Stay Secure with the Latest Linux Advisories

security advisorymoderateOpenSUSE

openSUSE gitea-tea Moderate Fix Multiple Issues 2026-0073-1

An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for gitea-tea ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0073-1 Rating: moderate References: Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58190 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gitea-tea fixes the following issues: - update to 0.12.0: * New Features - Add tea actions commands for managing workflow runs and workflows in #880, #796 - Add tea api subcommand for arbitrary API calls not covered by existing commands in #879 - Add repository webhook management commands in #798 - Add JSON output support for single PR view in #864 - Add JSON output and file redirection for issue detail view in #841 - Support creating AGit flow pull requests in #867 * Bug Fixes - Fix authentication via environment variables when specifying repo argument in #809 - Fix issue detail view ignoring --owner flag in #899 - Fix PR create crash in #823 - Fix TTY prompt handling in #897 - Fix termenv OSC RGBA handling in #907 - Fix labels delete command and --id flag type in #865 - Fix delete repo command description in #858 - Fix pagination flags for secrets list, webhooks list, and pull requests list in #853, #852, - #851 - Enable git worktree support and improve PR create error handling in #850 - Only prompt for SSH passphrase whennecessary in #844 - Only prompt for login confirmation when no default login is set in #839 - Skip token uniqueness check when using SSH authentication in #898 - Require non-empty token in GetLoginByToken in #895 - Fix config file permissions to remove group read/write in #856 * Improvements - Add file locking for safe concurrent access to config file in #881 - Improve error messages throughout the CLI in #871 - Send consistent HTTP request headers in #888 - Revert requiring HTTP/HTTPS login URLs; restore SSH as a login method in #891 - Refactor context into dedicated subpackages in #873, #888 - General code cleanup and improvements in #869, #870 - Add test coverage for login matching in #820 * Build & Dependencies - Build with Go 1.25 in #886 - Build for Windows aarch64 - Update Gitea SDK version in #868 - Update Nix flake in #872 - Update dependencies including lipgloss v2, urfave/cli v3.6.2, go-git v5.16.5, and various Go modules in #849, #875, #876, #878, #884, #885, #900, #901, #904, #905 - Update CI actions (checkout v6, setup-go v6) in #882, #883 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-73=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): gitea-tea-0.12.0-bp156.23.1 - openSUSE Backports SLE-15-SP6 (noarch): gitea-tea-bash-completion-0.12.0-bp156.23.1 gitea-tea-zsh-completion-0.12.0-bp156.23.1 References: https://www.suse.com/security/cve/CVE-2025-47911.html https://www.suse.com/security/cve/CVE-2025-58190.html . An update for openSUSE gitea-tea addresses critical issues and enhances functionality, ensuringbetter security and usability.. openSUSE Security,gitea-tea update,API improvements,security fixes,openSUSE update. . LinuxSecurity.com Team

Mar 08, 2026 OpenSUSE