OPENSUSE-SU-2026:21185-1

Vulnerability from csaf_opensuse - Published: 2026-06-30 15:11 - Updated: 2026-06-30 15:11
Summary
Security update for stgit
Severity
Important
Notes
Title of the patch: Security update for stgit
Description of the patch: This update for stgit fixes the following issues: Changes in stgit: - Update to version 2.6.0: * chore: update changelog for 2.6.0 * fix(import): respect --name verbatim, ignoring stgit.namelength * test(refresh): use test_when_finished for status.renames cleanup * expect over unwrap for test * bugfix: issue #615, add Copied variant to Status enum and move panic to a copied status, add integration test * docs: Update copyright year * chore: update gix to 0.83 (CVE-2026-40034, bsc#1266429) * chore: update compatible transitive dependencies * chore: update winnow to 1.0.3 * chore: update jiff to 0.2.24 * ci: drop dead CARGO_TARGET_*_STRIP env vars from package build * ci: soft-pin cargo-deb to ^3.0 * ci: bump cargo-generate-rpm pin to ^0.20.0 * ci: bump GitHub Actions to Node 24 runtimes * chore: update winnow to 1.0.1 * chore: update clap to 4.6.1 * chore: update gix to 0.81 * chore: bump MSRV to 1.85 * chore: update transitive deps * chore: update winnow to 0.7.15 * chore: update thiserror to 2.0.18 * chore: update tempfile to 3.27.0 * chore: update tar to 0.4.45 * chore: update serde_json to 1.0.149 * chore: update jiff to 0.2.23 * chore: update indexmap to 2.14.0 * chore: update flate2 to 1.1.9 * chore: update ctrlc to 3.5.2 * chore: update clap to 4.5.61 * chore: update anyhow to 1.0.102 * chore: update anstyle to 1.0.14 - Update to version 2.5.5: * fix(squash): keep author when squashed commits have same author - Update to version 2.5.4: * chore: update changelog for 2.5.4 * chore: update transitive dependencies * chore: update clap to 4.5.43 * refactor: clippy fixes * fix: gix 0.73 breaking changes * chore: update gix to 0.73 * chore: update transitive dependencies * chore: update serde_json to 1.0.142 * chore: update winnow to 0.7.12 * chore: update clap to 4.5.42 * refactor: clippy lints * stgit.el: Use `with-eval-after-load' instead of a homemade version * stgit.el: Use `advice-add' instead of `defadvice' * stgit.el: Fix various checkdoc warnings * stgit.el: Support Emacs versions < 31 * feat(bash): complete patches from chosen branch * chore: update dependencies * refactor: repair clippy lints * chore: update clap to 4.5.40 * chore: update anstyle to 1.0.11 * chore: update winnow to 0.7.11 * chore: update anyhow to 1.0.98 * chore: update jiff to 0.2.15 * chore: update tempfile to 3.20.0 * chore: update curl to 0.4.48 * chore: update flate2 to 1.1.2 * chore: update ctrlc to 3.4.7 * chore(deps): bump winnow from 0.7.6 to 0.7.10 * chore(deps): bump clap from 4.5.36 to 4.5.39 * docs: Update copyright year * chore: update transitive dependencies * chore: update tempfile to 3.19.1 * chore: update jiff to 0.2.6 * chore: update winnow to 0.7.6 * chore: update gix to 0.71 * chore: update indexmap to 2.9.0 * chore: update is-terminal to 0.4.16 * chore: update ctrlc to 3.4.6 * chore: update bstr to 1.12.0 * chore: update clap to 4.5.36 * chore: update flate2 to 1.1.1 * chore: update serde to 1.0.219 * chore: update serde_json to 1.0.140 * chore: update thiserror to 2.0.12 * chore: update anyhow to 1.0.97 * refactor: repair clippy lint * stgit.el: Move 'stgit-patch-status-face-alist' before first use * stgit.el: Silence warnings of missing vc variables * stgit.el: Replace ad-hoc `make-local-variable' with `defvar-local' * stgit.el: Use defvar-local instead of make-local-variable * stgit.el: Enable lexical-binding * stgit.el: Allow empty descriptions * stgit.el: Add "--no-color" flag to 'git log' and 'git show' * stgit.el: Pass patch into `stgit-process-files' * chore: update changelog for 2.5.3 * chore: update dependencies * refactor(stgit.el): use space-based indentation consistently * refactor: repair clippy lint * chore(deps): bump tempfile from 3.16.0 to 3.17.0 * chore(deps): bump jiff from 0.2.0 to 0.2.1 * build: statically linked packages for riscv64 * chore: update changelog for 2.5.2 * chore: update jiff to 0.2.0 * chore: update winnow to 0.7.2 * fix: partial_ref_name * chore: resolve winnow deprecations * chore: update dependencies * ci: disable test for windows build * chore(deps): bump jiff from 0.1.24 to 0.1.29 * chore(deps): bump serde_json from 1.0.135 to 1.0.138 * chore(deps): bump is-terminal from 0.4.13 to 0.4.15 * chore(deps): bump indexmap from 2.7.0 to 2.7.1 * chore(deps): bump clap from 4.5.26 to 4.5.28 * stgit.el: Fix various compile warnings * stgit.el: Replace depercated cl function calls with new style * stgit.el: Fix some checkdoc warnings * stgit.el: Fix emacs pre-pending "Summary: " to log-edit buffers * chore: update changelog for 2.5.1 * chore: update release checklist * ci: use ubuntu-24.04 image * fix: assure branch creation respects fetch-specs of remotes. (#522) * chore: update to latest `gix` for improved API (#522) * chore: update transitive deps * chore: update anstyle-wincon to 3.0.7 * chore: update bitflags to 2.8.0 * chore: update jiff to 0.1.24 * chore: update transitive deps * chore: update syn to 2.0.96 * chore: update bitflags to 2.7.0 * chore: update clap to 4.5.26 * chore: update serde_json to 1.0.135 * chore: update thiserror to 2.0.11 * chore: update winnow to 0.6.24 * refactor: repair clippy lints for is_some_and * test: repair regression with git v2.48 * chore(deps): bump jiff from 0.1.18 to 0.1.21 * chore(deps): bump bstr from 1.11.1 to 1.11.3 * chore(deps): bump tempfile from 3.14.0 to 3.15.0 * chore: update changelog for 2.5.0 * chore: update transitive deps * chore: update windows-sys to 0.59.0 * chore: update serde to 1.0.217 * chore: update winnow to 0.6.21 * chore: update jiff to 0.1.18 * docs: explain stgit.autosign a bit better * feat: new "name" subcommand * feat: organize subcommands by group in help * chore: fix warning * feat: support calling stg rebase without arguments * tests: add test for rebase without arguments * chore: update dependencies * chore: update serde_json to 1.0.134 * chore: update thiserror to 2.0.9 * chore: update anyhow to 1.0.95 * chore: update gix to 0.69 * chore: update changelog for 2.4.13 * chore: update transitive deps * chore: update jiff to 0.1.15 * chore: update gix to 0.68 * chore: update flate2 to 1.0.35 * chore: update serde to 1.0.216 * chore: update thiserror to 2.0.7 * chore: update indexmap to 2.7.0 * chore: update clap to 4.5.23 * chore: update bstr to 1.11.1 * chore: update anyhow to 1.0.94 * refactor: repair clippy lints * chore: update thiserror to 2.0.3 * chore: update allocator-api2 to 0.2.19 * chore: update url to 2.5.3 * chore: update cc to 1.1.37 * chore: update anstream to 0.6.18 * chore: update fastrand to 2.2.0 * chore: update libc to 0.2.162 * chore: update curl-sys to 0.4.78+curl-8.11.0 * chore: update tempfile to 3.14.0 * chore: update anyhow to 1.0.93 * chore: update gix to 0.67.0 * chore: update autocfg to 1.4.0 * chore: update unicode-bidi to 0.3.17 * chore: update unicode-ident to 1.0.13 * chore: update redox_syscall to 0.5.7 * chore: update colorchoice to 1.0.3 * chore: update anstyle-query to 1.1.2 * chore: update anstyle-parse to 0.2.6 * chore: update proc-macro2 to 1.0.89 * chore: update unicode-normalization to 0.1.24 * chore: update gix-quote to 0.4.13 * chore: update gix-bitmap to 0.2.12 * chore: update gix-config-value to 0.14.9 * chore: update memmap2 to 0.9.5 * chore: update gix-chunk to 0.4.9 * chore: update pkg-config to 0.3.31 * chore: update cc to 1.1.34 * chore: update anstream to 0.6.17 * chore: update rustix to 0.38.38 * chore: update once_cell to 1.20.2 * chore: update gix-validate to 0.9.1 * chore: update gix-utils to 0.1.13 * chore: update gix-sec to 0.10.9 * chore: update gix-date to 0.9.1 * chore: update gix-command to 0.3.10 * chore: update schannel to 0.1.26 * chore: update openssl-sys to 0.9.104 * chore: update libc to 0.2.161 * chore: update regex-automata to 0.4.8 * chore: update winnow to 0.6.20 * chore: update thiserror to 1.0.67 * chore: update tempfile to 3.13.0 * chore: update tar to 0.4.43 * chore: update serde_json to 1.0.132 * chore: update serde to 1.0.214 * chore: update jiff to 0.1.14 * chore: update indexmap to 2.6.0 * chore: update flate2 to 1.0.34 * chore: update encoding_rs to 0.8.35 * chore: update curl to 0.4.47 * chore: update clap to 4.5.20 * chore: update anyhow to 1.0.92 * chore: update anstyle to 1.0.10 - Update to 2.5.4 * stgit.el: Use with-eval-after-load instead of a homemade version * stgit.el: Use advice-add instead of defadvice * stgit.el: Fix various checkdoc warnings * stgit.el: Support Emacs versions < 31 * stgit.el: Move 'stgit-patch-status-face-alist' before first use * stgit.el: Silence warnings of missing vc variables * stgit.el: Replace ad-hoc make-local-variable with defvar-local * stgit.el: Use defvar-local instead of make-local-variable * stgit.el: Enable lexical-binding * stgit.el: Allow empty descriptions * stgit.el: Add "--no-color" flag to 'git log' and 'git show' * stgit.el: Pass patch into stgit-process-files * chore: update gix to 0.73 * docs: Update copyright year * feat(bash): complete patches from chosen branch - Update to 2.5.3 * build: statically linked packages for riscv64 * chore: update dependencies * refactor(stgit.el): use space-based indentation consistently - Update to 2.5.2 2025-02-16 * fix(stgit.el): various compile warnings * fix(stgit.el): Replace depercated cl function calls with new style * fix(stgit.el): checkdoc warnings * fix(stgit.el): emacs pre-pending "Summary: " to log-edit buffers * chore: update jiff to 0.2.0 * chore: update winnow to 0.7.2 * chore: resolve winnow deprecations * chore: update dependencies - Update to 2.5.1 2025-01-18 * fix: assure branch creation respects fetch-specs of remotes (#522) * ci: ubuntu-24.04 is now used to build release binaries * chore: gix is updated to 0.70 - Update to 2.5.0 2025-01-01 * feat: new "name" subcommand * feat: support calling stg rebase without arguments * docs: explain stgit.autosign a bit better * feat: organize subcommands by group in help - Update to 2.4.13 * fix(squash): preserve consensus author * chore: update gix to 0.68
Patchnames: openSUSE-Leap-16.0-packagehub-380
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Product Identifier Version Remediation
Unresolved product id: openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.aarch64
Vendor Fix
Unresolved product id: openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.x86_64
Vendor Fix
Unresolved product id: openSUSE Leap 16.0:stgit-bash-completion-2.6.0-bp160.1.1.noarch
Vendor Fix
Unresolved product id: openSUSE Leap 16.0:stgit-emacs-2.6.0-bp160.1.1.noarch
Vendor Fix
Unresolved product id: openSUSE Leap 16.0:stgit-fish-completion-2.6.0-bp160.1.1.noarch
Vendor Fix
Unresolved product id: openSUSE Leap 16.0:stgit-vim-plugin-2.6.0-bp160.1.1.noarch
Vendor Fix
Unresolved product id: openSUSE Leap 16.0:stgit-zsh-completion-2.6.0-bp160.1.1.noarch
Vendor Fix
Threats
Impact important

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for stgit",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for stgit fixes the following issues:\n\nChanges in stgit:\n\n- Update to version 2.6.0:\n  * chore: update changelog for 2.6.0\n  * fix(import): respect --name verbatim, ignoring stgit.namelength\n  * test(refresh): use test_when_finished for status.renames cleanup\n  * expect over unwrap for test\n  * bugfix: issue #615, add Copied variant to Status enum and move panic to a copied status, add integration test\n  * docs: Update copyright year\n  * chore: update gix to 0.83 (CVE-2026-40034, bsc#1266429)\n  * chore: update compatible transitive dependencies\n  * chore: update winnow to 1.0.3\n  * chore: update jiff to 0.2.24\n  * ci: drop dead CARGO_TARGET_*_STRIP env vars from package build\n  * ci: soft-pin cargo-deb to ^3.0\n  * ci: bump cargo-generate-rpm pin to ^0.20.0\n  * ci: bump GitHub Actions to Node 24 runtimes\n  * chore: update winnow to 1.0.1\n  * chore: update clap to 4.6.1\n  * chore: update gix to 0.81\n  * chore: bump MSRV to 1.85\n  * chore: update transitive deps\n  * chore: update winnow to 0.7.15\n  * chore: update thiserror to 2.0.18\n  * chore: update tempfile to 3.27.0\n  * chore: update tar to 0.4.45\n  * chore: update serde_json to 1.0.149\n  * chore: update jiff to 0.2.23\n  * chore: update indexmap to 2.14.0\n  * chore: update flate2 to 1.1.9\n  * chore: update ctrlc to 3.5.2\n  * chore: update clap to 4.5.61\n  * chore: update anyhow to 1.0.102\n  * chore: update anstyle to 1.0.14\n\n- Update to version 2.5.5:\n  * fix(squash): keep author when squashed commits have same author\n\n- Update to version 2.5.4:\n  * chore: update changelog for 2.5.4\n  * chore: update transitive dependencies\n  * chore: update clap to 4.5.43\n  * refactor: clippy fixes\n  * fix: gix 0.73 breaking changes\n  * chore: update gix to 0.73\n  * chore: update transitive dependencies\n  * chore: update serde_json to 1.0.142\n  * chore: update winnow to 0.7.12\n  * chore: update clap to 4.5.42\n  * refactor: clippy lints\n  * stgit.el: Use `with-eval-after-load\u0027 instead of a homemade version\n  * stgit.el: Use `advice-add\u0027 instead of `defadvice\u0027\n  * stgit.el: Fix various checkdoc warnings\n  * stgit.el: Support Emacs versions \u003c 31\n  * feat(bash): complete patches from chosen branch\n  * chore: update dependencies\n  * refactor: repair clippy lints\n  * chore: update clap to 4.5.40\n  * chore: update anstyle to 1.0.11\n  * chore: update winnow to 0.7.11\n  * chore: update anyhow to 1.0.98\n  * chore: update jiff to 0.2.15\n  * chore: update tempfile to 3.20.0\n  * chore: update curl to 0.4.48\n  * chore: update flate2 to 1.1.2\n  * chore: update ctrlc to 3.4.7\n  * chore(deps): bump winnow from 0.7.6 to 0.7.10\n  * chore(deps): bump clap from 4.5.36 to 4.5.39\n  * docs: Update copyright year\n  * chore: update transitive dependencies\n  * chore: update tempfile to 3.19.1\n  * chore: update jiff to 0.2.6\n  * chore: update winnow to 0.7.6\n  * chore: update gix to 0.71\n  * chore: update indexmap to 2.9.0\n  * chore: update is-terminal to 0.4.16\n  * chore: update ctrlc to 3.4.6\n  * chore: update bstr to 1.12.0\n  * chore: update clap to 4.5.36\n  * chore: update flate2 to 1.1.1\n  * chore: update serde to 1.0.219\n  * chore: update serde_json to 1.0.140\n  * chore: update thiserror to 2.0.12\n  * chore: update anyhow to 1.0.97\n  * refactor: repair clippy lint\n  * stgit.el: Move \u0027stgit-patch-status-face-alist\u0027 before first use\n  * stgit.el: Silence warnings of missing vc variables\n  * stgit.el: Replace ad-hoc `make-local-variable\u0027 with `defvar-local\u0027\n  * stgit.el: Use defvar-local instead of make-local-variable\n  * stgit.el: Enable lexical-binding\n  * stgit.el: Allow empty descriptions\n  * stgit.el: Add \"--no-color\" flag to \u0027git log\u0027 and \u0027git show\u0027\n  * stgit.el: Pass patch into `stgit-process-files\u0027\n  * chore: update changelog for 2.5.3\n  * chore: update dependencies\n  * refactor(stgit.el): use space-based indentation consistently\n  * refactor: repair clippy lint\n  * chore(deps): bump tempfile from 3.16.0 to 3.17.0\n  * chore(deps): bump jiff from 0.2.0 to 0.2.1\n  * build: statically linked packages for riscv64\n  * chore: update changelog for 2.5.2\n  * chore: update jiff to 0.2.0\n  * chore: update winnow to 0.7.2\n  * fix: partial_ref_name\n  * chore: resolve winnow deprecations\n  * chore: update dependencies\n  * ci: disable test for windows build\n  * chore(deps): bump jiff from 0.1.24 to 0.1.29\n  * chore(deps): bump serde_json from 1.0.135 to 1.0.138\n  * chore(deps): bump is-terminal from 0.4.13 to 0.4.15\n  * chore(deps): bump indexmap from 2.7.0 to 2.7.1\n  * chore(deps): bump clap from 4.5.26 to 4.5.28\n  * stgit.el: Fix various compile warnings\n  * stgit.el: Replace depercated cl function calls with new style\n  * stgit.el: Fix some checkdoc warnings\n  * stgit.el: Fix emacs pre-pending \"Summary: \" to log-edit buffers\n  * chore: update changelog for 2.5.1\n  * chore: update release checklist\n  * ci: use ubuntu-24.04 image\n  * fix: assure branch creation respects fetch-specs of remotes. (#522)\n  * chore: update to latest `gix` for improved API (#522)\n  * chore: update transitive deps\n  * chore: update anstyle-wincon to 3.0.7\n  * chore: update bitflags to 2.8.0\n  * chore: update jiff to 0.1.24\n  * chore: update transitive deps\n  * chore: update syn to 2.0.96\n  * chore: update bitflags to 2.7.0\n  * chore: update clap to 4.5.26\n  * chore: update serde_json to 1.0.135\n  * chore: update thiserror to 2.0.11\n  * chore: update winnow to 0.6.24\n  * refactor: repair clippy lints for is_some_and\n  * test: repair regression with git v2.48\n  * chore(deps): bump jiff from 0.1.18 to 0.1.21\n  * chore(deps): bump bstr from 1.11.1 to 1.11.3\n  * chore(deps): bump tempfile from 3.14.0 to 3.15.0\n  * chore: update changelog for 2.5.0\n  * chore: update transitive deps\n  * chore: update windows-sys to 0.59.0\n  * chore: update serde to 1.0.217\n  * chore: update winnow to 0.6.21\n  * chore: update jiff to 0.1.18\n  * docs: explain stgit.autosign a bit better\n  * feat: new \"name\" subcommand\n  * feat: organize subcommands by group in help\n  * chore: fix warning\n  * feat: support calling stg rebase without arguments\n  * tests: add test for rebase without arguments\n  * chore: update dependencies\n  * chore: update serde_json to 1.0.134\n  * chore: update thiserror to 2.0.9\n  * chore: update anyhow to 1.0.95\n  * chore: update gix to 0.69\n  * chore: update changelog for 2.4.13\n  * chore: update transitive deps\n  * chore: update jiff to 0.1.15\n  * chore: update gix to 0.68\n  * chore: update flate2 to 1.0.35\n  * chore: update serde to 1.0.216\n  * chore: update thiserror to 2.0.7\n  * chore: update indexmap to 2.7.0\n  * chore: update clap to 4.5.23\n  * chore: update bstr to 1.11.1\n  * chore: update anyhow to 1.0.94\n  * refactor: repair clippy lints\n  * chore: update thiserror to 2.0.3\n  * chore: update allocator-api2 to 0.2.19\n  * chore: update url to 2.5.3\n  * chore: update cc to 1.1.37\n  * chore: update anstream to 0.6.18\n  * chore: update fastrand to 2.2.0\n  * chore: update libc to 0.2.162\n  * chore: update curl-sys to 0.4.78+curl-8.11.0\n  * chore: update tempfile to 3.14.0\n  * chore: update anyhow to 1.0.93\n  * chore: update gix to 0.67.0\n  * chore: update autocfg to 1.4.0\n  * chore: update unicode-bidi to 0.3.17\n  * chore: update unicode-ident to 1.0.13\n  * chore: update redox_syscall to 0.5.7\n  * chore: update colorchoice to 1.0.3\n  * chore: update anstyle-query to 1.1.2\n  * chore: update anstyle-parse to 0.2.6\n  * chore: update proc-macro2 to 1.0.89\n  * chore: update unicode-normalization to 0.1.24\n  * chore: update gix-quote to 0.4.13\n  * chore: update gix-bitmap to 0.2.12\n  * chore: update gix-config-value to 0.14.9\n  * chore: update memmap2 to 0.9.5\n  * chore: update gix-chunk to 0.4.9\n  * chore: update pkg-config to 0.3.31\n  * chore: update cc to 1.1.34\n  * chore: update anstream to 0.6.17\n  * chore: update rustix to 0.38.38\n  * chore: update once_cell to 1.20.2\n  * chore: update gix-validate to 0.9.1\n  * chore: update gix-utils to 0.1.13\n  * chore: update gix-sec to 0.10.9\n  * chore: update gix-date to 0.9.1\n  * chore: update gix-command to 0.3.10\n  * chore: update schannel to 0.1.26\n  * chore: update openssl-sys to 0.9.104\n  * chore: update libc to 0.2.161\n  * chore: update regex-automata to 0.4.8\n  * chore: update winnow to 0.6.20\n  * chore: update thiserror to 1.0.67\n  * chore: update tempfile to 3.13.0\n  * chore: update tar to 0.4.43\n  * chore: update serde_json to 1.0.132\n  * chore: update serde to 1.0.214\n  * chore: update jiff to 0.1.14\n  * chore: update indexmap to 2.6.0\n  * chore: update flate2 to 1.0.34\n  * chore: update encoding_rs to 0.8.35\n  * chore: update curl to 0.4.47\n  * chore: update clap to 4.5.20\n  * chore: update anyhow to 1.0.92\n  * chore: update anstyle to 1.0.10\n\n- Update to 2.5.4\n  * stgit.el: Use with-eval-after-load instead of a homemade version\n  * stgit.el: Use advice-add instead of defadvice\n  * stgit.el: Fix various checkdoc warnings\n  * stgit.el: Support Emacs versions \u003c 31\n  * stgit.el: Move \u0027stgit-patch-status-face-alist\u0027 before first use\n  * stgit.el: Silence warnings of missing vc variables\n  * stgit.el: Replace ad-hoc make-local-variable with defvar-local\n  * stgit.el: Use defvar-local instead of make-local-variable\n  * stgit.el: Enable lexical-binding\n  * stgit.el: Allow empty descriptions\n  * stgit.el: Add \"--no-color\" flag to \u0027git log\u0027 and \u0027git show\u0027\n  * stgit.el: Pass patch into stgit-process-files\n  * chore: update gix to 0.73\n  * docs: Update copyright year\n  * feat(bash): complete patches from chosen branch\n\n- Update to 2.5.3\n  * build: statically linked packages for riscv64\n  * chore: update dependencies\n  * refactor(stgit.el): use space-based indentation consistently\n\n- Update to 2.5.2 2025-02-16\n  * fix(stgit.el): various compile warnings\n  * fix(stgit.el): Replace depercated cl function calls with new style\n  * fix(stgit.el): checkdoc warnings\n  * fix(stgit.el): emacs pre-pending \"Summary: \" to log-edit buffers\n  * chore: update jiff to 0.2.0\n  * chore: update winnow to 0.7.2\n  * chore: resolve winnow deprecations\n  * chore: update dependencies\n\n- Update to 2.5.1 2025-01-18\n  * fix: assure branch creation respects fetch-specs of remotes (#522)\n  * ci: ubuntu-24.04 is now used to build release binaries\n  * chore: gix is updated to 0.70\n\n- Update to 2.5.0 2025-01-01\n  * feat: new \"name\" subcommand\n  * feat: support calling stg rebase without arguments\n  * docs: explain stgit.autosign a bit better\n  * feat: organize subcommands by group in help\n\n- Update to 2.4.13\n  * fix(squash): preserve consensus author\n  * chore: update gix to 0.68\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Leap-16.0-packagehub-380",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_21185-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1266429",
        "url": "https://bugzilla.suse.com/1266429"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-40034 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-40034/"
      }
    ],
    "title": "Security update for stgit",
    "tracking": {
      "current_release_date": "2026-06-30T15:11:42Z",
      "generator": {
        "date": "2026-06-30T15:11:42Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:21185-1",
      "initial_release_date": "2026-06-30T15:11:42Z",
      "revision_history": [
        {
          "date": "2026-06-30T15:11:42Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "stgit-2.6.0-bp160.1.1.aarch64",
                "product": {
                  "name": "stgit-2.6.0-bp160.1.1.aarch64",
                  "product_id": "stgit-2.6.0-bp160.1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "stgit-bash-completion-2.6.0-bp160.1.1.noarch",
                "product": {
                  "name": "stgit-bash-completion-2.6.0-bp160.1.1.noarch",
                  "product_id": "stgit-bash-completion-2.6.0-bp160.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "stgit-emacs-2.6.0-bp160.1.1.noarch",
                "product": {
                  "name": "stgit-emacs-2.6.0-bp160.1.1.noarch",
                  "product_id": "stgit-emacs-2.6.0-bp160.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "stgit-fish-completion-2.6.0-bp160.1.1.noarch",
                "product": {
                  "name": "stgit-fish-completion-2.6.0-bp160.1.1.noarch",
                  "product_id": "stgit-fish-completion-2.6.0-bp160.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
                "product": {
                  "name": "stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
                  "product_id": "stgit-vim-plugin-2.6.0-bp160.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "stgit-zsh-completion-2.6.0-bp160.1.1.noarch",
                "product": {
                  "name": "stgit-zsh-completion-2.6.0-bp160.1.1.noarch",
                  "product_id": "stgit-zsh-completion-2.6.0-bp160.1.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "stgit-2.6.0-bp160.1.1.x86_64",
                "product": {
                  "name": "stgit-2.6.0-bp160.1.1.x86_64",
                  "product_id": "stgit-2.6.0-bp160.1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 16.0",
                "product": {
                  "name": "openSUSE Leap 16.0",
                  "product_id": "openSUSE Leap 16.0"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stgit-2.6.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.aarch64"
        },
        "product_reference": "stgit-2.6.0-bp160.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stgit-2.6.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.x86_64"
        },
        "product_reference": "stgit-2.6.0-bp160.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stgit-bash-completion-2.6.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:stgit-bash-completion-2.6.0-bp160.1.1.noarch"
        },
        "product_reference": "stgit-bash-completion-2.6.0-bp160.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stgit-emacs-2.6.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:stgit-emacs-2.6.0-bp160.1.1.noarch"
        },
        "product_reference": "stgit-emacs-2.6.0-bp160.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stgit-fish-completion-2.6.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:stgit-fish-completion-2.6.0-bp160.1.1.noarch"
        },
        "product_reference": "stgit-fish-completion-2.6.0-bp160.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stgit-vim-plugin-2.6.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:stgit-vim-plugin-2.6.0-bp160.1.1.noarch"
        },
        "product_reference": "stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stgit-zsh-completion-2.6.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:stgit-zsh-completion-2.6.0-bp160.1.1.noarch"
        },
        "product_reference": "stgit-zsh-completion-2.6.0-bp160.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-40034",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-40034"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "gix-submodule before 0.29.0 (gitoxide before 0.5.21, gix before 0.84.0) incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An attacker can inject arbitrary shell commands via the update field in .gitmodules that will be executed when Submodule::update() is called on a previously-initialized submodule, enabling remote code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:stgit-bash-completion-2.6.0-bp160.1.1.noarch",
          "openSUSE Leap 16.0:stgit-emacs-2.6.0-bp160.1.1.noarch",
          "openSUSE Leap 16.0:stgit-fish-completion-2.6.0-bp160.1.1.noarch",
          "openSUSE Leap 16.0:stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
          "openSUSE Leap 16.0:stgit-zsh-completion-2.6.0-bp160.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-40034",
          "url": "https://www.suse.com/security/cve/CVE-2026-40034"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1266415 for CVE-2026-40034",
          "url": "https://bugzilla.suse.com/1266415"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:stgit-bash-completion-2.6.0-bp160.1.1.noarch",
            "openSUSE Leap 16.0:stgit-emacs-2.6.0-bp160.1.1.noarch",
            "openSUSE Leap 16.0:stgit-fish-completion-2.6.0-bp160.1.1.noarch",
            "openSUSE Leap 16.0:stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
            "openSUSE Leap 16.0:stgit-zsh-completion-2.6.0-bp160.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:stgit-bash-completion-2.6.0-bp160.1.1.noarch",
            "openSUSE Leap 16.0:stgit-emacs-2.6.0-bp160.1.1.noarch",
            "openSUSE Leap 16.0:stgit-fish-completion-2.6.0-bp160.1.1.noarch",
            "openSUSE Leap 16.0:stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
            "openSUSE Leap 16.0:stgit-zsh-completion-2.6.0-bp160.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-30T15:11:42Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-40034"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…