patchinfo.20251127122850445245.93181000773252/_patchinfo

@@ -0,0 +1,65 @@
+<patchinfo>
+  <issue tracker="bnc" id="1243954">VUL-0: CVE-2025-29785: shadowsocks-v2ray-plugin: github.com/quic-go/quic-go/internal/ackhandler: loss recovery logic for path probe packets can be used by a malicious QUIC client to trigger a null pointer dereference</issue>
+  <issue tracker="cve" id="2025-47911">cve#2025-47911 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-47911</issue>
+  <issue tracker="bnc" id="1243946">VUL-0: CVE-2025-29785: v2ray-core: github.com/quic-go/quic-go/internal/ackhandler: loss recovery logic for path probe packets can be used by a malicious QUIC client to trigger a null pointer dereference</issue>
+  <issue tracker="cve" id="2025-297850">cve#2025-297850 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-297850</issue>
+  <issue tracker="bnc" id="1251404">VUL-0: CVE-2025-47911: v2ray-core: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <issue tracker="bnc" id="1235164">VUL-0: CVE-2023-49295: v2ray-core: github.com/quic-go/quic-go: memory exhaustion attack against QUIC's path validation mechanism</issue>
+  <packager>hillwood</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for shadowsocks-v2ray-plugin, v2ray-core</summary>
+  <description>This update for shadowsocks-v2ray-plugin, v2ray-core fixes the following issues:
+
+Changes in shadowsocks-v2ray-plugin:
+
+- Update version to 5.25.0
+  * Update v2ray-core to v5.25.0
+- Add update-vendor.patch, update v2ray-core to v5.33.0 (boo#1243954 and CVE-2025-297850)
+
+Changes in v2ray-core:
+
+- Fix CVE-2025-47911 and boo#1251404
+  * Add fix-CVE-2025-47911.patch
+  * Update golang.org/x/net to 0.45.0 in vendor
+
+- Update version to 5.38.0
+  * TLSMirror Connection Enrollment System
+  * Add TLSMirror Sequence Watermarking
+  * LSMirror developer preview protocol is now a part of mainline V2Ray
+  * proxy dns with NOTIMP error
+  * Add TLSMirror looks like TLS censorship resistant transport protocol
+    as a developer preview transport
+  * proxy dns with NOTIMP error
+  * fix false success from SOCKS server when Dispatch() fails
+  * HTTP inbound: Directly forward plain HTTP 1xx response header
+  * add a option to override domain used to query https record
+  * Fix bugs
+  * Update vendor
+
+- Update version to 5.33.0
+  * bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850)
+  * Update other vendor source
+
+- Update version to 5.31.0
+  * Add Dns Proxy Response TTL Control
+  * Fix call newError Base with a nil value error
+  * Update vendor (boo#1235164)
+
+- Update version to 5.29.3
+  * Enable restricted mode load for http protocol client
+  * Correctly implement QUIC sniffer when handling multiple initial packets
+  * Fix unreleased cache buffer in QUIC sniffing
+  * A temporary testing fix for the buffer corruption issue
+  * QUIC Sniffer Restructure
+
+- Update version to 5.22.0
+  * Add packetEncoding for Hysteria
+  * Add ECH Client Support
+  * Add support for parsing some shadowsocks links
+  * Add Mekya Transport
+  * Fix bugs
+</description>
+  <package>shadowsocks-v2ray-plugin</package>
+  <package>v2ray-core</package>
+</patchinfo>