FEDORA-2024-378ed6dffe — security update for gh

stable

gh-2.63.2-1.fc42

FEDORA-2024-378ed6dffe created by mikelo2 12 months ago for Fedora 42

Automatic update for gh-2.63.2-1.fc42.

Changelog

* Tue Dec 10 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 2.63.2-1
- Update to 2.63.2 - Closes rhbz#2273304 rhbz#2292682 rhbz#2322519
  rhbz#2329265 rhbz#2330387 rhbz#2330388

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-378ed6dffe

This update was automatically created

12 months ago

This update's test gating status has been changed to 'ignored'.

12 months ago

This update's test gating status has been changed to 'waiting'.

12 months ago

This update's test gating status has been changed to 'ignored'.

12 months ago

This update has been submitted for stable by bodhi

12 months ago

Please log in to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

0 days

Dates

submitted

12 months ago

in testing

12 months ago

in stable

12 months ago

approved

12 months ago

Builds

gh-2.63.2-1.fc42

BZ#2273304 gh-2.63.2 is available

BZ#2292682 CVE-2024-24789 gh: golang: archive/zip: Incorrect handling of certain ZIP files [fedora-all]

BZ#2322519 GH CLI 2.60.1 released

BZ#2329265 CVE-2024-53858 gh: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli [fedora-all]

BZ#2330387 CVE-2024-54132 gh: GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability [fedora-40]

BZ#2330388 CVE-2024-54132 gh: GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability [fedora-41]

gh-2.63.2-1.fc42

Automated Test Results

ignored