{"affected":[{"ecosystem_specific":{"binaries":[{"golang-github-teddysun-v2ray-plugin":"5.15.1-bp160.1.11","golang-github-v2fly-v2ray-core":"5.18.0-bp160.1.13","shadowsocks-v2ray-plugin":"5.15.1-bp160.1.11","v2ray-core":"5.18.0-bp160.1.13"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"shadowsocks-v2ray-plugin","purl":"pkg:rpm/opensuse/shadowsocks-v2ray-plugin&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.15.1-bp160.1.11"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-teddysun-v2ray-plugin":"5.15.1-bp160.1.11","golang-github-v2fly-v2ray-core":"5.18.0-bp160.1.13","shadowsocks-v2ray-plugin":"5.15.1-bp160.1.11","v2ray-core":"5.18.0-bp160.1.13"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"v2ray-core","purl":"pkg:rpm/opensuse/v2ray-core&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.18.0-bp160.1.13"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for shadowsocks-v2ray-plugin, v2ray-core fixes the following issues:\n\nChanges in shadowsocks-v2ray-plugin:\n\n- Update version to 5.25.0\n  * Update v2ray-core to v5.25.0\n- Add update-vendor.patch, update v2ray-core to v5.33.0 (boo#1243954 and CVE-2025-297850)\n\nChanges in v2ray-core:\n\n- Fix CVE-2025-47911 and boo#1251404\n  * Add fix-CVE-2025-47911.patch\n  * Update golang.org/x/net to 0.45.0 in vendor\n\n- Update version to 5.38.0\n  * TLSMirror Connection Enrollment System\n  * Add TLSMirror Sequence Watermarking\n  * LSMirror developer preview protocol is now a part of mainline V2Ray\n  * proxy dns with NOTIMP error\n  * Add TLSMirror looks like TLS censorship resistant transport protocol\n    as a developer preview transport\n  * proxy dns with NOTIMP error\n  * fix false success from SOCKS server when Dispatch() fails\n  * HTTP inbound: Directly forward plain HTTP 1xx response header\n  * add a option to override domain used to query https record\n  * Fix bugs\n  * Update vendor\n\n- Update version to 5.33.0\n  * bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850)\n  * Update other vendor source\n\n- Update version to 5.31.0\n  * Add Dns Proxy Response TTL Control\n  * Fix call newError Base with a nil value error\n  * Update vendor (boo#1235164)\n\n- Update version to 5.29.3\n  * Enable restricted mode load for http protocol client\n  * Correctly implement QUIC sniffer when handling multiple initial packets\n  * Fix unreleased cache buffer in QUIC sniffing\n  * A temporary testing fix for the buffer corruption issue\n  * QUIC Sniffer Restructure\n\n- Update version to 5.22.0\n  * Add packetEncoding for Hysteria\n  * Add ECH Client Support\n  * Add support for parsing some shadowsocks links\n  * Add Mekya Transport\n  * Fix bugs\n","id":"openSUSE-SU-2025-20128-1","modified":"2025-11-28T13:38:03Z","published":"2025-11-28T13:38:03Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1235164"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243946"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243954"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251404"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-297850"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47911"}],"related":["CVE-2025-297850","CVE-2025-47911"],"summary":"Security update for shadowsocks-v2ray-plugin, v2ray-core","upstream":["CVE-2025-297850","CVE-2025-47911"]}