Detections
Analytics

openSUSE 16 Security Update : gitea-tea (openSUSE-SU-2025-20118-1)

medium Nessus Plugin ID 277014

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20118-1 advisory.

 Changes in gitea-tea:

 - update to 0.11.1:
 * 61d4e57 Fix Pr Create crash (#823)
 * 4f33146 add test for matching logins (#820)
 * 08b8398 Update README.md (#819)

 - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (boo#1251663)
 - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents (boo#1251471)

 - update to 0.11.0:
 * Fix yaml output single quote (#814)
 * generate man page (#811)
 * feat: add validation for object-format flag in repo create command (#741)
 * Fix release version (#815)
 * update gitea sdk to v0.22 (#813)
 * don't fallback login directly (#806)
 * Check duplicated login name in interact mode when creating new login (#803)
 * Fix bug when output json with special chars (#801)
 * add debug mode and update readme (#805)
 * update go.mod to retract the wrong tag v1.3.3 (#802)
 * revert completion scripts removal (#808)
 * Remove pagination from context (#807)
 * Continue auth when failed to open browser (#794)
 * Fix bug (#793)
 * Fix tea login add with ssh public key bug (#789)
 * Add temporary authentication via environment variables (#639)
 * Fix attachment size (#787)
 * deploy image when tagging (#792)
 * Add Zip URL for release list (#788)
 * Use bubbletea instead of survey for interacting with TUI (#786)
 * capitalize a few items
 * rm out of date comparison file
 * README: Document logging in to gitea (#790)
 * remove autocomplete command (#782)
 * chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5 (#773)
 * replace arch package url (#783)
 * fix: Reenable -p and --limit switches (#778)

 - Update to 0.10.1+git.1757695903.cc20b52:
 - feat: add validation for object-format flag in repo create command (see gh#openSUSE/openSUSE-git#60)
 - Fix release version
 - update gitea sdk to v0.22
 - don't fallback login directly
 - Check duplicated login name in interact mode when creating new login
 - Fix bug when output json with special chars
 - add debug mode and update readme
 - update go.mod to retract the wrong tag v1.3.3
 - revert completion scripts removal
 - Remove pagination from context
 - Continue auth when failed to open browser
 - Fix bug
 - Fix tea login add with ssh public key bug
 - Add temporary authentication via environment variables
 - Fix attachment size
 - deploy image when tagging
 - Add Zip URL for release list
 - Use bubbletea instead of survey for interacting with TUI
 - capitalize a few items
 - rm out of date comparison file
 - README: Document logging in to gitea
 - remove autocomplete command
 - chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5
 - replace arch package url
 - fix: Reenable `-p` and `--limit` switches

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected gitea-tea, gitea-tea-bash-completion and / or gitea-tea-zsh-completion packages.

See Also

https://bugzilla.suse.com/1251471

https://bugzilla.suse.com/1251663

https://www.suse.com/security/cve/CVE-2025-47911

https://www.suse.com/security/cve/CVE-2025-58190

Plugin Details

Severity: Medium

ID: 277014

File Name: openSUSE-2025-20118-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 12/2/2025

Updated: 12/2/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2025-58190

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:gitea-tea, p-cpe:/a:novell:opensuse:gitea-tea-bash-completion, p-cpe:/a:novell:opensuse:gitea-tea-zsh-completion, cpe:/o:novell:opensuse:16.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/27/2025

Vulnerability Publication Date: 10/23/2025

Reference Information

CVE: CVE-2025-47911, CVE-2025-58190