{"affected":[{"ecosystem_specific":{"binaries":[{"helm":"3.19.1-160000.1.1","helm-bash-completion":"3.19.1-160000.1.1","helm-fish-completion":"3.19.1-160000.1.1","helm-zsh-completion":"3.19.1-160000.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"helm","purl":"pkg:rpm/opensuse/helm&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.19.1-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for helm fixes the following issues:\n\n- Update to version 3.19.1:\n * CVE-2025-47911: golang.org/x/net/html: Fixed various algorithms with\n quadratic complexity when parsing HTML documents (bsc#1251442)\n * CVE-2025-58190: golang.org/x/net/html: Fixed xcessive memory\n consumption by `html.ParseFragment` when processing specially\n crafted input (bsc#1251649)\n * jsonschema: warn and ignore unresolved URN $ref to match\n v3.18.4\n * Avoid \"panic: interface conversion: interface {} is nil\"\n * Fix `helm pull` untar dir check with repo urls\n * Fix deprecation warning\n * Add timeout flag to repo add and update flags\n\n- Update to version 3.19.0:\n * bump version to v3.19.0\n * fix: use username and password if provided\n * fix(helm-lint): fmt\n * fix(helm-lint): Add TLSClientConfig\n * fix(helm-lint): Add HTTP/HTTPS URL support for json schema references\n * chore(deps): bump the k8s-io group with 7 updates\n * fix: go mod tidy for v3\n * fix Chart.yaml handling\n * Handle messy index files\n * json schema fix\n * fix: k8s version parsing to match original\n * Do not explicitly set SNI in HTTPGetter\n * Disabling linter due to unknown issue\n * Updating link handling\n * fix: user username password for login\n * Update pkg/registry/transport.go\n * fix: add debug logging to oci transport\n * fix: legacy docker support broken for login\n * fix: plugin installer test with no Internet\n * Handle an empty registry config file.\n * Prevent fetching newReference again as we have in calling method\n * Prevent failure when resolving version tags in oras memory store\n * fix(client): skipnode utilization for PreCopy\n * test: Skip instead of returning early. looks more intentional\n * test: tests repo stripping functionality\n * test: include tests for Login based on different protocol prefixes\n * fix(client): layers now returns manifest - remove duplicate from descriptors\n * fix(client): return nil on non-allowed media types\n * Fix 3.18.0 regression: registry login with scheme\n * Update pkg/plugin/plugin.go\n * Wait for Helm v4 before raising when platformCommand and Command are set\n * Revert \"fix (helm) : toToml` renders int as float [ backport to v3 ]\"\n * build(deps): bump the k8s-io group with 7 updates\n * chore: update generalization warning message\n * fix: move warning to top of block\n * fix: govulncheck workflow\n * fix: replace fmt warning with slog\n * fix: add warning when ignore repo flag\n * feat: add httproute from gateway-api to create chart template\n\n- Update to version 3.18.6:\n * fix(helm-lint): fmt\n * fix(helm-lint): Add TLSClientConfig\n * fix(helm-lint): Add HTTP/HTTPS URL support for json schema\n references\n\n- Update to version 3.18.5:\n * fix Chart.yaml handling 7799b48 (Matt Farina)\n * Handle messy index files dd8502f (Matt Farina)\n * json schema fix cb8595b (Robert Sirchia)\n\n- Fix shell completion dependencies\n * Add BuildRequires to prevent inclusion of folders owned by shells.\n * Add Requires because installing completions without appropriate\n shell is questionable.\n\n- Fix zsh completion location\n","id":"openSUSE-SU-2026:20327-1","modified":"2026-03-05T14:27:21Z","published":"2026-03-05T14:27:21Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1251442"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251649"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47911"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58190"}],"related":["CVE-2025-47911","CVE-2025-58190"],"summary":"Security update for helm","upstream":["CVE-2025-47911","CVE-2025-58190"]}