CLEANSTART-2026-LR89498 Security fixes for CVE-2026-34986, ghsa-3xc5-wrhm-f963, ghsa-78h2-9frx-2jm8 applied in versions: 0.48.1-r0, 0.49.0-r0

Multiple security vulnerabilities affect the melange package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-VB45003 Security fixes for CVE-2026-34986, ghsa-78h2-9frx-2jm8 applied in versions: 0.48.1-r0

Multiple security vulnerabilities affect the melange package. These issues are resolved in later releases. See references for individual vulnerability details...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the working-directory field when user-supplied input is embedded into shell scripts without proper quote escaping. An attacker can execute arbitrary shell commands by providing crafted build input values that are...

OPENSUSE-SU-2024:12835-1 melange-0.3.2-1.1 on GA media

These are all security issues fixed in the melange-0.3.2-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-36127 vulnerabilities

Vulnerabilities for packages: melange, pombump...

wolfictl leaks GitHub tokens to remote non-GitHub git servers

Summary A git authentication issue allows a local user’s GitHub token to be sent to remote servers other than github.com. Details Most git-dependent functionality in wolfictl relies on its own git package, which contains centralized logic for implementing interactions with git repositories. Some ...

GHSA-8FG7-HP93-QHVR wolfictl leaks GitHub tokens to remote non-GitHub git servers

Summary A git authentication issue allows a local user’s GitHub token to be sent to remote servers other than github.com. Details Most git-dependent functionality in wolfictl relies on its own git package, which contains centralized logic for implementing interactions with git repositories. Some ...