weblate-5.14.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15733-1 Final 1 1 2025-11-12T00:00:00Z current 2025-11-12T00:00:00Z 2025-11-12T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z weblate-5.14.3-1.1 on GA media These are all security issues fixed in the weblate-5.14.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15733 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-64326/ SUSE CVE CVE-2025-64326 page openSUSE Tumbleweed weblate-5.14.3-1.1 weblate-5.14.3-1.1 as a component of openSUSE Tumbleweed Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1. CVE-2025-64326 openSUSE Tumbleweed:weblate-5.14.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-64326.html CVE-2025-64326 https://bugzilla.suse.com/1253125 SUSE Bug 1253125