helm-3.18.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15228-1 Final 1 1 2025-07-03T00:00:00Z current 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z helm-3.18.3-1.1 on GA media These are all security issues fixed in the helm-3.18.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15228 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-22872/ SUSE CVE CVE-2025-22872 page openSUSE Tumbleweed helm-3.18.3-1.1 helm-bash-completion-3.18.3-1.1 helm-fish-completion-3.18.3-1.1 helm-zsh-completion-3.18.3-1.1 helm-3.18.3-1.1 as a component of openSUSE Tumbleweed helm-bash-completion-3.18.3-1.1 as a component of openSUSE Tumbleweed helm-fish-completion-3.18.3-1.1 as a component of openSUSE Tumbleweed helm-zsh-completion-3.18.3-1.1 as a component of openSUSE Tumbleweed The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts). CVE-2025-22872 openSUSE Tumbleweed:helm-3.18.3-1.1 openSUSE Tumbleweed:helm-bash-completion-3.18.3-1.1 openSUSE Tumbleweed:helm-fish-completion-3.18.3-1.1 openSUSE Tumbleweed:helm-zsh-completion-3.18.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-22872.html CVE-2025-22872 https://bugzilla.suse.com/1241710 SUSE Bug 1241710