Security update for gitea-tea SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025-20118-1 Final 1 1 2025-11-27T12:30:27Z current 2025-11-27T12:30:27Z 2025-11-27T12:30:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gitea-tea This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.11.1: * 61d4e57 Fix Pr Create crash (#823) * 4f33146 add test for matching logins (#820) * 08b8398 Update README.md (#819) - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (boo#1251663) - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents (boo#1251471) - update to 0.11.0: * Fix yaml output single quote (#814) * generate man page (#811) * feat: add validation for object-format flag in repo create command (#741) * Fix release version (#815) * update gitea sdk to v0.22 (#813) * don't fallback login directly (#806) * Check duplicated login name in interact mode when creating new login (#803) * Fix bug when output json with special chars (#801) * add debug mode and update readme (#805) * update go.mod to retract the wrong tag v1.3.3 (#802) * revert completion scripts removal (#808) * Remove pagination from context (#807) * Continue auth when failed to open browser (#794) * Fix bug (#793) * Fix tea login add with ssh public key bug (#789) * Add temporary authentication via environment variables (#639) * Fix attachment size (#787) * deploy image when tagging (#792) * Add Zip URL for release list (#788) * Use bubbletea instead of survey for interacting with TUI (#786) * capitalize a few items * rm out of date comparison file * README: Document logging in to gitea (#790) * remove autocomplete command (#782) * chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5 (#773) * replace arch package url (#783) * fix: Reenable -p and --limit switches (#778) - Update to 0.10.1+git.1757695903.cc20b52: - feat: add validation for object-format flag in repo create command (see gh#openSUSE/openSUSE-git#60) - Fix release version - update gitea sdk to v0.22 - don't fallback login directly - Check duplicated login name in interact mode when creating new login - Fix bug when output json with special chars - add debug mode and update readme - update go.mod to retract the wrong tag v1.3.3 - revert completion scripts removal - Remove pagination from context - Continue auth when failed to open browser - Fix bug - Fix tea login add with ssh public key bug - Add temporary authentication via environment variables - Fix attachment size - deploy image when tagging - Add Zip URL for release list - Use bubbletea instead of survey for interacting with TUI - capitalize a few items - rm out of date comparison file - README: Document logging in to gitea - remove autocomplete command - chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5 - replace arch package url - fix: Reenable `-p` and `--limit` switches The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-packagehub-34 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1251471 SUSE Bug 1251471 https://bugzilla.suse.com/1251663 SUSE Bug 1251663 https://www.suse.com/security/cve/CVE-2025-47911/ SUSE CVE CVE-2025-47911 page https://www.suse.com/security/cve/CVE-2025-58190/ SUSE CVE CVE-2025-58190 page openSUSE Leap 16.0 gitea-tea-0.11.1-bp160.1.1 gitea-tea-bash-completion-0.11.1-bp160.1.1 gitea-tea-zsh-completion-0.11.1-bp160.1.1 gitea-tea-0.11.1-bp160.1.1 as a component of openSUSE Leap 16.0 gitea-tea-bash-completion-0.11.1-bp160.1.1 as a component of openSUSE Leap 16.0 gitea-tea-zsh-completion-0.11.1-bp160.1.1 as a component of openSUSE Leap 16.0 unknown CVE-2025-47911 openSUSE Leap 16.0:gitea-tea-0.11.1-bp160.1.1 openSUSE Leap 16.0:gitea-tea-bash-completion-0.11.1-bp160.1.1 openSUSE Leap 16.0:gitea-tea-zsh-completion-0.11.1-bp160.1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-47911.html CVE-2025-47911 https://bugzilla.suse.com/1251308 SUSE Bug 1251308 unknown CVE-2025-58190 openSUSE Leap 16.0:gitea-tea-0.11.1-bp160.1.1 openSUSE Leap 16.0:gitea-tea-bash-completion-0.11.1-bp160.1.1 openSUSE Leap 16.0:gitea-tea-zsh-completion-0.11.1-bp160.1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-58190.html CVE-2025-58190 https://bugzilla.suse.com/1251309 SUSE Bug 1251309