openSUSE-SU-2024:0227-1: moderate: Security update for gh
openSUSE-SU-2024:0225-1: moderate: Security update for assimp
openSUSE-SU-2024:0227-1: moderate: Security update for gh
openSUSE Security Update: Security update for gh
_______________________________
Announcement ID: openSUSE-SU-2024:0227-1
Rating: moderate
References: #1227035
Cross-References: CVE-2024-6104
CVSS scores:
CVE-2024-6104 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2024-6104 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for gh fixes the following issues:
Update to version 2.53.0:
* CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive
information to log file (boo#1227035)
* Disable `TestGetTrustedRoot/successfully_verifies_TUF_root` test due to
https://github.com/cli/cli/issues/8928
* Rename package directory and files
* Rename package name to `update_branch`
* Rename `gh pr update` to `gh pr update-branch`
* Add test case for merge conflict error
* Handle merge conflict error
* Return error if PR is not mergeable
* Replace literals with consts for `Mergeable` field values
* Add separate type for `PullRequest.Mergeable` field
* Remove unused flag
* Print message on stdout instead of stderr
* Raise error if editor is used in non-tty mode
* Add tests for JSON field support on issue and pr view commands
* docs: Update documentation for `gh repo create` to clarify owner
* Ensure PR does not panic when stateReason is requested
* Add `createdAt` field to tests
* Add `createdAt` field to `Variable` type
* Add test for exporting as JSON
* Add test for JSON output
* Only populate selected repo information for JSON output
* Add test to verify JSON exporter gets set
* Add `--json` option support
* Use `Variable` type defined in `shared` package
* Add tests for JSON output
* Move `Variable` type and `PopulateSelectedRepositoryInformation` func to
shared
* Fix query parameter name
* Update tests to account for ref comparison step
* Improve query variable names
* Check if PR branch is already up-to-date
* Add `ComparePullRequestBaseBranchWith` function
* Run `go mod tidy`
* Add test to verify `--repo` requires non-empty selector
* Require non-empty selector when `--repo` override is used
* Run `go mod tidy`
* Register `update` command
* Add tests for `pr update` command
* Add `pr update` command
* Add `UpdatePullRequestBranch` method
* Upgrade `shurcooL/githubv4`
Update to version 2.52.0:
* Attestation Verification - Buffer Fix
* Remove beta note from attestation top level command
* Removed beta note from `gh at download`.
* Removed beta note from `gh at verify`, clarified reusable workflows use
case.
* add `-a` flag to `gh run list`
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-227=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
gh-2.53.0-bp155.2.12.1
- openSUSE Backports SLE-15-SP5 (noarch):
gh-bash-completion-2.53.0-bp155.2.12.1
gh-fish-completion-2.53.0-bp155.2.12.1
gh-zsh-completion-2.53.0-bp155.2.12.1
References:
https://www.suse.com/security/cve/CVE-2024-6104.html
https://bugzilla.suse.com/1227035
openSUSE-SU-2024:0225-1: moderate: Security update for assimp
openSUSE Security Update: Security update for assimp
_______________________________
Announcement ID: openSUSE-SU-2024:0225-1
Rating: moderate
References: #1218474 #1228142
Cross-References: CVE-2024-40724
CVSS scores:
CVE-2024-40724 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for assimp fixes the following issues:
- CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer
class (boo#1228142),
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-225=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 ppc64le s390x x86_64):
assimp-devel-5.2.5-bp155.2.3.1
libassimp5-5.2.5-bp155.2.3.1
References:
https://www.suse.com/security/cve/CVE-2024-40724.html
https://bugzilla.suse.com/1218474
https://bugzilla.suse.com/1228142
