Commit - package/rekor - 2865d7a5c03666253bfe0b2296d75fac41de73a0

    Update rekor to version 1.3.10 / rev 26 via SR 1268974
    
    https://build.opensuse.org/request/show/1268974
    by user msmeissn + anag_factory
    * Security fixes (over the last releases):
        - CVE-2024-6104: rekor: hashicorp/go-retryablehttp: url might write sensitive information to log file (bsc#1227053)
        - CVE-2023-45288: rekor: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236519)
        - CVE-2025-27144: rekor: gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237638)
        - CVE-2025-22868: rekor: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239191)
        - CVE-2025-22869: rekor: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239327)
        - CVE-2025-30204: rekor: github.com/golang-jwt/jwt/v5: jwt-g

.files

file modified

+0 -0

.rev

file modified

+14 -0

_service

file modified

+1 -1

_servicedata

file modified

+1 -1

rekor-1.3.10.obscpio

file added

rekor-1.3.9.obscpio

file removed

-1

rekor.changes

file modified

+20 -0

rekor.obsinfo

file modified

+3 -3

rekor.spec

file modified

+18 -7

vendor.tar.zst

file modified

+1 -1

package / rekor

Source Code

2865d7 Update rekor to version 1.3.10 / rev 26 via SR 1268974

10 files Authored by msmeissn 4 months ago, Committed by Bernhard M. Wiedemann 4 months ago,

`2865d7` Update rekor to version 1.3.10 / rev 26 via SR 1268974