2026-01-08 15:08:08 +01:00
2 changed files with 25 additions and 1 deletions
--- a/patchinfo.20260106100749431638.93181000773252/_patchinfo
+++ b/patchinfo.20260106100749431638.93181000773252/_patchinfo
@@ -0,0 +1,24 @@
+<patchinfo>
+  <issue tracker="cve" id="2025-58181"/>
+  <issue tracker="cve" id="2025-47913"/>
+  <issue tracker="cve" id="2025-58190"/>
+  <issue tracker="cve" id="2025-47914"/>
+  <issue tracker="cve" id="2025-47911"/>
+  <issue tracker="bnc" id="1253512">VUL-0: CVE-2025-47913: trivy: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request</issue>
+  <issue tracker="bnc" id="1253977">VUL-0: CVE-2025-47914: trivy: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read</issue>
+  <issue tracker="bnc" id="1251547">VUL-0: CVE-2025-58190: trivy: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input</issue>
+  <issue tracker="bnc" id="1251363">VUL-0: CVE-2025-47911: trivy: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <issue tracker="bnc" id="1253786">VUL-0: CVE-2025-58181: trivy: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption</issue>
+  <packager>dirkmueller</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for trivy</summary>
+  <description>This update for trivy fixes the following issues:
+
+- Update to version 0.68.2:
+  * release: v0.68.2 [release/v0.68] (#9950)
+  * fix(deps): bump alpine from `3.22.1` to `3.23.0` [backport: release/v0.68] (#9949)
+  * ci: enable `check-latest` for `setup-go` [backport: release/v0.68] (#9946)
+</description>
+  <package>trivy</package>
+</patchinfo>
--- a/2
+++ b/2