go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git [CVE-2026-25934]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git, due to an issue where data integrity values for .pack and .idx files were not properly verified CVE-2026-25934. GO-git is used as a component of our ibm-watson-speech-catalog...

SUSE CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

Linux Distros Unpatched Vulnerability : CVE-2026-34165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which...

CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

DEBIAN-CVE-2026-33236

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

CVE-2026-31970

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading function, bgzfindexloadhfile, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to stor...

CVE-2026-31970 HTSlib BGZF index file reader has a heap buffer overflow

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading function, bgzfindexloadhfile, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to stor...

Linux Distros Unpatched Vulnerability : CVE-2026-25934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity...

CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

DEBIAN-CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

CVE-2026-25934 go-git improperly verifies data integrity values for .idx and .pack files

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

CVE-2026-25934 go-git improperly verifies data integrity values for .idx and .pack files

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

CVE-2026-25934

Summary of CVE-2026-25934 : The go-git library (prior to v5.16.5) did not properly verify data integrity for .pack and .idx files, which could allow consuming corrupted packfiles/indexes and result in errors such as object not found. This vulnerability affects the integrity checks used when fetch...

go-git 安全漏洞

go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.16.5 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of data integrity values in the .pack and .idx files, which could lead to errors when...

PT-2026-7181

Name of the Vulnerable Software and Affected Versions go-git versions prior to 5.16.5 Description go-git is a Git implementation library written in Go. A flaw exists in how go-git handles the integrity verification of .pack and .idx files. Specifically, data integrity values were not properly...

EUVD-2018-2211

Malware in sbrugna...

EUVD-2006-6727

Malware in sbrugna...

Security update for libreoffice

This update for libreofficefixes the following issues: libreoffice was updated to version 24.8.1.2 jscPED-10362: Release notes: https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and...

[SECURITY] Fedora 40 Update: sisu-mojos-0.9.0~M2-4.fc40

The Sisu Plugin for Maven provides mojos to generate META-INF/sisu/javax.inject.Named index files for the Sisu container...