opensuse-su-2024:0130-1
Vulnerability from csaf_opensuse
Published
2024-05-18 12:51
Modified
2024-05-18 12:51
Summary
Security update for git-cliff
Notes
Title of the patch
Security update for git-cliff
Description of the patch
This update for git-cliff fixes the following issues:
- update to 2.2.2:
* (changelog) Allow adding custom context
* (changelog) Ignore empty lines when using split_commits
* (parser) Allow matching empty commit body
* Documentation updates
- update to 2.2.1:
* Make rendering errors more verbose
* Support detecting config from project manifest
* Make the bump version rules configurable
* bug fixes and documentation updates
- CVE-2024-32650: rust-rustls: Infinite loop with proper client
input fixes (boo#1223218)
- Update to version 2.1.2:
* feat(npm): add programmatic API for TypeScript
* chore(fixtures): enable verbose logging for output
* refactor(clippy): apply clippy suggestions
* refactor(changelog): do not output to stdout when prepend is used
* feat(args): add `--tag-pattern` argument
* fix(config): fix commit parser regex in the default config
* fix(github): sanitize the GitHub token in debug logs
* chore(config): add animation to the header of the changelog
* refactor(clippy): apply clippy suggestions
* docs(security): update security policy
* chore(project): add readme to core package
* chore(embed): do not allow missing docs
* chore(config): skip dependabot commits for dev updates
* docs(readme): mention RustLab 2023 talk
* chore(config): revamp the configuration files
* chore(docker): update versions in Dockerfile
* chore(example): use full links in GitHub templates
* chore(project): bump MSRV to 1.74.1
* revert(config): use postprocessors for checking the typos
* feat(template): support using PR labels in the GitHub template
* docs(configuration): fix typo
* feat(args): add `--no-exec` flag for skipping command execution
* chore(command): explicitly set the directory of command to current dir
* refactor(ci): use hardcoded workspace members for cargo-msrv command
* refactor(ci): simplify cargo-msrv installation
* refactor(clippy): apply clippy suggestions
* refactor(config): use postprocessors for checking the typos
* chore(project): update copyright years
* chore(github): update templates about GitHub integration
* feat(changelog): set the timestamp of the previous release
* feat(template): support using PR title in the GitHub template
* feat(changelog): improve skipping via `.cliffignore` and `--skip-commit`
* chore(changelog): disable the default behavior of next-version
* fix(git): sort commits in topological order
* test(changelog): use the correct version for missing tags
* chore(changelog): use 0.1.0 as default next release if no tag is found
* feat(github)!: support integration with GitHub repos
* refactor(changelog): support `--bump` for processed releases
* fix(cli): fix broken pipe when stdout is interrupted
* test(fixtures): update the bumped value output to add prefix
* feat(changelog): support tag prefixes with `--bump`
* feat(changelog)!: set tag to `0.0.1` via `--bump` if no tags exist
* fix(commit): trim the trailing newline from message
* docs(readme): use the raw link for the animation
* chore(example): remove limited commits example
* feat(args): add `-x` short argument for `--context`
* revert(deps): bump actions/upload-pages-artifact from 2 to 3
* revert(deps): bump actions/deploy-pages from 3 to 4
* chore(dependabot): group the dependency updates for creating less PRs
* feat(parser): support using SHA1 of the commit
* feat(commit): add merge_commit flag to the context
* chore(mergify): don't update PRs for the main branch
* fix(links): skip checking the GitHub commit URLs
* fix(changelog): fix previous version links
* feat(parser): support using regex scope values
* test(fixture): update the date for example test fixture
* docs(fixtures): add instructions for adding new fixtures
* feat(args): support initialization with built-in templates
* feat(changelog)!: support templating in the footer
* feat(args): allow returning the bumped version
* test(fixture): add test fixture for bumping version
* fix: allow version bump with a single previous release
* fix(changelog): set the correct previous tag when a custom tag is given
* feat(args): set `CHANGELOG.md` as default missing value for output option
* refactor(config): remove unnecessary newline from configs
- Update to version 1.4.0:
* Support bumping the semantic version via `--bump`
* Add 'typos' check
* Log the output of failed external commands -
* breaking change: Support regex in 'tag_pattern' configuration
* Add field and value matchers to the commit parser
- Update to version 1.2.0:
* Update clap and clap extras to v4
* Make the fields of Signature public
* Add a custom configuration file for the repository
* Support placing configuration inside pyproject.toml
* Generate SBOM/provenance for the Docker image
* Support using regex group values
* [breaking] Nested environment config overrides
* Set max of limit_commits to the number of commits
* Set the node cache dependency path
* Use the correct argument in release script
- Update to version 1.1.2:
* Do not skip all tags when skip_tags is empty (#136)
* Allow saving context to a file (#138)
* Derive the tag order from commits instead of timestamp (#139)
* Use timestamp for deriving the tag order (#139)
- Update to version 1.1.1:
* Relevant change: Update README.md about the NPM package
* Fix type casting in base NPM package
* Rename the package on Windows
* Disable liquid parsing in README.md by using raw blocks
* Support for generating changelog for multiple git repositories
* Publish binaries for more platforms/architectures
- Update to version 1.0.0:
* Bug Fixes
- Fix test fixture failures
* Documentation
- Fix GitHub badges in README.md
* Features
- [breaking] Replace --date-order by --topo-order
- Allow running with --prepend and --output
- [breaking] Use current time for --tag argument
- Include completions and mangen in binary releases
- Publish Debian package via release workflow
* Miscellaneous Tasks
- Run all test fixtures
- Remove deprecated set-output usage
- Update actions/checkout to v3
- Comment out custom commit preprocessor
* Refactor
- Apply clippy suggestions
* Styling
- Update README.md about the styling of footer field
Patchnames
openSUSE-2024-130
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for git-cliff",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for git-cliff fixes the following issues:\n\n- update to 2.2.2:\n * (changelog) Allow adding custom context\n * (changelog) Ignore empty lines when using split_commits\n * (parser) Allow matching empty commit body\n * Documentation updates\n\n- update to 2.2.1:\n * Make rendering errors more verbose\n * Support detecting config from project manifest\n * Make the bump version rules configurable\n * bug fixes and documentation updates\n- CVE-2024-32650: rust-rustls: Infinite loop with proper client\n input fixes (boo#1223218)\n\n- Update to version 2.1.2:\n * feat(npm): add programmatic API for TypeScript\n * chore(fixtures): enable verbose logging for output\n * refactor(clippy): apply clippy suggestions\n * refactor(changelog): do not output to stdout when prepend is used\n * feat(args): add `--tag-pattern` argument\n * fix(config): fix commit parser regex in the default config\n * fix(github): sanitize the GitHub token in debug logs\n * chore(config): add animation to the header of the changelog\n * refactor(clippy): apply clippy suggestions\n * docs(security): update security policy\n * chore(project): add readme to core package\n * chore(embed): do not allow missing docs\n * chore(config): skip dependabot commits for dev updates\n * docs(readme): mention RustLab 2023 talk\n * chore(config): revamp the configuration files\n * chore(docker): update versions in Dockerfile\n * chore(example): use full links in GitHub templates\n * chore(project): bump MSRV to 1.74.1\n * revert(config): use postprocessors for checking the typos\n * feat(template): support using PR labels in the GitHub template\n * docs(configuration): fix typo\n * feat(args): add `--no-exec` flag for skipping command execution\n * chore(command): explicitly set the directory of command to current dir\n * refactor(ci): use hardcoded workspace members for cargo-msrv command\n * refactor(ci): simplify cargo-msrv installation\n * refactor(clippy): apply clippy suggestions\n * refactor(config): use postprocessors for checking the typos\n * chore(project): update copyright years\n * chore(github): update templates about GitHub integration\n * feat(changelog): set the timestamp of the previous release\n * feat(template): support using PR title in the GitHub template\n * feat(changelog): improve skipping via `.cliffignore` and `--skip-commit`\n * chore(changelog): disable the default behavior of next-version\n * fix(git): sort commits in topological order\n * test(changelog): use the correct version for missing tags\n * chore(changelog): use 0.1.0 as default next release if no tag is found\n * feat(github)!: support integration with GitHub repos\n * refactor(changelog): support `--bump` for processed releases\n * fix(cli): fix broken pipe when stdout is interrupted\n * test(fixtures): update the bumped value output to add prefix\n * feat(changelog): support tag prefixes with `--bump`\n * feat(changelog)!: set tag to `0.0.1` via `--bump` if no tags exist\n * fix(commit): trim the trailing newline from message\n * docs(readme): use the raw link for the animation\n * chore(example): remove limited commits example\n * feat(args): add `-x` short argument for `--context`\n * revert(deps): bump actions/upload-pages-artifact from 2 to 3\n * revert(deps): bump actions/deploy-pages from 3 to 4\n * chore(dependabot): group the dependency updates for creating less PRs\n * feat(parser): support using SHA1 of the commit\n * feat(commit): add merge_commit flag to the context\n * chore(mergify): don\u0027t update PRs for the main branch\n * fix(links): skip checking the GitHub commit URLs\n * fix(changelog): fix previous version links\n * feat(parser): support using regex scope values\n * test(fixture): update the date for example test fixture\n * docs(fixtures): add instructions for adding new fixtures\n * feat(args): support initialization with built-in templates\n * feat(changelog)!: support templating in the footer\n * feat(args): allow returning the bumped version\n * test(fixture): add test fixture for bumping version\n * fix: allow version bump with a single previous release\n * fix(changelog): set the correct previous tag when a custom tag is given\n * feat(args): set `CHANGELOG.md` as default missing value for output option\n * refactor(config): remove unnecessary newline from configs\n\n- Update to version 1.4.0:\n * Support bumping the semantic version via `--bump`\n * Add \u0027typos\u0027 check\n * Log the output of failed external commands -\n * breaking change: Support regex in \u0027tag_pattern\u0027 configuration\n * Add field and value matchers to the commit parser\n\n- Update to version 1.2.0:\n * Update clap and clap extras to v4 \n * Make the fields of Signature public\n * Add a custom configuration file for the repository\n * Support placing configuration inside pyproject.toml \n * Generate SBOM/provenance for the Docker image\n * Support using regex group values \n * [breaking] Nested environment config overrides \n * Set max of limit_commits to the number of commits \n * Set the node cache dependency path\n * Use the correct argument in release script\n\n- Update to version 1.1.2:\n * Do not skip all tags when skip_tags is empty (#136)\n * Allow saving context to a file (#138)\n * Derive the tag order from commits instead of timestamp (#139)\n * Use timestamp for deriving the tag order (#139)\n\n- Update to version 1.1.1:\n * Relevant change: Update README.md about the NPM package\n * Fix type casting in base NPM package\n * Rename the package on Windows\n * Disable liquid parsing in README.md by using raw blocks\n * Support for generating changelog for multiple git repositories\n * Publish binaries for more platforms/architectures\n\n- Update to version 1.0.0:\n * Bug Fixes\n - Fix test fixture failures\n * Documentation\n - Fix GitHub badges in README.md\n * Features\n - [breaking] Replace --date-order by --topo-order\n - Allow running with --prepend and --output\n - [breaking] Use current time for --tag argument\n - Include completions and mangen in binary releases\n - Publish Debian package via release workflow\n * Miscellaneous Tasks\n - Run all test fixtures\n - Remove deprecated set-output usage\n - Update actions/checkout to v3\n - Comment out custom commit preprocessor\n * Refactor\n - Apply clippy suggestions\n * Styling\n - Update README.md about the styling of footer field\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2024-130",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0130-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:0130-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RLZMKRAPDN7C43S56JAGULAWF4RXGB2S/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:0130-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RLZMKRAPDN7C43S56JAGULAWF4RXGB2S/"
},
{
"category": "self",
"summary": "SUSE Bug 1223218",
"url": "https://bugzilla.suse.com/1223218"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32650 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32650/"
}
],
"title": "Security update for git-cliff",
"tracking": {
"current_release_date": "2024-05-18T12:51:03Z",
"generator": {
"date": "2024-05-18T12:51:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:0130-1",
"initial_release_date": "2024-05-18T12:51:03Z",
"revision_history": [
{
"date": "2024-05-18T12:51:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "git-cliff-2.2.2-bp155.2.3.1.aarch64",
"product": {
"name": "git-cliff-2.2.2-bp155.2.3.1.aarch64",
"product_id": "git-cliff-2.2.2-bp155.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-cliff-2.2.2-bp155.2.3.1.i586",
"product": {
"name": "git-cliff-2.2.2-bp155.2.3.1.i586",
"product_id": "git-cliff-2.2.2-bp155.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch",
"product": {
"name": "git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch",
"product_id": "git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch",
"product": {
"name": "git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch",
"product_id": "git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch",
"product": {
"name": "git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch",
"product_id": "git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "git-cliff-2.2.2-bp155.2.3.1.ppc64le",
"product": {
"name": "git-cliff-2.2.2-bp155.2.3.1.ppc64le",
"product_id": "git-cliff-2.2.2-bp155.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-cliff-2.2.2-bp155.2.3.1.s390x",
"product": {
"name": "git-cliff-2.2.2-bp155.2.3.1.s390x",
"product_id": "git-cliff-2.2.2-bp155.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "git-cliff-2.2.2-bp155.2.3.1.x86_64",
"product": {
"name": "git-cliff-2.2.2-bp155.2.3.1.x86_64",
"product_id": "git-cliff-2.2.2-bp155.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP5",
"product": {
"name": "SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-2.2.2-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.aarch64"
},
"product_reference": "git-cliff-2.2.2-bp155.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-2.2.2-bp155.2.3.1.i586 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.i586"
},
"product_reference": "git-cliff-2.2.2-bp155.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-2.2.2-bp155.2.3.1.ppc64le as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.ppc64le"
},
"product_reference": "git-cliff-2.2.2-bp155.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-2.2.2-bp155.2.3.1.s390x as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.s390x"
},
"product_reference": "git-cliff-2.2.2-bp155.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-2.2.2-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.x86_64"
},
"product_reference": "git-cliff-2.2.2-bp155.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch"
},
"product_reference": "git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch"
},
"product_reference": "git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch"
},
"product_reference": "git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-2.2.2-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.aarch64"
},
"product_reference": "git-cliff-2.2.2-bp155.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-2.2.2-bp155.2.3.1.i586 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.i586"
},
"product_reference": "git-cliff-2.2.2-bp155.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-2.2.2-bp155.2.3.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.ppc64le"
},
"product_reference": "git-cliff-2.2.2-bp155.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-2.2.2-bp155.2.3.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.s390x"
},
"product_reference": "git-cliff-2.2.2-bp155.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-2.2.2-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.x86_64"
},
"product_reference": "git-cliff-2.2.2-bp155.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch"
},
"product_reference": "git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch"
},
"product_reference": "git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch"
},
"product_reference": "git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32650"
}
],
"notes": [
{
"category": "general",
"text": "Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server\u0027s `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch",
"SUSE Package Hub 15 SP5:git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch",
"SUSE Package Hub 15 SP5:git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.i586",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch",
"openSUSE Leap 15.5:git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch",
"openSUSE Leap 15.5:git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32650",
"url": "https://www.suse.com/security/cve/CVE-2024-32650"
},
{
"category": "external",
"summary": "SUSE Bug 1223211 for CVE-2024-32650",
"url": "https://bugzilla.suse.com/1223211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch",
"SUSE Package Hub 15 SP5:git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch",
"SUSE Package Hub 15 SP5:git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.i586",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch",
"openSUSE Leap 15.5:git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch",
"openSUSE Leap 15.5:git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:git-cliff-2.2.2-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch",
"SUSE Package Hub 15 SP5:git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch",
"SUSE Package Hub 15 SP5:git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.i586",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:git-cliff-2.2.2-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:git-cliff-bash-completion-2.2.2-bp155.2.3.1.noarch",
"openSUSE Leap 15.5:git-cliff-fish-completion-2.2.2-bp155.2.3.1.noarch",
"openSUSE Leap 15.5:git-cliff-zsh-completion-2.2.2-bp155.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-18T12:51:03Z",
"details": "important"
}
],
"title": "CVE-2024-32650"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…