Release date:
2026-05-08 11:30:51 UTC
Description:
- CVE-2024-6104: backport go-retryablehttp URL redaction so basic-auth
credentials embedded in request URLs are not written to logs/errors
- CVE-2024-28180: backport go-jose decompression-bomb fix to both
vendored major versions (github.com/go-jose/go-jose/v3 and
gopkg.in/square/go-jose.v2)
Updated packages:
-
skopeo-1.11.2-0.1.el9.tuxcare.els4.x86_64.rpm
sha:f6eec06d973b67d4c04d69b9d8ec72fb7de0e2c7d37cb37cc85c7b4e9e145fe0
-
skopeo-tests-1.11.2-0.1.el9.tuxcare.els4.x86_64.rpm
sha:d7b1559b9d245250f1298c66a52c26a2e5faccdfd1493a3ee07256823738cb25
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
