{"affected":[{"ecosystem_specific":{"binaries":[{"cockpit-repos":"4.7-160000.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"cockpit-repos","purl":"pkg:rpm/opensuse/cockpit-repos&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.7-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cockpit-repos fixes the following issues:\n\nUpdate to version 4.7.\n\nSecurity issues fixed:\n\n- CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global\n  (bsc#1257325).\n- CVE-2025-64718: js-yaml prototype pollution in merge (bsc#1255425).\n\nOther updates and bugfixes:\n\n- version update to 4.7\n\n  * Translation updates\n\n- version update to 4.6:\n\n  * Translation updates\n  * Dependency updates\n  * Fix translations pot file not being update\n\n- version update to 4.5:\n\n  * Dependency updates\n\n- version update to 4.4:\n\n  * Translation updates\n  * Dependency updates\n","id":"openSUSE-SU-2026:20251-1","modified":"2026-02-18T11:22:31Z","published":"2026-02-18T11:22:31Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1255425"},{"type":"REPORT","url":"https://bugzilla.suse.com/1257325"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-13465"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-64718"}],"related":["CVE-2025-13465","CVE-2025-64718"],"summary":"Security update for cockpit-repos","upstream":["CVE-2025-13465","CVE-2025-64718"]}