SUSE Package Hub - openSUSE-2025-483

Update Info

openSUSE-2025-483

Security update for go-sendxmpp

Type: security

Severity: important

Issued: 2025-12-24

Description:

This update for go-sendxmpp fixes the following issues:

Update to 0.15.1:

- Added
  * Add XEP-0359 Origin-ID to messages (requires go-xmpp >= v0.2.18).

- Changed

  * HTTP upload: Ignore timeouts on disco IQs as some components do
    not reply.

Upgrades the embedded golang.org/x/net to 0.46.0

  * Fixes: boo#1251461, CVE-2025-47911: various algorithms with
    quadratic complexity when parsing HTML documents
  * Fixes: boo#1251677, CVE-2025-58190: excessive memory consumption
    by 'html.ParseFragment' when processing specially crafted input

References

CVE: CVE-2025-58190
CVE: CVE-2025-47911
Bugzilla: 1251677 VUL-0: CVE-2025-58190: go-sendxmpp: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input
Bugzilla: 1251461 VUL-0: CVE-2025-47911: go-sendxmpp: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents

Packages

go-sendxmpp-0.15.1-bp157.2.6.1