SUSE-CU-2025:6681-1: Security update of bci/spack

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Sep 1 14:09:13 UTC 2025 

SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6681-1
Container Tags        : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.54
Container Release     : 11.54
Severity              : important
Type                  : security
References            : 1212476 1216545 1218588 1218664 1243197 1245938 1245939 1245942
                        1245943 1245946 CVE-2025-27613 CVE-2025-27614 CVE-2025-46835
                        CVE-2025-48384 CVE-2025-48385 
-----------------------------------------------------------------

The container bci/spack was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3012-1
Released:    Fri Aug 29 02:07:38 2025
Summary:     security update for git, git-lfs, obs-scm-bridge, python-PyYAML
Type:        security
Severity:    important
References:  1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385
This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues:

git was updated from version 2.43.0 to 2.51.0 (bsc#1243197):

- Security issues fixed:

  * CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938)
  * CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939)
  * CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942)
  * CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943)
  * CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946)

- Other changes and bugs fixed:
    
- Other changes and bugs fixed:
    
  * Added SHA256 support (bsc#1243197)
  * Git moved to /usr/libexec/git/git and updated AppArmor profile
    accordingly (bsc#1218588)
  * gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664)
  * Do not replace apparmor configuration  (bsc#1216545)
  * Fixed the Python version required (bsc#1212476)
    
- Version Updates Release Notes:

  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc

git-lfs is included in version 3.7.0.

python-PyYAML was updated from version 6.0.1 to 6.0.2:

- Added support for Cython 3.x and Python 3.13

obs-scm-bridge was updated from version 0.5.4 to 0.7.4:

- New Features and Improvements:

  * Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs`
    file.
  * Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary
    files.
  * Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch
    during checkout.
  * Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources.
  * SSH URL Support: ssh:// SCM URLs can now be used.
  * Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved.
  * Standardized Config Location: In project mode, the _config file is now always located in the top-level directory,
    even when using subdirs.
  * Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided.
  * Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled.
  * Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo.

- Bugs fixed:

  * Syntax Fix: A syntax issue was corrected.
  * Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and
    tabs.


The following package changes have been done:

- git-core-2.51.0-150600.3.12.1 updated
- perl-Git-2.51.0-150600.3.12.1 updated
- git-2.51.0-150600.3.12.1 updated

More information about the sle-container-updates mailing list