pool/vexctl
SHA256
18
0
Fork 0
Code Issues Pull Requests Activity
15 Commits 3 Branches 0 Tags
factory
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dominique Leuenberger 334cf1deb5 Accepting request 1333820 from devel:languages:go 
- Update to version 0.4.1+git78.f951e3a:
  * Bump chainguard-dev/actions from 1.6.1 to 1.6.2 in the all group
- Security vulnerability advisements: Go code or dependencies cited
  in CVE reports are addressed or closed in this or previous
  releases. Eventually vexctl will be used to provide structured
  data documents with these use-specific advisements in a
  standardized computer readable format.
  * Fix bsc#1239186 CVE-2025-22868: vexctl: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2
    - govulncheck reports current version not affected by this CVE
    - golang.org/x/oauth2/jws is not used in current version
  * Fix bsc#1234486 CVE-2024-45337: vexctl: golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
    - govulncheck reports current version not affected by this CVE
    - golang.org/x/crypto/ssh is not used in current version
  * Fix bsc#1237611 CVE-2025-27144: vexctl: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service
    - govulncheck reports current version not affected by this CVE
    - github.com/go-jose/go-jose/v4   v4.1.3
  * Fix bsc#1238683 CVE-2025-22870: vexctl: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs
    - govulncheck reports current version not affected by this CVE
    - golang.org/x/net/proxy is not used in current version
  * Fix bsc#1239323 CVE-2025-22869: vexctl: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
    - govulncheck reports current version not affected by this CVE
    - golang.org/x/crypto/ssh is not used in current version
  * Fix bsc#1240444 CVE-2025-30204: vexctl: github.com/golang-jwt/jwt/v4: jwt-go allows excessive memory allocation during header parsing
    - govulncheck reports current version not affected by this CVE
    - github.com/golang-jwt/jwt/v4    v4.5.2
  * Fix bsc#1253802 CVE-2025-58181: vexctl: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption
    - govulncheck reports current version not affected by this CVE
    - golang.org/x/crypto/ssh is not used in current version
  * Fix bsc#1256535 CVE-2026-22772: vexctl: github.com/sigstore/fulcio: bypass MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services
    - govulncheck reports current version not affected by this CVE (forwarded request 1333819 from jfkw)

OBS-URL: https://build.opensuse.org/request/show/1333820
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vexctl?expand=0&rev=7
2026-02-19 13:21:33 +00:00
_service
- Update to version 0.4.1+git78.f951e3a:
2026-02-18 20:51:38 +00:00
_servicedata
- Update to version 0.4.1+git78.f951e3a:
2026-02-18 20:51:38 +00:00
.gitattributes
- Update to version 0.4.1+git78.f951e3a:
2026-02-18 20:51:38 +00:00
.gitignore
- Update to version 0.4.1+git78.f951e3a:
2026-02-18 20:51:38 +00:00
vendor.tar.gz
- Update to version 0.4.1+git78.f951e3a:
2026-02-18 20:51:38 +00:00
vexctl-0.4.1+git78.f951e3a.tar.gz
- Update to version 0.4.1+git78.f951e3a:
2026-02-18 20:51:38 +00:00
vexctl.changes
- Update to version 0.4.1+git78.f951e3a:
2026-02-18 20:51:38 +00:00
vexctl.spec
- Update to version 0.4.1+git78.f951e3a:
2026-02-18 20:51:38 +00:00
Description
No description provided
12 MiB
Languages
RPM Spec 100%