openSUSE 2026-0171-1 git-bug Important Security Issues Fixed

opensuse

May 20, 2026

An update that fixes 5 vulnerabilities is now available.

Description

This update for git-bug fixes the following issues:

- Fix CVE-2026-1229 and CVE-2026-41506

- CVE-2026-1229: CIRCL has an incorrect calculation in secp384r1

CombinedMult (boo#1265416, GO-2026-4550) update

github.com/cloudflare/circl to v1.6.3

- CVE-2026-41506: HTTP authentication credential leak when following

redirects during smart-HTTP clone and fetch

operations (boo#1264955, GO-2026-4910), update

github.com/go-git/go-git/v5 to v5.17.1

- Revendor to include fixed version of depending libraries:

- GO-2025-4116 (CVE-2025-47913, boo#1253506) upgrade golang.org/x/crypto

to v0.43.0

- GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade

github.com/go-viper/mapstructure/v2 to v2.4.0

- GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous

- GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade github.com/cloudflare/circl

to v1.6.1

- GO-2025-4134 (CVE-2025-58181, boo#1253930) upgrade

...

Read the Full Advisory

Topics Covered

security advisory important credential leak OpenSUSE git-bug calculation error

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-171=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

git-bug-0.10.1-bp157.2.6.1

- openSUSE Backports SLE-15-SP7 (noarch):

git-bug-bash-completion-0.10.1-bp157.2.6.1

git-bug-fish-completion-0.10.1-bp157.2.6.1

git-bug-zsh-completion-0.10.1-bp157.2.6.1

References

https://www.suse.com/security/cve/CVE-2025-47913.html

https://www.suse.com/security/cve/CVE-2025-47914.html

https://www.suse.com/security/cve/CVE-2025-58181.html

https://www.suse.com/security/cve/CVE-2026-1229.html

https://www.suse.com/security/cve/CVE-2026-41506.html

https://bugzilla.suse.com/1253506

https://bugzilla.suse.com/1253930

https://bugzilla.suse.com/1254084

https://bugzilla.suse.com/1264955

https://bugzilla.suse.com/1265416

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2026:0171-1

Rating: important

Affected Products: openSUSE Backports SLE-15-SP7

Topics Covered

security advisory important credential leak OpenSUSE git-bug calculation error

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

openSUSE 2026-0171-1 git-bug Important Security Issues Fixed

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

openSUSE 2026-0171-1 git-bug Important Security Issues Fixed

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!