{"affected":[{"ecosystem_specific":{"binaries":[{"git-bug":"0.10.1-bp160.1.1","git-bug-bash-completion":"0.10.1-bp160.1.1","git-bug-fish-completion":"0.10.1-bp160.1.1","git-bug-zsh-completion":"0.10.1-bp160.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"git-bug","purl":"pkg:rpm/opensuse/git-bug&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.1-bp160.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for git-bug fixes the following issues:\n\nChanges in git-bug:\n\n- Revendor to include fixed version of depending libraries:\n  - GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade\n    golang.org/x/crypto to v0.43.0\n  - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade\n    github.com/go-viper/mapstructure/v2 to v2.4.0\n  - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous\n  - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade\n    github.com/cloudflare/circl to v1.6.1\n  - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade\n    golang.org/x/crypto/ssh to v0.45.0\n  - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade\n    golang.org/x/crypto/ssh/agent to v0.45.0\n\n- Revendor to include golang.org/x/net/html v 0.45.0 to prevent\n  possible DoS by various algorithms with quadratic complexity\n  when parsing HTML documents (bsc#1251463, CVE-2025-47911 and\n  bsc#1251664, CVE-2025-58190).\n\nUpdate to version 0.10.1:\n\n  - cli: ignore missing sections when removing configuration (ddb22a2f)\n\nUpdate to version 0.10.0:\n\n  - bridge: correct command used to create a new bridge (9942337b)\n  - web: simplify header navigation (7e95b169)\n  - webui: remark upgrade + gfm + syntax highlighting (6ee47b96)\n  - BREAKING CHANGE: dev-infra: remove gokart (89b880bd)\n\nUpdate to version 0.10.0:\n\n  - bridge: correct command used to create a new bridge (9942337b)\n  - web: simplify header navigation (7e95b169)\n  - web: remark upgrade + gfm + syntax highlighting (6ee47b96)\n\nUpdate to version 0.9.0:\n\n  - completion: remove errata from string literal (aa102c91)\n  - tui: improve readability of the help bar (23be684a)\n\nUpdate to version 0.8.1+git.1746484874.96c7a111:\n\n  * docs: update install, contrib, and usage documentation (#1222)\n  * fix: resolve the remote URI using url.*.insteadOf (#1394)\n  * build(deps): bump the go_modules group across 1 directory with 3 updates (#1376)\n  * chore: gofmt simplify gitlab/export_test.go (#1392)\n  * fix: checkout repo before setting up go environment (#1390)\n  * feat: bump to go v1.24.2 (#1389)\n  * chore: update golang.org/x/net (#1379)\n  * fix: use -0700 when formatting time (#1388)\n  * fix: use correct url for gitlab PATs (#1384)\n  * refactor: remove depdendency on pnpm for auto-label action (#1383)\n  * feat: add action: auto-label (#1380)\n  * feat: remove lifecycle/frozen (#1377)\n  * build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378)\n  * feat: support new exclusion label: lifecycle/pinned (#1375)\n  * fix: refactor how gitlab title changes are detected (#1370)\n  * revert: \"Create Dependabot config file\" (#1374)\n  * refactor: rename //:git-bug.go to //:main.go (#1373)\n  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361)\n  * fix: set GitLastTag to an empty string when git-describe errors (#1355)\n  * chore: update go-git to v5@masterupdate_mods (#1284)\n  * refactor: Directly swap two variables to optimize code (#1272)\n  * Update README.md Matrix link to new room (#1275)\n\n- Update to version 0.8.0+git.1742269202.0ab94c9:\n  * deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312)\n\n- Update golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494,\n  CVE-2025-22869).\n\n- Add missing Requires to completion subpackages.\n\nUpdate to version 0.8.0+git.1733745604.d499b6e:\n\n  * fix typos in docs (#1266)\n  * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289)\n\n- bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337, bsc#1234565).\n","id":"openSUSE-SU-2025-20143-1","modified":"2025-12-04T13:08:26Z","published":"2025-12-04T13:08:26Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1234565"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239494"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251463"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251664"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253506"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253930"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254084"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45337"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22869"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47911"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47913"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47914"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58190"}],"related":["CVE-2024-45337","CVE-2025-22869","CVE-2025-47911","CVE-2025-47913","CVE-2025-47914","CVE-2025-58181","CVE-2025-58190"],"summary":"Security update for git-bug","upstream":["CVE-2024-45337","CVE-2025-22869","CVE-2025-47911","CVE-2025-47913","CVE-2025-47914","CVE-2025-58181","CVE-2025-58190"]}