openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2025:0021-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.18.1.2025.0021.1

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (openSUSE-SU-2025:0021-1)

Resumen: The remote host is missing an update for the 'gh' package(s) announced via the openSUSE-SU-2025:0021-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'gh' package(s) announced via the openSUSE-SU-2025:0021-1 advisory.

Vulnerability Insight:
This update for gh fixes the following issues:

- Update to version 2.65.0:
* Bump cli/go-gh for indirect security vulnerability
* Panic mustParseTrackingRef if format is incorrect
* Move trackingRef into pr create package
* Make tryDetermineTrackingRef tests more respective of reality
* Rework tryDetermineTrackingRef tests
* Avoid pointer return from determineTrackingBranch
* Doc determineTrackingBranch
* Don't use pointer for determineTrackingBranch branchConfig
* Panic if tracking ref can't be reconstructed
* Document and rework pr create tracking branch lookup
* Upgrade generated workflows
* Fixed test for stdout in non-tty use case of repo fork
* Fix test
* Alternative: remove LocalBranch from BranchConfig
* Set LocalBranch even if the git config fails
* Add test for permissions check for security and analysis edits (#1)
* print repo url to stdout
* Update pkg/cmd/auth/login/login.go
* Move mention of classic token to correct line
* Separate type decrarations
* Add mention of classic token in gh auth login docs
* Update pkg/cmd/repo/create/create.go
* docs(repo): make explicit which branch is used when creating a repo
* fix(repo fork): add non-TTY output when fork is newly created
* Move api call to editRun
* Complete get -> list renaming
* Better error testing for autolink TestListRun
* Decode instead of unmarshal
* Use 'list' instead of 'get' for autolink list type and method
* Remove NewAutolinkClient
* Break out autolink list json fields test
* PR nits
* Refactor autolink subcommands into their own packages
* Whitespace
* Refactor out early return in test code
* Add testing for AutoLinkGetter
* Refactor autolink list and test to use http interface for simpler testing
* Apply PR comment changes
* Introduce repo autolinks list commands
* Remove release discussion posts and clean up related block in deployment yml
* Extract logic into helper function
* add pending status for workflow runs
* Feat: Allow setting security_and_analysis settings in gh repo edit
* Upgrade golang.org/x/net to v0.33.0
* Document SmartBaseRepoFunc
* Document BaseRepoFunc
* Update releasing.md
* Document how to set gh-merge-base

- Update to version 2.64.0:
* add test for different SAN and SourceRepositoryURI values
* add test for signerRepo and tenant
* add some more fields to test that san, sanregex are set properly
* Bump github.com/cpuguy83/go-md2man/v2 from 2.0.5 to 2.0.6
* update san and sanregex configuration for readability
* reduce duplication when creating policy content
* tweak output of build policy info
* Name conditionals in PR finder
* Support pr view for intra-org forks
* Return err instead of silentError in merge queue check
* linting pointed out this var is no longer used
* Removed fun, but inaccessible ASCII header
* further tweaks to the long description
* Exit on pr merge with `-d` and merge queue
* Addressed ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'gh' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-52308

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.1.2025.0021.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (openSUSE-SU-2025:0021-1)
Resumen:	The remote host is missing an update for the 'gh' package(s) announced via the openSUSE-SU-2025:0021-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gh' package(s) announced via the openSUSE-SU-2025:0021-1 advisory. Vulnerability Insight: This update for gh fixes the following issues: - Update to version 2.65.0: * Bump cli/go-gh for indirect security vulnerability * Panic mustParseTrackingRef if format is incorrect * Move trackingRef into pr create package * Make tryDetermineTrackingRef tests more respective of reality * Rework tryDetermineTrackingRef tests * Avoid pointer return from determineTrackingBranch * Doc determineTrackingBranch * Don't use pointer for determineTrackingBranch branchConfig * Panic if tracking ref can't be reconstructed * Document and rework pr create tracking branch lookup * Upgrade generated workflows * Fixed test for stdout in non-tty use case of repo fork * Fix test * Alternative: remove LocalBranch from BranchConfig * Set LocalBranch even if the git config fails * Add test for permissions check for security and analysis edits (#1) * print repo url to stdout * Update pkg/cmd/auth/login/login.go * Move mention of classic token to correct line * Separate type decrarations * Add mention of classic token in gh auth login docs * Update pkg/cmd/repo/create/create.go * docs(repo): make explicit which branch is used when creating a repo * fix(repo fork): add non-TTY output when fork is newly created * Move api call to editRun * Complete get -> list renaming * Better error testing for autolink TestListRun * Decode instead of unmarshal * Use 'list' instead of 'get' for autolink list type and method * Remove NewAutolinkClient * Break out autolink list json fields test * PR nits * Refactor autolink subcommands into their own packages * Whitespace * Refactor out early return in test code * Add testing for AutoLinkGetter * Refactor autolink list and test to use http interface for simpler testing * Apply PR comment changes * Introduce repo autolinks list commands * Remove release discussion posts and clean up related block in deployment yml * Extract logic into helper function * add pending status for workflow runs * Feat: Allow setting security_and_analysis settings in gh repo edit * Upgrade golang.org/x/net to v0.33.0 * Document SmartBaseRepoFunc * Document BaseRepoFunc * Update releasing.md * Document how to set gh-merge-base - Update to version 2.64.0: * add test for different SAN and SourceRepositoryURI values * add test for signerRepo and tenant * add some more fields to test that san, sanregex are set properly * Bump github.com/cpuguy83/go-md2man/v2 from 2.0.5 to 2.0.6 * update san and sanregex configuration for readability * reduce duplication when creating policy content * tweak output of build policy info * Name conditionals in PR finder * Support pr view for intra-org forks * Return err instead of silentError in merge queue check * linting pointed out this var is no longer used * Removed fun, but inaccessible ASCII header * further tweaks to the long description * Exit on pr merge with `-d` and merge queue * Addressed ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'gh' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-52308
Copyright	Copyright (C) 2025 Greenbone AG