{"id":"CLSA-2026-1773314910","summary":"git-lfs: Fix of 3 CVEs","details":"- rebuild with newer golang version 1.22.9-1.el9_2.tuxcare.els6 to fix the following CVE\n  - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory\n    consumption during form parsing\n  - CVE-2025-68121: fix TLS session resumption bypass by preventing shared\n    auto-rotated ticket keys in Config and validating full certificate chain expiry\n  - CVE-2025-61729: fix excessive resource consumption when constructing hostname\n    error messages for certificates with many SANs","modified":"2026-06-01T00:31:59.448717930Z","published":"2026-03-12T11:28:34Z","upstream":["CVE-2025-61726","CVE-2025-68121","CVE-2025-61729"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2026-1773314910.html"}],"affected":[{"package":{"name":"git-lfs","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/git-lfs?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.0-1.el9.tuxcare.els3"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773314910.json"}}],"schema_version":"1.7.5"}