Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.33590
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.33590
<patchinfo incident="33590"> <issue tracker="jsc" id="SLE-23879"/> <issue tracker="cve" id="2024-29903"/> <issue tracker="cve" id="2024-29902"/> <issue tracker="bnc" id="1222835">VUL-0: CVE-2024-29902: cosign: Malicious attachments can cause system-wide denial of service</issue> <issue tracker="bnc" id="1222837">VUL-0: CVE-2024-29903: cosign: Malicious artifects can cause machine-wide denial of service</issue> <packager>msmeissn</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for cosign</summary> <description>This update for cosign fixes the following issues: - CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments (bsc#1222835) - CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts (bsc#1222837) Other fixes: - Updated to 2.2.4 (jsc#SLE-23879) * Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661) * ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526) * fix semgrep issues for dgryski.semgrep-go ruleset (#3541) * Honor creation timestamp for signatures again (#3549) * Features * Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578) </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor