CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

[SECURITY] Fedora 42 Update: libgit2_1.8-1.8.5-1.fc42

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

[SECURITY] Fedora 43 Update: libgit2_1.8-1.8.5-1.fc43

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Linux Distros Unpatched Vulnerability : CVE-2026-44309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-enco...

UBUNTU-CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits

Summary gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees:...

PT-2026-39243

Name of the Vulnerable Software and Affected Versions Gitsign versions prior to 0.16.0 Description gitsign verify and gitsign verify-tag re-encode commit or tag objects using the EncodeWithoutSignature function from the go-git library before checking the signature, rather than verifying the raw g...

Security update for docker-stable (moderate)

openSUSE security update: security update for docker-stable ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20262-1 Rating: moderate References: bsc1250508 bsc1250596 bsc1252290 Affected Products: openSUSE Leap 16.0...

OPENSUSE-SU-2026:20262-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - Enable SELinux in default daemon.json config --selinux-enabled. This has no practical impact on non-SELinux systems bsc1252290. - Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up...

[SECURITY] Fedora 42 Update: libgit2-1.9.2-1.fc42

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

openSUSE 16 Security Update : docker (openSUSE-SU-2026:20057-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20057-1 advisory. Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Updat...

SUSE-SU-2026:20095-1 Security update for docker

This update for docker fixes the following issues: Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Update to docker-buildx v0.29.0. Upstream changelog: - Remove git-core recommends on SLE. Most SLE...

SUSE-SU-2026:20112-1 Security update for docker

This update for docker fixes the following issues: Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Update to docker-buildx v0.29.0. Upstream changelog: - Remove git-core recommends on SLE. Most SLE...

OPENSUSE-SU-2026:20057-1 Security update for docker

This update for docker fixes the following issues: Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Update to docker-buildx v0.29.0. Upstream changelog: - Remove git-core recommends on SLE. Most SLE...

JLSEC-2025-185 libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a...

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially causing a Denial ...

SUSE SLES15 / openSUSE 15 Security Update : docker-stable (SUSE-SU-2025:03545-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03545-1 advisory. Note this update contains a already fixed references mostly. - Remove git-core recommends on SLE to avoid pulling it...

Security update for docker-stable

This update for docker-stable fixes the following issues: Note this update contains a already fixed references mostly. Remove git-core recommends on SLE to avoid pulling it in unnecessary. bsc1250508 This feature is mostly intended for developers "docker build git://" so most users already have t...

SUSE-SU-2025:03545-1 Security update for docker-stable

This update for docker-stable fixes the following issues: Note this update contains a already fixed references mostly. - Remove git-core recommends on SLE to avoid pulling it in unnecessary. bsc1250508 This feature is mostly intended for developers 'docker build git://' so most users already have...

SUSE SLES12 Security Update : docker-stable (SUSE-SU-2025:03540-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03540-1 advisory. - Include historical changelog data from before the docker-stable fork. The initial changelog entry did technically provide all the necessary...

Security update for docker-stable

This update for docker-stable fixes the following issues: Include historical changelog data from before the docker-stable fork. The initial changelog entry did technically provide all the necessary information, but our CVE tracking tools do not understand how the package is forked and so it seems...