-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-21a2f3709a 2026-02-27 00:52:14.662437+00:00 --------------------------------------------------------------------------------
Name : gh Product : Fedora 43 Version : 2.87.0 Release : 2.fc43 URL : https://github.com/cli/cli Summary : GitHub's official command line tool Description : A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform various actions right from the command line, eliminating the need to switch between your terminal and the GitHub website. -------------------------------------------------------------------------------- Update Information: Update to 2.87.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 18 2026 Mikel Olasagasti Uranga <[email protected]> - 2.87.0-2 - Drop patch included in 2.87.0 * Wed Feb 18 2026 Packit <[email protected]> - 2.87.0-1 - Update to 2.87.0 upstream release - Resolves: rhbz#2440729 * Mon Feb 2 2026 Maxwell G <[email protected]> - 2.86.0-3 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2432198 - CVE-2026-23831 gh: Rekor denial of service [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2432198 [ 2 ] Bug #2433105 - CVE-2026-23991 gh: go-tuf client DoS via malformed server response [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433105 [ 3 ] Bug #2433107 - CVE-2026-23992 gh: go-tuf improperly validates the configured threshold for delegations [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433107 [ 4 ] Bug #2433108 - CVE-2026-23991 gh: go-tuf client DoS via malformed server response [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433108 [ 5 ] Bug #2433551 - CVE-2026-24117 gh: Rekor Server-Side Request Forgery (SSRF) [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433551 [ 6 ] Bug #2433598 - CVE-2026-24137 gh: sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433598 [ 7 ] Bug #2434249 - CVE-2026-24686 gh: go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2434249 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-21a2f3709a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
