pool/python-Authlib
SHA256
17
0
Fork 4
Code Issues Pull Requests 1 Activity

CVE-2025-68158: 1-click account takeover in applications that use the Authlib library (bsc#1256414) #2

Open
nkrapp wants to merge 1 commits from nkrapp/python-Authlib:leap-16.1 into leap-16.1
pull from: nkrapp/python-Authlib:leap-16.1
merge into: pool:leap-16.1
Conversation 4 Commits 1 Files Changed 3 +158
nkrapp commented 2026-03-09 14:35:43 +01:00
Contributor
Copy Link
  • added CVE-2025-68158.patch
* added CVE-2025-68158.patch
nkrapp added 1 commit 2026-03-09 14:35:44 +01:00
CVE-2025-68158: 1-click account takeover in applications that use the Authlib library (bsc#1256414) dd0d68e448 
* added CVE-2025-68158.patch
autogits_workflow_pr_bot requested review from legaldb 2026-03-09 14:37:10 +01:00
autogits_workflow_pr_bot requested review from packagehub-review 2026-03-09 14:37:10 +01:00
packagehub-review requested review from bigironman 2026-03-09 14:42:18 +01:00
packagehub-review requested review from lkocman-factory 2026-03-09 14:42:18 +01:00
packagehub-review requested review from maxlin_factory 2026-03-09 14:42:18 +01:00
packagehub-review requested review from smithfarm 2026-03-09 14:42:19 +01:00
packagehub-review commented 2026-03-09 14:42:19 +01:00
Member
Copy Link

Review by packagehub-review represents a group of reviewers: bigironman, lkocman-factory, maxlin_factory, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @packagehub-review: approve.
To request changes on behalf of the group, create the following comment: @packagehub-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by packagehub-review represents a group of reviewers: bigironman, lkocman-factory, maxlin_factory, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@packagehub-review: approve`. To request changes on behalf of the group, create the following comment: `@packagehub-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
autogits_obs_staging_bot commented 2026-03-09 14:43:50 +01:00
First-time contributor
Copy Link

Build successful, for more information go in https://build.opensuse.org/project/show/openSUSE:Backports:SLE-16.1:PullRequest:511.

Build successful, for more information go in https://build.opensuse.org/project/show/openSUSE:Backports:SLE-16.1:PullRequest:511.
legaldb commented 2026-03-09 14:47:26 +01:00
Member
Copy Link

Legal reviewed as acceptable:

Accepted because previously reviewed under the same license (381140)
Legal reviewed as [acceptable](https://legaldb.suse.de/reviews/details/509568): ``` Accepted because previously reviewed under the same license (381140) ```
report.md
1.0 KiB
legaldb approved these changes 2026-03-09 14:47:27 +01:00
This pull request has official review requests.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u leap-16.1:nkrapp-leap-16.1
git checkout nkrapp-leap-16.1
Sign in to join this conversation.
Reviewers
No Reviewers
packagehub-review
lkocman-factory
maxlin_factory
bigironman
smithfarm
legaldb
Labels
Clear labels
legaldb
Critical Priority
Critical legaldb priority
Archived
legaldb
High Priority
2
High legaldb priority
legaldb
Normal Priority
1
Normal legaldb priority
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm_super adrianSuSE autobuild-owner autobuild-review autogits_workflow_pr_bot bigironman dirkmueller eroca factory_bot gitea_test legaldb lkocman-factory maxlin_factory opensuse-review packagehub-review smithfarm
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: pool/python-Authlib#2
Delete Branch "nkrapp/python-Authlib:leap-16.1"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?