{"affected":[{"ecosystem_specific":{"binaries":[{"cheat":"4.4.2-bp160.2.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"cheat","purl":"pkg:rpm/opensuse/cheat&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.2-bp160.2.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cheat fixes the following issues:\n\n- Security:\n  * CVE-2025-47913: Fix client process termination (bsc#1253593)\n  * CVE-2025-58181: Fix potential unbounded memory consumption (bsc#1253922)\n  * CVE-2025-47914: Fix panic due to an out of bounds read (bsc#1254051)\n  * Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0\n  * Replace golang.org/x/net=golang.org/x/net@v0.47.0\n  * Replace golang.org/x/sys=golang.org/x/sys@v0.38.0\n\n- Packaging improvements:\n  * Drop Requires: golang-packaging. The recommended Go toolchain\n    dependency expression is BuildRequires: golang(API) >= 1.x or\n    optionally the metapackage BuildRequires: go\n  * Use BuildRequires: golang(API) >= 1.19 matching go.mod\n  * Build PIE with pattern that may become recommended procedure:\n    %%ifnarch ppc64 GOFLAGS=\"-buildmode=pie\" %%endif go build\n    A go toolchain buildmode default config would be preferable\n    but none exist at this time.\n  * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable\n  * Remove go build -o output binary location and name. Default\n    binary has the same name as package of func main() and is\n    placed in the top level of the build directory.\n  * Add basic %check to execute binary --help\n\n- Packaging improvements:\n  * Service go_modules replace dependencies with CVEs\n  * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1\n    Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm\n  * Replace golang.org/x/net=golang.org/x/net@v0.36.0\n    Fixes GO-2025-3503 CVE-2025-22870\n  * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0\n    Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8\n    Fixes GO-2025-3487 CVE-2025-22869\n  * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0\n    Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4\n    Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m\n  * Service tar_scm set mode manual from disabled\n  * Service tar_scm create archive from git so we can exclude\n    vendor directory upstream committed to git. Committed vendor\n    directory contents have build issues even after go mod tidy.\n  * Service tar_scm exclude dir vendor\n  * Service set_version set mode manual from disabled\n  * Service set_version remove param basename not needed\n","id":"openSUSE-SU-2025:20177-1","modified":"2025-12-18T00:17:52Z","published":"2025-12-18T00:17:52Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1247629"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253593"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253922"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254051"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-48795"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21613"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21614"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22869"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22870"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47913"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47914"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58181"}],"related":["CVE-2023-48795","CVE-2025-21613","CVE-2025-21614","CVE-2025-22869","CVE-2025-22870","CVE-2025-47913","CVE-2025-47914","CVE-2025-58181"],"summary":"Security update for cheat","upstream":["CVE-2023-48795","CVE-2025-21613","CVE-2025-21614","CVE-2025-22869","CVE-2025-22870","CVE-2025-47913","CVE-2025-47914","CVE-2025-58181"]}