Ana Guerrero
9457197d71
* Security fixes (over the last releases):
- CVE-2024-6104: rekor: hashicorp/go-retryablehttp: url might write sensitive information to log file (bsc#1227053)
- CVE-2023-45288: rekor: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236519)
- CVE-2025-27144: rekor: gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237638)
- CVE-2025-22868: rekor: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239191)
- CVE-2025-22869: rekor: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239327)
- CVE-2025-30204: rekor: github.com/golang-jwt/jwt/v5: jwt-go allows excessive memory allocation during header parsing (bsc#1240468) (forwarded request 1268973 from msmeissn)
OBS-URL: https://build.opensuse.org/request/show/1268974
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rekor?expand=0&rev=26