From fc7baf3c8d6fbd22b2946ca1ec0d997a2d69ead23b7489ccb87c1e407eb009dd Mon Sep 17 00:00:00 2001
From: Robert Frohl <rfrohl@noreply.src.opensuse.org>
Date: Tue, 6 Jan 2026 11:10:54 +0100
Subject: [PATCH 1/2] Update submodules from pool/trivy#30 and create
 patchinfo.20260106100749431638.93181000773252/_patchinfo

---
 .../_patchinfo                                | 25 +++++++++++++++++++
 trivy                                         |  2 +-
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 patchinfo.20260106100749431638.93181000773252/_patchinfo

diff --git a/patchinfo.20260106100749431638.93181000773252/_patchinfo b/patchinfo.20260106100749431638.93181000773252/_patchinfo
new file mode 100644
index 0000000..708ceae
--- /dev/null
+++ b/patchinfo.20260106100749431638.93181000773252/_patchinfo
@@ -0,0 +1,25 @@
+<patchinfo>
+  <issue tracker="cve" id="2025-58181"/>
+  <issue tracker="cve" id="2025-47913"/>
+  <issue tracker="cve" id="2025-58190"/>
+  <issue tracker="cve" id="2025-47914"/>
+  <issue tracker="cve" id="2025-47911"/>
+  <issue tracker="bnc" id="1253512">VUL-0: CVE-2025-47913: trivy: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request</issue>
+  <issue tracker="bnc" id="1253977">VUL-0: CVE-2025-47914: trivy: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read</issue>
+  <issue tracker="bnc" id="1251547">VUL-0: CVE-2025-58190: trivy: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input</issue>
+  <issue tracker="bnc" id="1251363">VUL-0: CVE-2025-47911: trivy: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <issue tracker="bnc" id="1253786">VUL-0: CVE-2025-58181: trivy: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption</issue>
+  <packager>dirkmueller</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for trivy</summary>
+  <description>This update for trivy fixes the following issues:
+
+- Update to version 0.68.2:
+  * release: v0.68.2 [release/v0.68] (#9950)
+  * fix(deps): bump alpine from `3.22.1` to `3.23.0` [backport: release/v0.68] (#9949)
+  * ci: enable `check-latest` for `setup-go` [backport: release/v0.68] (#9946)
+</description>
+  <package>trivy</package>
+  <seperate_build_arch/>
+</patchinfo>
diff --git a/trivy b/trivy
index cdbf0f0..1901ecd 160000
--- a/trivy
+++ b/trivy
@@ -1 +1 @@
-Subproject commit cdbf0f01cd34ba9d69abc165f1cb9561c3cc8cd09f3c3f24f186ba44617ec872
+Subproject commit 1901ecd77018a9e9571b5e53df8e678c87a1f734550691a5b989d5d7cb425715
-- 
2.51.1


From 41d505f4abd06dc8278449a9ccc945b43e7ad3bec152bb1eceecb774dc21dd28 Mon Sep 17 00:00:00 2001
From: Robert Frohl <rfrohl@noreply.src.opensuse.org>
Date: Wed, 7 Jan 2026 09:51:40 +0100
Subject: [PATCH 2/2] Update
 patchinfo.20260106100749431638.93181000773252/_patchinfo

removed <seperate_build_arch/>
---
 patchinfo.20260106100749431638.93181000773252/_patchinfo | 1 -
 1 file changed, 1 deletion(-)

diff --git a/patchinfo.20260106100749431638.93181000773252/_patchinfo b/patchinfo.20260106100749431638.93181000773252/_patchinfo
index 708ceae..d8974b6 100644
--- a/patchinfo.20260106100749431638.93181000773252/_patchinfo
+++ b/patchinfo.20260106100749431638.93181000773252/_patchinfo
@@ -21,5 +21,4 @@
   * ci: enable `check-latest` for `setup-go` [backport: release/v0.68] (#9946)
 </description>
   <package>trivy</package>
-  <seperate_build_arch/>
 </patchinfo>
-- 
2.51.1