openSUSE-SU-2025:20118-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2025:20118-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2025:20118-1
Upstream
Related
Published
2025-11-27T12:30:27Z
Modified
2026-03-12T02:07:29.149064Z
Summary
Security update for gitea-tea
Details

This update for gitea-tea fixes the following issues:

Changes in gitea-tea:

  • update to 0.11.1:

    • 61d4e57 Fix Pr Create crash (#823)
    • 4f33146 add test for matching logins (#820)
    • 08b8398 Update README.md (#819)

  • CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by html.ParseFragment when processing specially crafted input (boo#1251663)

  • CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents (boo#1251471)

  • update to 0.11.0:

    • Fix yaml output single quote (#814)
    • generate man page (#811)
    • feat: add validation for object-format flag in repo create command (#741)
    • Fix release version (#815)
    • update gitea sdk to v0.22 (#813)
    • don't fallback login directly (#806)
    • Check duplicated login name in interact mode when creating new login (#803)
    • Fix bug when output json with special chars (#801)
    • add debug mode and update readme (#805)
    • update go.mod to retract the wrong tag v1.3.3 (#802)
    • revert completion scripts removal (#808)
    • Remove pagination from context (#807)
    • Continue auth when failed to open browser (#794)
    • Fix bug (#793)
    • Fix tea login add with ssh public key bug (#789)
    • Add temporary authentication via environment variables (#639)
    • Fix attachment size (#787)
    • deploy image when tagging (#792)
    • Add Zip URL for release list (#788)
    • Use bubbletea instead of survey for interacting with TUI (#786)
    • capitalize a few items
    • rm out of date comparison file
    • README: Document logging in to gitea (#790)
    • remove autocomplete command (#782)
    • chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5 (#773)
    • replace arch package url (#783)
    • fix: Reenable -p and --limit switches (#778)

  • Update to 0.10.1+git.1757695903.cc20b52:

    • feat: add validation for object-format flag in repo create command (see gh#openSUSE/openSUSE-git#60)
    • Fix release version
    • update gitea sdk to v0.22
    • don't fallback login directly
    • Check duplicated login name in interact mode when creating new login
    • Fix bug when output json with special chars
    • add debug mode and update readme
    • update go.mod to retract the wrong tag v1.3.3
    • revert completion scripts removal
    • Remove pagination from context
    • Continue auth when failed to open browser
    • Fix bug
    • Fix tea login add with ssh public key bug
    • Add temporary authentication via environment variables
    • Fix attachment size
    • deploy image when tagging
    • Add Zip URL for release list
    • Use bubbletea instead of survey for interacting with TUI
    • capitalize a few items
    • rm out of date comparison file
    • README: Document logging in to gitea
    • remove autocomplete command
    • chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5
    • replace arch package url
    • fix: Reenable -p and --limit switches
References

Affected packages

openSUSE:Leap 16.0 / gitea-tea

Package

Name
gitea-tea
Purl
pkg:rpm/opensuse/gitea-tea&distro=openSUSE%20Leap%2016.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.1-bp160.1.1

Ecosystem specific 

{
    "binaries": [
        {
            "gitea-tea-zsh-completion": "0.11.1-bp160.1.1",
            "gitea-tea": "0.11.1-bp160.1.1",
            "gitea-tea-bash-completion": "0.11.1-bp160.1.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2025:20118-1.json"