384)\n  * refactor: remove depdendency on pnpm for auto-label action (#1383)\n  * feat: add action: auto-label (#1380)\n  * feat: remove lifecycle/frozen (#1377)\n  * build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378)\n  * feat: support new exclusion label: lifecycle/pinned (#1375)\n  * fix: refactor how gitlab title changes are detected (#1370)\n  * revert: \"Create Dependabot config file\" (#1374)\n  * refactor: rename //:git-bug.go to //:main.go (#1373)\n  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361)\n  * fix: set GitLastTag to an empty string when git-describe errors (#1355)\n  * chore: update go-git to v5@masterupdate_mods (#1284)\n  * refactor: Directly swap two variables to optimize code (#1272)\n  * Update README.md Matrix link to new room (#1275)\n\n- Update to version 0.8.0+git.1742269202.0ab94c9:\n  * deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312)\n\n- Update golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494,\n  CVE-2025-22869).\n\n- Add missing Requires to completion subpackages.\n\nUpdate to version 0.8.0+git.1733745604.d499b6e:\n\n  * fix typos in docs (#1266)\n  * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289)\n\n- bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337, bsc#1234565).\n",null,[],[],[],[14,16,18,20,22,24,26],{"_key":15},"CVE-2024-45337",{"_key":17},"CVE-2025-22869",{"_key":19},"CVE-2025-47911",{"_key":21},"CVE-2025-47913",{"_key":23},"CVE-2025-47914",{"_key":25},"CVE-2025-58181",{"_key":27},"CVE-2025-58190",[],[],[31,32,33,34,35,36,37],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},"2025-12-04T13:08:26Z","2026-03-23T04:54:18.421872Z",{"cisa_kev":41,"cisa_ransomware":41,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[43,49,53,57,61,65,69,73,78,82,86,90,94,98],{"url":44,"sources":45,"tags":47},"https://bugzilla.suse.com/1234565",[46],"osv_opensuse",[48],"REPORT",{"url":50,"sources":51,"tags":52},"https://bugzilla.suse.com/1239494",[46],[48],{"url":54,"sources":55,"tags":56},"https://bugzilla.suse.com/1251463",[46],[48],{"url":58,"sources":59,"tags":60},"https://bugzilla.suse.com/1251664",[46],[48],{"url":62,"sources":63,"tags":64},"https://bugzilla.suse.com/1253506",[46],[48],{"url":66,"sources":67,"tags":68},"https://bugzilla.suse.com/1253930",[46],[48],{"url":70,"sources":71,"tags":72},"https://bugzilla.suse.com/1254084",[46],[48],{"url":74,"sources":75,"tags":76},"https://www.suse.com/security/cve/CVE-2024-45337",[46],[77],"WEB",{"url":79,"sources":80,"tags":81},"https://www.suse.com/security/cve/CVE-2025-22869",[46],[77],{"url":83,"sources":84,"tags":85},"https://www.suse.com/security/cve/CVE-2025-47911",[46],[77],{"url":87,"sources":88,"tags":89},"https://www.suse.com/security/cve/CVE-2025-47913",[46],[77],{"url":91,"sources":92,"tags":93},"https://www.suse.com/security/cve/CVE-2025-47914",[46],[77],{"url":95,"sources":96,"tags":97},"https://www.suse.com/security/cve/CVE-2025-58181",[46],[77],{"url":99,"sources":100,"tags":101},"https://www.suse.com/security/cve/CVE-2025-58190",[46],[77],[],[],[],[106],{"ecosystem":107,"name":108,"vendor":109,"product":110,"cpe_part":9,"purl_type":111,"purl_namespace":109,"purl_name":110,"source":9,"versions":112},"openSUSE","git-bug","opensuse","git-bug&distro=openSUSE Leap 16.0","rpm",[113],{"version":114,"is_range":115,"range_type":116,"version_start":9,"version_start_type":9,"version_end":117,"version_end_type":118,"fixed_in":9},"lt0_10_1_bp160_1_1",true,"ecosystem","0.10.1-bp160.1.1","excluding"]