{"affected":[{"ecosystem_specific":{"binaries":[{"git":"2.51.0-slfo.1.1_1.1","git-core":"2.51.0-slfo.1.1_1.1","perl-Git":"2.51.0-slfo.1.1_1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.1","name":"git","purl":"pkg:rpm/suse/git&distro=SUSE%20Linux%20Micro%206.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.51.0-slfo.1.1_1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for git fixes the following issues:\n\nUpdate to 2.51.0:\n\n- CVE-2025-27613: arbitrary writable file creation and truncation in Gitk (bsc#1245938)\n- CVE-2025-27614: arbitrary script execution via repo clonation in gitk (bsc#1245939)\n- CVE-2025-46835: untrusted repository cloning can lead to arbitrary writable file creation in Git GUI (bsc#1245942)\n- CVE-2025-48384: script may be unintentionally executed after checkout due to CRLF transforming (bsc#1245943)\n- CVE-2025-48385: arbitrary code execution due to protocol injection via fetching advertised bundle (bsc#1245946)\n- CVE-2025-48386: buffer overflow in static buffer 'target' in wincred credential helper (bsc#1245947)\n","id":"SUSE-SU-2025:20855-1","modified":"2025-10-09T14:25:15Z","published":"2025-10-09T14:25:15Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520855-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245938"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245939"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245942"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245943"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245946"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245947"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-27613"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-27614"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-46835"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-48384"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-48385"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-48386"}],"related":["CVE-2025-27613","CVE-2025-27614","CVE-2025-46835","CVE-2025-48384","CVE-2025-48385","CVE-2025-48386"],"summary":"Security update for git","upstream":["CVE-2025-27613","CVE-2025-27614","CVE-2025-46835","CVE-2025-48384","CVE-2025-48385","CVE-2025-48386"]}