File _patchinfo of Package patchinfo

<patchinfo incident="19092">
  <issue tracker="bnc" id="1241814">VUL-0: CVE-2025-22872: go-sendxmpp: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction</issue>
  <issue tracker="cve" id="2025-22872"/>
  <packager>jubalh</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go-sendxmpp</summary>
  <description>This update for go-sendxmpp fixes the following issues:

- Update to 0.15.0:
  Added:
  * Add flag --verbose to show debug information.
  * Add flag --recipients to specify recipients by file.
  * Add flag --retry-connect to try after a waiting time if the connection fails.
  * Add flag --retry-connect-max to specify the amount of retry attempts.
  * Add flag --legacy-pgp for using XEP-0027 PGP encryption with Ox keys.
  * Add support for punycode domains.
  Changed:
  * Update gopenpgp library to v3.
  * Improve error detection for MUC joins.
  * Don't try to connect to other SRV record targets if error contains 'auth-failure'.
  * Remove support for old SSDP version (via go-xmpp v0.2.15).
  * Http-upload: Stop checking other disco items after finding upload component.
  * Increase default TLS version to 1.3.
- CVE-2025-22872: Fixed golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (boo#1241814)

- Update to 0.14.1:
  * Use prettier date format for error messages.
  * Update XEP-0474 to version 0.4.0 (requires go-xmpp >= 0.2.10).
</description>
</patchinfo>
openSUSE Build Service is sponsored by