OPENSUSE-SU-2026:21185-1
Vulnerability from csaf_opensuse - Published: 2026-06-30 15:11 - Updated: 2026-06-30 15:11Summary
Security update for stgit
Severity
Important
Notes
Title of the patch: Security update for stgit
Description of the patch: This update for stgit fixes the following issues:
Changes in stgit:
- Update to version 2.6.0:
* chore: update changelog for 2.6.0
* fix(import): respect --name verbatim, ignoring stgit.namelength
* test(refresh): use test_when_finished for status.renames cleanup
* expect over unwrap for test
* bugfix: issue #615, add Copied variant to Status enum and move panic to a copied status, add integration test
* docs: Update copyright year
* chore: update gix to 0.83 (CVE-2026-40034, bsc#1266429)
* chore: update compatible transitive dependencies
* chore: update winnow to 1.0.3
* chore: update jiff to 0.2.24
* ci: drop dead CARGO_TARGET_*_STRIP env vars from package build
* ci: soft-pin cargo-deb to ^3.0
* ci: bump cargo-generate-rpm pin to ^0.20.0
* ci: bump GitHub Actions to Node 24 runtimes
* chore: update winnow to 1.0.1
* chore: update clap to 4.6.1
* chore: update gix to 0.81
* chore: bump MSRV to 1.85
* chore: update transitive deps
* chore: update winnow to 0.7.15
* chore: update thiserror to 2.0.18
* chore: update tempfile to 3.27.0
* chore: update tar to 0.4.45
* chore: update serde_json to 1.0.149
* chore: update jiff to 0.2.23
* chore: update indexmap to 2.14.0
* chore: update flate2 to 1.1.9
* chore: update ctrlc to 3.5.2
* chore: update clap to 4.5.61
* chore: update anyhow to 1.0.102
* chore: update anstyle to 1.0.14
- Update to version 2.5.5:
* fix(squash): keep author when squashed commits have same author
- Update to version 2.5.4:
* chore: update changelog for 2.5.4
* chore: update transitive dependencies
* chore: update clap to 4.5.43
* refactor: clippy fixes
* fix: gix 0.73 breaking changes
* chore: update gix to 0.73
* chore: update transitive dependencies
* chore: update serde_json to 1.0.142
* chore: update winnow to 0.7.12
* chore: update clap to 4.5.42
* refactor: clippy lints
* stgit.el: Use `with-eval-after-load' instead of a homemade version
* stgit.el: Use `advice-add' instead of `defadvice'
* stgit.el: Fix various checkdoc warnings
* stgit.el: Support Emacs versions < 31
* feat(bash): complete patches from chosen branch
* chore: update dependencies
* refactor: repair clippy lints
* chore: update clap to 4.5.40
* chore: update anstyle to 1.0.11
* chore: update winnow to 0.7.11
* chore: update anyhow to 1.0.98
* chore: update jiff to 0.2.15
* chore: update tempfile to 3.20.0
* chore: update curl to 0.4.48
* chore: update flate2 to 1.1.2
* chore: update ctrlc to 3.4.7
* chore(deps): bump winnow from 0.7.6 to 0.7.10
* chore(deps): bump clap from 4.5.36 to 4.5.39
* docs: Update copyright year
* chore: update transitive dependencies
* chore: update tempfile to 3.19.1
* chore: update jiff to 0.2.6
* chore: update winnow to 0.7.6
* chore: update gix to 0.71
* chore: update indexmap to 2.9.0
* chore: update is-terminal to 0.4.16
* chore: update ctrlc to 3.4.6
* chore: update bstr to 1.12.0
* chore: update clap to 4.5.36
* chore: update flate2 to 1.1.1
* chore: update serde to 1.0.219
* chore: update serde_json to 1.0.140
* chore: update thiserror to 2.0.12
* chore: update anyhow to 1.0.97
* refactor: repair clippy lint
* stgit.el: Move 'stgit-patch-status-face-alist' before first use
* stgit.el: Silence warnings of missing vc variables
* stgit.el: Replace ad-hoc `make-local-variable' with `defvar-local'
* stgit.el: Use defvar-local instead of make-local-variable
* stgit.el: Enable lexical-binding
* stgit.el: Allow empty descriptions
* stgit.el: Add "--no-color" flag to 'git log' and 'git show'
* stgit.el: Pass patch into `stgit-process-files'
* chore: update changelog for 2.5.3
* chore: update dependencies
* refactor(stgit.el): use space-based indentation consistently
* refactor: repair clippy lint
* chore(deps): bump tempfile from 3.16.0 to 3.17.0
* chore(deps): bump jiff from 0.2.0 to 0.2.1
* build: statically linked packages for riscv64
* chore: update changelog for 2.5.2
* chore: update jiff to 0.2.0
* chore: update winnow to 0.7.2
* fix: partial_ref_name
* chore: resolve winnow deprecations
* chore: update dependencies
* ci: disable test for windows build
* chore(deps): bump jiff from 0.1.24 to 0.1.29
* chore(deps): bump serde_json from 1.0.135 to 1.0.138
* chore(deps): bump is-terminal from 0.4.13 to 0.4.15
* chore(deps): bump indexmap from 2.7.0 to 2.7.1
* chore(deps): bump clap from 4.5.26 to 4.5.28
* stgit.el: Fix various compile warnings
* stgit.el: Replace depercated cl function calls with new style
* stgit.el: Fix some checkdoc warnings
* stgit.el: Fix emacs pre-pending "Summary: " to log-edit buffers
* chore: update changelog for 2.5.1
* chore: update release checklist
* ci: use ubuntu-24.04 image
* fix: assure branch creation respects fetch-specs of remotes. (#522)
* chore: update to latest `gix` for improved API (#522)
* chore: update transitive deps
* chore: update anstyle-wincon to 3.0.7
* chore: update bitflags to 2.8.0
* chore: update jiff to 0.1.24
* chore: update transitive deps
* chore: update syn to 2.0.96
* chore: update bitflags to 2.7.0
* chore: update clap to 4.5.26
* chore: update serde_json to 1.0.135
* chore: update thiserror to 2.0.11
* chore: update winnow to 0.6.24
* refactor: repair clippy lints for is_some_and
* test: repair regression with git v2.48
* chore(deps): bump jiff from 0.1.18 to 0.1.21
* chore(deps): bump bstr from 1.11.1 to 1.11.3
* chore(deps): bump tempfile from 3.14.0 to 3.15.0
* chore: update changelog for 2.5.0
* chore: update transitive deps
* chore: update windows-sys to 0.59.0
* chore: update serde to 1.0.217
* chore: update winnow to 0.6.21
* chore: update jiff to 0.1.18
* docs: explain stgit.autosign a bit better
* feat: new "name" subcommand
* feat: organize subcommands by group in help
* chore: fix warning
* feat: support calling stg rebase without arguments
* tests: add test for rebase without arguments
* chore: update dependencies
* chore: update serde_json to 1.0.134
* chore: update thiserror to 2.0.9
* chore: update anyhow to 1.0.95
* chore: update gix to 0.69
* chore: update changelog for 2.4.13
* chore: update transitive deps
* chore: update jiff to 0.1.15
* chore: update gix to 0.68
* chore: update flate2 to 1.0.35
* chore: update serde to 1.0.216
* chore: update thiserror to 2.0.7
* chore: update indexmap to 2.7.0
* chore: update clap to 4.5.23
* chore: update bstr to 1.11.1
* chore: update anyhow to 1.0.94
* refactor: repair clippy lints
* chore: update thiserror to 2.0.3
* chore: update allocator-api2 to 0.2.19
* chore: update url to 2.5.3
* chore: update cc to 1.1.37
* chore: update anstream to 0.6.18
* chore: update fastrand to 2.2.0
* chore: update libc to 0.2.162
* chore: update curl-sys to 0.4.78+curl-8.11.0
* chore: update tempfile to 3.14.0
* chore: update anyhow to 1.0.93
* chore: update gix to 0.67.0
* chore: update autocfg to 1.4.0
* chore: update unicode-bidi to 0.3.17
* chore: update unicode-ident to 1.0.13
* chore: update redox_syscall to 0.5.7
* chore: update colorchoice to 1.0.3
* chore: update anstyle-query to 1.1.2
* chore: update anstyle-parse to 0.2.6
* chore: update proc-macro2 to 1.0.89
* chore: update unicode-normalization to 0.1.24
* chore: update gix-quote to 0.4.13
* chore: update gix-bitmap to 0.2.12
* chore: update gix-config-value to 0.14.9
* chore: update memmap2 to 0.9.5
* chore: update gix-chunk to 0.4.9
* chore: update pkg-config to 0.3.31
* chore: update cc to 1.1.34
* chore: update anstream to 0.6.17
* chore: update rustix to 0.38.38
* chore: update once_cell to 1.20.2
* chore: update gix-validate to 0.9.1
* chore: update gix-utils to 0.1.13
* chore: update gix-sec to 0.10.9
* chore: update gix-date to 0.9.1
* chore: update gix-command to 0.3.10
* chore: update schannel to 0.1.26
* chore: update openssl-sys to 0.9.104
* chore: update libc to 0.2.161
* chore: update regex-automata to 0.4.8
* chore: update winnow to 0.6.20
* chore: update thiserror to 1.0.67
* chore: update tempfile to 3.13.0
* chore: update tar to 0.4.43
* chore: update serde_json to 1.0.132
* chore: update serde to 1.0.214
* chore: update jiff to 0.1.14
* chore: update indexmap to 2.6.0
* chore: update flate2 to 1.0.34
* chore: update encoding_rs to 0.8.35
* chore: update curl to 0.4.47
* chore: update clap to 4.5.20
* chore: update anyhow to 1.0.92
* chore: update anstyle to 1.0.10
- Update to 2.5.4
* stgit.el: Use with-eval-after-load instead of a homemade version
* stgit.el: Use advice-add instead of defadvice
* stgit.el: Fix various checkdoc warnings
* stgit.el: Support Emacs versions < 31
* stgit.el: Move 'stgit-patch-status-face-alist' before first use
* stgit.el: Silence warnings of missing vc variables
* stgit.el: Replace ad-hoc make-local-variable with defvar-local
* stgit.el: Use defvar-local instead of make-local-variable
* stgit.el: Enable lexical-binding
* stgit.el: Allow empty descriptions
* stgit.el: Add "--no-color" flag to 'git log' and 'git show'
* stgit.el: Pass patch into stgit-process-files
* chore: update gix to 0.73
* docs: Update copyright year
* feat(bash): complete patches from chosen branch
- Update to 2.5.3
* build: statically linked packages for riscv64
* chore: update dependencies
* refactor(stgit.el): use space-based indentation consistently
- Update to 2.5.2 2025-02-16
* fix(stgit.el): various compile warnings
* fix(stgit.el): Replace depercated cl function calls with new style
* fix(stgit.el): checkdoc warnings
* fix(stgit.el): emacs pre-pending "Summary: " to log-edit buffers
* chore: update jiff to 0.2.0
* chore: update winnow to 0.7.2
* chore: resolve winnow deprecations
* chore: update dependencies
- Update to 2.5.1 2025-01-18
* fix: assure branch creation respects fetch-specs of remotes (#522)
* ci: ubuntu-24.04 is now used to build release binaries
* chore: gix is updated to 0.70
- Update to 2.5.0 2025-01-01
* feat: new "name" subcommand
* feat: support calling stg rebase without arguments
* docs: explain stgit.autosign a bit better
* feat: organize subcommands by group in help
- Update to 2.4.13
* fix(squash): preserve consensus author
* chore: update gix to 0.68
Patchnames: openSUSE-Leap-16.0-packagehub-380
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:stgit-bash-completion-2.6.0-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:stgit-emacs-2.6.0-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:stgit-fish-completion-2.6.0-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:stgit-vim-plugin-2.6.0-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:stgit-zsh-completion-2.6.0-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for stgit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for stgit fixes the following issues:\n\nChanges in stgit:\n\n- Update to version 2.6.0:\n * chore: update changelog for 2.6.0\n * fix(import): respect --name verbatim, ignoring stgit.namelength\n * test(refresh): use test_when_finished for status.renames cleanup\n * expect over unwrap for test\n * bugfix: issue #615, add Copied variant to Status enum and move panic to a copied status, add integration test\n * docs: Update copyright year\n * chore: update gix to 0.83 (CVE-2026-40034, bsc#1266429)\n * chore: update compatible transitive dependencies\n * chore: update winnow to 1.0.3\n * chore: update jiff to 0.2.24\n * ci: drop dead CARGO_TARGET_*_STRIP env vars from package build\n * ci: soft-pin cargo-deb to ^3.0\n * ci: bump cargo-generate-rpm pin to ^0.20.0\n * ci: bump GitHub Actions to Node 24 runtimes\n * chore: update winnow to 1.0.1\n * chore: update clap to 4.6.1\n * chore: update gix to 0.81\n * chore: bump MSRV to 1.85\n * chore: update transitive deps\n * chore: update winnow to 0.7.15\n * chore: update thiserror to 2.0.18\n * chore: update tempfile to 3.27.0\n * chore: update tar to 0.4.45\n * chore: update serde_json to 1.0.149\n * chore: update jiff to 0.2.23\n * chore: update indexmap to 2.14.0\n * chore: update flate2 to 1.1.9\n * chore: update ctrlc to 3.5.2\n * chore: update clap to 4.5.61\n * chore: update anyhow to 1.0.102\n * chore: update anstyle to 1.0.14\n\n- Update to version 2.5.5:\n * fix(squash): keep author when squashed commits have same author\n\n- Update to version 2.5.4:\n * chore: update changelog for 2.5.4\n * chore: update transitive dependencies\n * chore: update clap to 4.5.43\n * refactor: clippy fixes\n * fix: gix 0.73 breaking changes\n * chore: update gix to 0.73\n * chore: update transitive dependencies\n * chore: update serde_json to 1.0.142\n * chore: update winnow to 0.7.12\n * chore: update clap to 4.5.42\n * refactor: clippy lints\n * stgit.el: Use `with-eval-after-load\u0027 instead of a homemade version\n * stgit.el: Use `advice-add\u0027 instead of `defadvice\u0027\n * stgit.el: Fix various checkdoc warnings\n * stgit.el: Support Emacs versions \u003c 31\n * feat(bash): complete patches from chosen branch\n * chore: update dependencies\n * refactor: repair clippy lints\n * chore: update clap to 4.5.40\n * chore: update anstyle to 1.0.11\n * chore: update winnow to 0.7.11\n * chore: update anyhow to 1.0.98\n * chore: update jiff to 0.2.15\n * chore: update tempfile to 3.20.0\n * chore: update curl to 0.4.48\n * chore: update flate2 to 1.1.2\n * chore: update ctrlc to 3.4.7\n * chore(deps): bump winnow from 0.7.6 to 0.7.10\n * chore(deps): bump clap from 4.5.36 to 4.5.39\n * docs: Update copyright year\n * chore: update transitive dependencies\n * chore: update tempfile to 3.19.1\n * chore: update jiff to 0.2.6\n * chore: update winnow to 0.7.6\n * chore: update gix to 0.71\n * chore: update indexmap to 2.9.0\n * chore: update is-terminal to 0.4.16\n * chore: update ctrlc to 3.4.6\n * chore: update bstr to 1.12.0\n * chore: update clap to 4.5.36\n * chore: update flate2 to 1.1.1\n * chore: update serde to 1.0.219\n * chore: update serde_json to 1.0.140\n * chore: update thiserror to 2.0.12\n * chore: update anyhow to 1.0.97\n * refactor: repair clippy lint\n * stgit.el: Move \u0027stgit-patch-status-face-alist\u0027 before first use\n * stgit.el: Silence warnings of missing vc variables\n * stgit.el: Replace ad-hoc `make-local-variable\u0027 with `defvar-local\u0027\n * stgit.el: Use defvar-local instead of make-local-variable\n * stgit.el: Enable lexical-binding\n * stgit.el: Allow empty descriptions\n * stgit.el: Add \"--no-color\" flag to \u0027git log\u0027 and \u0027git show\u0027\n * stgit.el: Pass patch into `stgit-process-files\u0027\n * chore: update changelog for 2.5.3\n * chore: update dependencies\n * refactor(stgit.el): use space-based indentation consistently\n * refactor: repair clippy lint\n * chore(deps): bump tempfile from 3.16.0 to 3.17.0\n * chore(deps): bump jiff from 0.2.0 to 0.2.1\n * build: statically linked packages for riscv64\n * chore: update changelog for 2.5.2\n * chore: update jiff to 0.2.0\n * chore: update winnow to 0.7.2\n * fix: partial_ref_name\n * chore: resolve winnow deprecations\n * chore: update dependencies\n * ci: disable test for windows build\n * chore(deps): bump jiff from 0.1.24 to 0.1.29\n * chore(deps): bump serde_json from 1.0.135 to 1.0.138\n * chore(deps): bump is-terminal from 0.4.13 to 0.4.15\n * chore(deps): bump indexmap from 2.7.0 to 2.7.1\n * chore(deps): bump clap from 4.5.26 to 4.5.28\n * stgit.el: Fix various compile warnings\n * stgit.el: Replace depercated cl function calls with new style\n * stgit.el: Fix some checkdoc warnings\n * stgit.el: Fix emacs pre-pending \"Summary: \" to log-edit buffers\n * chore: update changelog for 2.5.1\n * chore: update release checklist\n * ci: use ubuntu-24.04 image\n * fix: assure branch creation respects fetch-specs of remotes. (#522)\n * chore: update to latest `gix` for improved API (#522)\n * chore: update transitive deps\n * chore: update anstyle-wincon to 3.0.7\n * chore: update bitflags to 2.8.0\n * chore: update jiff to 0.1.24\n * chore: update transitive deps\n * chore: update syn to 2.0.96\n * chore: update bitflags to 2.7.0\n * chore: update clap to 4.5.26\n * chore: update serde_json to 1.0.135\n * chore: update thiserror to 2.0.11\n * chore: update winnow to 0.6.24\n * refactor: repair clippy lints for is_some_and\n * test: repair regression with git v2.48\n * chore(deps): bump jiff from 0.1.18 to 0.1.21\n * chore(deps): bump bstr from 1.11.1 to 1.11.3\n * chore(deps): bump tempfile from 3.14.0 to 3.15.0\n * chore: update changelog for 2.5.0\n * chore: update transitive deps\n * chore: update windows-sys to 0.59.0\n * chore: update serde to 1.0.217\n * chore: update winnow to 0.6.21\n * chore: update jiff to 0.1.18\n * docs: explain stgit.autosign a bit better\n * feat: new \"name\" subcommand\n * feat: organize subcommands by group in help\n * chore: fix warning\n * feat: support calling stg rebase without arguments\n * tests: add test for rebase without arguments\n * chore: update dependencies\n * chore: update serde_json to 1.0.134\n * chore: update thiserror to 2.0.9\n * chore: update anyhow to 1.0.95\n * chore: update gix to 0.69\n * chore: update changelog for 2.4.13\n * chore: update transitive deps\n * chore: update jiff to 0.1.15\n * chore: update gix to 0.68\n * chore: update flate2 to 1.0.35\n * chore: update serde to 1.0.216\n * chore: update thiserror to 2.0.7\n * chore: update indexmap to 2.7.0\n * chore: update clap to 4.5.23\n * chore: update bstr to 1.11.1\n * chore: update anyhow to 1.0.94\n * refactor: repair clippy lints\n * chore: update thiserror to 2.0.3\n * chore: update allocator-api2 to 0.2.19\n * chore: update url to 2.5.3\n * chore: update cc to 1.1.37\n * chore: update anstream to 0.6.18\n * chore: update fastrand to 2.2.0\n * chore: update libc to 0.2.162\n * chore: update curl-sys to 0.4.78+curl-8.11.0\n * chore: update tempfile to 3.14.0\n * chore: update anyhow to 1.0.93\n * chore: update gix to 0.67.0\n * chore: update autocfg to 1.4.0\n * chore: update unicode-bidi to 0.3.17\n * chore: update unicode-ident to 1.0.13\n * chore: update redox_syscall to 0.5.7\n * chore: update colorchoice to 1.0.3\n * chore: update anstyle-query to 1.1.2\n * chore: update anstyle-parse to 0.2.6\n * chore: update proc-macro2 to 1.0.89\n * chore: update unicode-normalization to 0.1.24\n * chore: update gix-quote to 0.4.13\n * chore: update gix-bitmap to 0.2.12\n * chore: update gix-config-value to 0.14.9\n * chore: update memmap2 to 0.9.5\n * chore: update gix-chunk to 0.4.9\n * chore: update pkg-config to 0.3.31\n * chore: update cc to 1.1.34\n * chore: update anstream to 0.6.17\n * chore: update rustix to 0.38.38\n * chore: update once_cell to 1.20.2\n * chore: update gix-validate to 0.9.1\n * chore: update gix-utils to 0.1.13\n * chore: update gix-sec to 0.10.9\n * chore: update gix-date to 0.9.1\n * chore: update gix-command to 0.3.10\n * chore: update schannel to 0.1.26\n * chore: update openssl-sys to 0.9.104\n * chore: update libc to 0.2.161\n * chore: update regex-automata to 0.4.8\n * chore: update winnow to 0.6.20\n * chore: update thiserror to 1.0.67\n * chore: update tempfile to 3.13.0\n * chore: update tar to 0.4.43\n * chore: update serde_json to 1.0.132\n * chore: update serde to 1.0.214\n * chore: update jiff to 0.1.14\n * chore: update indexmap to 2.6.0\n * chore: update flate2 to 1.0.34\n * chore: update encoding_rs to 0.8.35\n * chore: update curl to 0.4.47\n * chore: update clap to 4.5.20\n * chore: update anyhow to 1.0.92\n * chore: update anstyle to 1.0.10\n\n- Update to 2.5.4\n * stgit.el: Use with-eval-after-load instead of a homemade version\n * stgit.el: Use advice-add instead of defadvice\n * stgit.el: Fix various checkdoc warnings\n * stgit.el: Support Emacs versions \u003c 31\n * stgit.el: Move \u0027stgit-patch-status-face-alist\u0027 before first use\n * stgit.el: Silence warnings of missing vc variables\n * stgit.el: Replace ad-hoc make-local-variable with defvar-local\n * stgit.el: Use defvar-local instead of make-local-variable\n * stgit.el: Enable lexical-binding\n * stgit.el: Allow empty descriptions\n * stgit.el: Add \"--no-color\" flag to \u0027git log\u0027 and \u0027git show\u0027\n * stgit.el: Pass patch into stgit-process-files\n * chore: update gix to 0.73\n * docs: Update copyright year\n * feat(bash): complete patches from chosen branch\n\n- Update to 2.5.3\n * build: statically linked packages for riscv64\n * chore: update dependencies\n * refactor(stgit.el): use space-based indentation consistently\n\n- Update to 2.5.2 2025-02-16\n * fix(stgit.el): various compile warnings\n * fix(stgit.el): Replace depercated cl function calls with new style\n * fix(stgit.el): checkdoc warnings\n * fix(stgit.el): emacs pre-pending \"Summary: \" to log-edit buffers\n * chore: update jiff to 0.2.0\n * chore: update winnow to 0.7.2\n * chore: resolve winnow deprecations\n * chore: update dependencies\n\n- Update to 2.5.1 2025-01-18\n * fix: assure branch creation respects fetch-specs of remotes (#522)\n * ci: ubuntu-24.04 is now used to build release binaries\n * chore: gix is updated to 0.70\n\n- Update to 2.5.0 2025-01-01\n * feat: new \"name\" subcommand\n * feat: support calling stg rebase without arguments\n * docs: explain stgit.autosign a bit better\n * feat: organize subcommands by group in help\n\n- Update to 2.4.13\n * fix(squash): preserve consensus author\n * chore: update gix to 0.68\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-380",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_21185-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1266429",
"url": "https://bugzilla.suse.com/1266429"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40034 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40034/"
}
],
"title": "Security update for stgit",
"tracking": {
"current_release_date": "2026-06-30T15:11:42Z",
"generator": {
"date": "2026-06-30T15:11:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:21185-1",
"initial_release_date": "2026-06-30T15:11:42Z",
"revision_history": [
{
"date": "2026-06-30T15:11:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "stgit-2.6.0-bp160.1.1.aarch64",
"product": {
"name": "stgit-2.6.0-bp160.1.1.aarch64",
"product_id": "stgit-2.6.0-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "stgit-bash-completion-2.6.0-bp160.1.1.noarch",
"product": {
"name": "stgit-bash-completion-2.6.0-bp160.1.1.noarch",
"product_id": "stgit-bash-completion-2.6.0-bp160.1.1.noarch"
}
},
{
"category": "product_version",
"name": "stgit-emacs-2.6.0-bp160.1.1.noarch",
"product": {
"name": "stgit-emacs-2.6.0-bp160.1.1.noarch",
"product_id": "stgit-emacs-2.6.0-bp160.1.1.noarch"
}
},
{
"category": "product_version",
"name": "stgit-fish-completion-2.6.0-bp160.1.1.noarch",
"product": {
"name": "stgit-fish-completion-2.6.0-bp160.1.1.noarch",
"product_id": "stgit-fish-completion-2.6.0-bp160.1.1.noarch"
}
},
{
"category": "product_version",
"name": "stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
"product": {
"name": "stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
"product_id": "stgit-vim-plugin-2.6.0-bp160.1.1.noarch"
}
},
{
"category": "product_version",
"name": "stgit-zsh-completion-2.6.0-bp160.1.1.noarch",
"product": {
"name": "stgit-zsh-completion-2.6.0-bp160.1.1.noarch",
"product_id": "stgit-zsh-completion-2.6.0-bp160.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "stgit-2.6.0-bp160.1.1.x86_64",
"product": {
"name": "stgit-2.6.0-bp160.1.1.x86_64",
"product_id": "stgit-2.6.0-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "stgit-2.6.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.aarch64"
},
"product_reference": "stgit-2.6.0-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stgit-2.6.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.x86_64"
},
"product_reference": "stgit-2.6.0-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stgit-bash-completion-2.6.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:stgit-bash-completion-2.6.0-bp160.1.1.noarch"
},
"product_reference": "stgit-bash-completion-2.6.0-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stgit-emacs-2.6.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:stgit-emacs-2.6.0-bp160.1.1.noarch"
},
"product_reference": "stgit-emacs-2.6.0-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stgit-fish-completion-2.6.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:stgit-fish-completion-2.6.0-bp160.1.1.noarch"
},
"product_reference": "stgit-fish-completion-2.6.0-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stgit-vim-plugin-2.6.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:stgit-vim-plugin-2.6.0-bp160.1.1.noarch"
},
"product_reference": "stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stgit-zsh-completion-2.6.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:stgit-zsh-completion-2.6.0-bp160.1.1.noarch"
},
"product_reference": "stgit-zsh-completion-2.6.0-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40034"
}
],
"notes": [
{
"category": "general",
"text": "gix-submodule before 0.29.0 (gitoxide before 0.5.21, gix before 0.84.0) incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An attacker can inject arbitrary shell commands via the update field in .gitmodules that will be executed when Submodule::update() is called on a previously-initialized submodule, enabling remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:stgit-bash-completion-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-emacs-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-fish-completion-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-zsh-completion-2.6.0-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40034",
"url": "https://www.suse.com/security/cve/CVE-2026-40034"
},
{
"category": "external",
"summary": "SUSE Bug 1266415 for CVE-2026-40034",
"url": "https://bugzilla.suse.com/1266415"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:stgit-bash-completion-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-emacs-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-fish-completion-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-zsh-completion-2.6.0-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:stgit-2.6.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:stgit-bash-completion-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-emacs-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-fish-completion-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-vim-plugin-2.6.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:stgit-zsh-completion-2.6.0-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-30T15:11:42Z",
"details": "important"
}
],
"title": "CVE-2026-40034"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…