auto-created for gimp

This commit was autocreated by AutoGits PR Review Bot

referencing PRs:
 PR: pool/gimp!2

.gitea/workflows/patchinfo_numberator.yaml

@@ -1,37 +1,35 @@
 # Use this as .gitea/workflows/patchinfo_numberator.yaml in all products/* repos
-name: Patchinfo ID numberator
-run-name: ${{ gitea.actor }} is setting patchinfo numbers
-on: [push]
+name: Patchinfo incident numbering
+
+on:
+  push:
+  workflow_dispatch:
+
+env:
+  REPO_PATH: /workspace/${{ gitea.repository }}
+  REPO_URL: https://gitea-actions-autobuild:${{ secrets.REPO_WRITE }}@$RUNNER_GITEA_DOMAIN/${{ gitea.repository }}.git
 
 jobs:
   use-go-action:
-    runs-on: tumbleweed
+    runs-on: tumbleweed_autobuild
     steps:
-      # Install packages if not provided by image
-      - run: |
-          rpm -q go && exit 0
-          zypper ref
-          zypper in -y go
-      # Generic action from GitHub to clone the product git repo
+
       - name: Checkout product
-        uses: https://gitea-actions-autobuild:${{ secrets.REPO_READ }}@src.opensuse.org/actions/github-actions-checkout@v4
-        with:
-          token: ${{ secrets.REPO_WRITE }}
-          repo-sha256: true
+        run: |
+          test -n "${{ env.REPO_PATH }}" && rm -rfv "${{ env.REPO_PATH }}"/*
+          git config --global --add safe.directory ${{ env.REPO_PATH }}
+          git clone ${{ env.REPO_URL }} ${{ env.REPO_PATH }}
 
       - name: Update all new _patchinfo files
-        uses: https://gitea-actions-autobuild:${{ secrets.REPO_READ }}@src.opensuse.org/actions/patchinfo-numbering-action@v0
-      - name: Get last commit author
-        id: last-commit
-        run: |
-          echo "author=$(git log -1 --pretty='%an <%ae>')" >> $GITHUB_OUTPUT
-      - name: Commit changes back
-        uses: https://gitea-actions-autobuild:${{ secrets.REPO_READ }}@src.opensuse.org/actions/stefanzweifel-git-auto-commit-action@v5
+        uses: https://src.opensuse.org/actions/patchinfo-numbering-action@v0
+        with:
+          prefix: packagehub-
+
+      - name: Commit changes
+        uses: https://src.opensuse.org/actions/stefanzweifel-git-auto-commit-action@v5
         with:
           commit_user_name: gitea-actions-autobuild
-          commit_user_email: autobuild+gitea@opensuse.org
-          commit_author: ${{ steps.last-commit.outputs.author }}
-          commit_message: "Update incident numbers [skip actions]"
+          commit_author: Patchinfo incident numbering <gitea-actions-autobuild@noreply.src.opensuse.org> 
+          commit_message: "Update patchinfo incident numbers [skip actions]"
           commit_options: '--no-edit'
           skip_fetch: true
-

.gitmodules

@@ -26106,3 +26106,31 @@
 	path = perl-MCP
 	url = ../../pool/perl-MCP
 	branch = leap-16.0
+[submodule "fprintd"]
+	path = fprintd
+	url = ../../pool/fprintd
+	branch = leap-16.0
+[submodule "python-acme"]
+	path = python-acme
+	url = ../../pool/python-acme
+	branch = leap-16.0
+[submodule "python-certbot"]
+	path = python-certbot
+	url = ../../pool/python-certbot
+	branch = leap-16.0
+[submodule "python-certbot-nginx"]
+	path = python-certbot-nginx
+	url = ../../pool/python-certbot-nginx
+	branch = leap-16.0
+[submodule "python-ConfigArgParse"]
+	path = python-ConfigArgParse
+	url = ../../pool/python-ConfigArgParse
+	branch = leap-16.0
+[submodule "python-josepy"]
+	path = python-josepy
+	url = ../../pool/python-josepy
+	branch = leap-16.0
+[submodule "python-pyRFC3339"]
+	path = python-pyRFC3339
+	url = ../../pool/python-pyRFC3339
+	branch = leap-16.0

0Backports/Backports.changes

@@ -1,3 +1,54 @@
+-------------------------------------------------------------------
+Fri Oct 10 07:19:41 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded, not needed 
+    micro patterns that are coming from SLES
+      patterns-micro-alt_onlyDVD                               
+      patterns-micro-cloud                                     
+      patterns-micro-defaults                                  
+      patterns-micro-fips                                      
+      patterns-micro-hardware                                  
+      patterns-micro-ima-evm                                   
+      patterns-micro-kvm_host                                  
+      patterns-micro-onlyDVD                                   
+      patterns-micro-ra-agent                                  
+      patterns-micro-ra-verifier                               
+      patterns-micro-salt_minion                               
+      patterns-micro-sssd-ldap            
+
+-------------------------------------------------------------------
+Mon Oct  6 14:49:27 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded, remove more uninstallables
+      aws-cli
+      NetworkManager-branding-upstream
+      sdbootutil-tukit
+      toolbox-branding-SLE-16.0 
+
+-------------------------------------------------------------------
+Mon Oct  6 13:24:32 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded, cleanup more unneeded 32bit packages
+      at-spi2-core-devel-32bit
+      libcups2-32bit
+      libcurl-devel-32bit
+      libdns_sd-32bit
+      libpcap-devel-32bit
+      libraptor2-0-32bit
+      libtss2-fapi1-32bit
+
+-------------------------------------------------------------------
+Thu Oct  2 15:07:44 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded since not needed patterns
+      patterns-base-transactional_base
+      patterns-micro-elemental_client
+      patterns-sap-bone
+
 -------------------------------------------------------------------
 Fri Sep 26 16:48:57 UTC 2025 - Nathan Cutler <ncutler@suse.com>
 

0Backports/Backports.productcompose

@@ -14,7 +14,7 @@ scc:
 
 build_options:
 ### For maintenance, otherwise only "the best" version of each package is picked:
-# - take_all_available_versions
+- take_all_available_versions
 - hide_flavor_in_product_directory_name
 
 ### Since the Backports product build is not self-contained in a single repository,
@@ -32,8 +32,8 @@ debug: split
 repodata: all
 
 # has only an effect during maintenance:
-set_updateinfo_from: maint-coord@suse.de
-# set_updateinfo_id_prefix: openSUSE-Leap-16.0-
+set_updateinfo_from: maintenance@opensuse.org
+set_updateinfo_id_prefix: SUSE-PackageHub-16.0-
 
 flavors:
   backports_aarch64:
@@ -58,6 +58,9 @@ packagesets:
   - ALP
   - ALP-dummy-release
   - MozillaFirefox-branding-upstream
+  - NetworkManager-branding-upstream
+  - at-spi2-core-devel-32bit
+  - aws-cli
   - bash-legacybin
   - busybox-adduser
   - busybox-attr
@@ -155,12 +158,14 @@ packagesets:
   - libatk-bridge-2_0-0-32bit
   - libatspi0-32bit
   - libavahi-client3-32bit
-#  - libcups2-32bit
+  - libcups2-32bit
   - libcurl-mini4
   - libcurl4-32bit
+  - libcurl-devel-32bit
   - libdbus-1-3-32bit
   - libdbus-glib-1-2-32bit
   - libdc1394-26-32bit
+  - libdns_sd-32bit
   - libdebuginfod-dummy-devel
   - libdebuginfod1-dummy
   - libdvbv5-0-32bit
@@ -170,16 +175,19 @@ packagesets:
   - liblirc_driver0-32bit
   - libmanette-0_2-0-32bit
   - libpcap1-32bit
+  - libpcap-devel-32bit
   - libpolkit-agent-1-0-32bit
   - libpolkit-gobject-1-0-32bit
   - libpq5-32bit
   - libpxbackend-1_0-mini
+  - libraptor2-0-32bit
   - libressl
   - libressl-devel
   - libressl-devel-doc
 #  - libsybdb5-32bit
   - libsystemd0-mini
 #  - libtdsodbc0-32bit
+  - libtss2-fapi1-32bit
   - libudev-mini1
   - libunbound-devel-mini
   - libusb-1_0-0-32bit
@@ -195,6 +203,22 @@ packagesets:
   - openssl_tpm2
   - pam-extra-32bit
   - patterns-base-kernel_livepatching
+  - patterns-base-transactional_base
+  - patterns-micro-alt_onlyDVD
+  - patterns-micro-cloud
+  - patterns-micro-defaults
+  - patterns-micro-elemental_client
+  - patterns-micro-defaults
+  - patterns-micro-fips
+  - patterns-micro-hardware
+  - patterns-micro-ima-evm
+  - patterns-micro-kvm_host
+  - patterns-micro-onlyDVD
+  - patterns-micro-ra-agent
+  - patterns-micro-ra-verifier
+  - patterns-micro-salt_minion
+  - patterns-micro-sssd-ldap
+  - patterns-sap-bone
   - patterns-base-update_test
   - plymouth-branding-upstream
   - postgresql17-devel-mini
@@ -222,6 +246,7 @@ packagesets:
   - reproducible-faketools-tar
   - reproducible-faketools-verbose
   - reproducible-faketools-zip
+  - sdbootutil-tukit
   - sddm-branding-openSUSE
   - sddm-qt6-branding-openSUSE
   - systemd-default-settings-branding-openSUSE
@@ -233,6 +258,7 @@ packagesets:
   - systemd-mini-container
   - systemd-mini-devel
   - this-is-only-for-build-envs
+  - toolbox-branding-SLE-16.0
   - udev-mini
   - update-test-32bit-pkg
   - update-test-affects-package-manager

_config

@@ -1,4 +1,8 @@
+%if 0%{?is_stage_project}
+Release: <CI_CNT>.<B_CNT> spec:bp160.999999.<CI_CNT>.<B_CNT>
+%else
 Release: <CI_CNT>.<B_CNT> spec:bp160.<CI_CNT>.<B_CNT>
+%endif
 
 # 000productcompose experiment
 %if "%_repository" == "product"
@@ -143,7 +147,7 @@ Substitute: wallpaper-branding-openSUSE wallpaper-branding-SLE
 %define is_opensuse  1
 %define is_backports 1
 
-%if "%_project" == "openSUSE:Backports:SLE-16.0" || "%_project" == "openSUSE:Backports:SLE-16.0:git"
+%if 0%{?_is_in_project}
 Macros:
 %vendor openSUSE
 %distribution SUSE Linux Enterprise 16
@@ -164,7 +168,7 @@ Macros:
 
 # Leap specific package list, the same list with excludebuild must add to Backports project
 # Most of package should be built in Backports
-%if "%_project" == "openSUSE:Backports:SLE-16.0" || "%_project" == "openSUSE:Backports:SLE-16.0:git"
+%if "%_project" == "openSUSE:Backports:SLE-16.0"
 # we build ffado:ffado-mixer for openSUSE, the main one is built in SLFO
 BuildFlags: excludebuild:ffado
 # build gpgme:qt flavor for qt5 support

_maintainership.json

@@ -1,3 +1,3 @@
 {
-    "": ["packagehub-review"]
+    "": ["maintenance-release-review"]
 }

patchinfo.20251010110535882810.90520734224245/_patchinfo

@@ -0,0 +1,66 @@
+<patchinfo incident="packagehub-1">
+  <issue tracker="bnc" id="1251334">VUL-0: chromium: release 141.0.7390.65</issue>
+  <issue tracker="cve" id="2025-11213">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11216">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11207">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11211">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11212">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11210">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="bnc" id="1250780">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11208">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10890">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11206">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11460">VUL-0: chromium: release 141.0.7390.65</issue>
+  <issue tracker="cve" id="2025-11219">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="bnc" id="1250472">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11205">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10891">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11458"/>
+  <issue tracker="cve" id="2025-11215">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11209">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10892">VUL-0: chromium: release 140.0.7339.207</issue>
+  <packager>AndreasStieger</packager>
+  <rating>critical</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.76:
+
+  * Do not send URLs as AIM input. This is to resolve a privacy
+    concern, around passing urls to AI Mode.
+
+Chromium 141.0.7390.65 (boo#1251334):
+
+  * CVE-2025-11458: Heap buffer overflow in Sync
+  * CVE-2025-11460: Use after free in Storage
+  * CVE-2025-11211: Out of bounds read in WebCodecs
+
+Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780)
+
+  * CVE-2025-11205: Heap buffer overflow in WebGPU
+  * CVE-2025-11206: Heap buffer overflow in Video
+  * CVE-2025-11207: Side-channel information leakage in Storage
+  * CVE-2025-11208: Inappropriate implementation in Media
+  * CVE-2025-11209: Inappropriate implementation in Omnibox
+  * CVE-2025-11210: Side-channel information leakage in Tab
+  * CVE-2025-11211: Out of bounds read in Media
+  * CVE-2025-11212: Inappropriate implementation in Media
+  * CVE-2025-11213: Inappropriate implementation in Omnibox
+  * CVE-2025-11215: Off by one error in V8
+  * CVE-2025-11216: Inappropriate implementation in Storage
+  * CVE-2025-11219: Use after free in V8
+  * Various fixes from internal audits, fuzzing and other initiatives
+
+Chromium 141.0.7390.37 (beta released 2025-09-24)
+
+Chromium 140.0.7339.207 (boo#1250472)
+
+  * CVE-2025-10890: Side-channel information leakage in V8
+  * CVE-2025-10891: Integer overflow in V8
+  * CVE-2025-10892: Integer overflow in V8
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251015125625066283.90520734224245/_patchinfo

@@ -0,0 +1,17 @@
+<patchinfo incident="packagehub-3">
+  <issue tracker="bnc" id="1252013">VUL-0: CVE-2025-11756: chromium: Use after free in Safe Browsing</issue>
+  <issue tracker="cve" id="2025-11756"/>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.107:
+
+* CVE-2025-11756: Use after free in Safe Browsing (boo#1252013)
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251016111300220521.93181000773252/_patchinfo

@@ -0,0 +1,17 @@
+<patchinfo incident="packagehub-11">
+  <issue tracker="bnc" id="1250487">VUL-0: CVE-2025-59682: python-Django,python-Django4: Potential partial directory-traversal via archive.extract()</issue>
+  <issue tracker="cve" id="2025-59682">VUL-0: CVE-2025-59682: python-Django,python-Django4: Potential partial directory-traversal via archive.extract()</issue>
+  <issue tracker="cve" id="2025-59681"/>
+  <issue tracker="bnc" id="1250485">VUL-0: CVE-2025-59681: python-Django,python-Django4: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB</issue>
+  <packager>mcalabkova</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-Django</summary>
+  <description>This update for python-Django fixes the following issues:
+
+- CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (boo#1250485)
+- CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract() (boo#1250487)
+</description>
+  <package>python-Django</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251017085122907353.93181000773252/_patchinfo

@@ -0,0 +1,103 @@
+<patchinfo incident="packagehub-4">
+  <packager>dheidler</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for opi</summary>
+  <description>This update for opi fixes the following issues:
+
+- Version 5.8.8
+  * Fix adding openh264 repo on leap 16.0
+
+This update for opi fixes the following issues:
+
+- Version 5.8.7
+  * Fix ocenaudio url
+  * Add LocalSend plugin
+  * Run all tests in verbose mode
+  * Print written repo files in verbose mode
+  * Increase timeouts in test/06_install_non_interactive.py
+  * Remove DNF references from README.md
+
+This update for opi fixes the following issues:
+
+- Version 5.8.5
+  * add librewolf plugin (#205)
+  * Install .NET 9
+  * Add verbose mode
+  * Change the order of the process in the github module
+  * Add rustdesk plugin
+
+This update for opi fixes the following issues:
+
+- Version 5.8.4
+  * Use arm64 rpm for libation on aarch64
+
+This update for opi fixes the following issues:
+
+- Version 5.8.3
+  * Install dependencies rpm-build and squashfs at runtime if needed
+  * Drop DNF support
+
+This update for opi fixes the following issues:
+
+- Version 5.8.2
+  * Warn about adding staging repos
+  * Gracefully handle zypper exit code 106 (repos without cache present)
+
+This update for opi fixes the following issues:
+
+- Version 5.8.1
+  * Fix SyntaxWarning: invalid escape sequence '\s'
+
+This update for opi fixes the following issues:
+
+- Version 5.8.0
+  * Add mullvad-brower
+
+This update for opi fixes the following issues:
+
+- Version 5.7.0
+  * Add leap-only plugin to install zellij from github release
+  * Don't use subprocess.run user kwarg on 15.6
+  * Fix tests: Use helloworld-opi-tests instead of zfs
+  * Perform search despite locked rpmdb
+  * Simplify backend code
+
+This update for opi fixes the following issues:
+
+- Use no macros in url in .spec for packtrack
+
+This update for opi fixes the following issues:
+
+- Version 5.6.0
+  * Add plugin to install vagrant from hashicorp repo
+
+This update for opi fixes the following issues:
+
+- Version 5.5.0
+  * Update opi/plugins/collabora.py
+  * add collabora office desktop
+  * Omit unsupported cli args on leap in 99_install_opi.py
+  * Switch to PEP517 install
+  * Fix 09_install_with_multi_repos_in_single_file_non_interactive.py
+  * Fix 07_install_multiple.py on tumbleweed
+  * Fix test suite on tumbleweed
+  * Update available apps in opi - README.md
+
+This update for opi fixes the following issues:
+
+- Version 5.4.0
+  * Show key ID when importing or deleting package signing keys
+  * Add option to install google-chrome-canary
+
+This update for opi fixes the following issues:
+
+- Version 5.3.0
+  * Fix tests for new zypper version
+  * fix doblue slash in packman repo url
+  * Add Plugin to install Libation
+
+</description>
+  <package>opi</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251017085327031166.93181000773252/_patchinfo

@@ -0,0 +1,17 @@
+<patchinfo incident="packagehub-5">
+  <packager>michals</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for virtme</summary>
+  <description>This update for virtme fixes the following issues:
+
+- Update to 1.38:
+  * Fix the infamous Stale file handle (ESTALE) errors with virtiofsd
+  * Fix for systemctl daemon-reload when systemd support is enabled
+  * Fix for a kernel symlink issue affecting openSUSE/SLE
+  * README/docs improvements
+  * Various coding style cleanups
+</description>
+  <package>virtme</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251020125830692820.93181000773252/_patchinfo

@@ -0,0 +1,55 @@
+<patchinfo incident="packagehub-6">
+  <issue tracker="bnc" id="1206292">[SELinux] Wine/Proton not working reliably with default SELinux configuration</issue>
+  <packager>regularhunter</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for lutris</summary>
+  <description>This update for lutris fixes the following issues:
+
+- Move selinux dependency
+
+- Fix gaming under selinux (bsc#1206292)
+
+- Fix wrong placement of lang_package macro in spec file
+
+- Update to 0.5.19:
+  * Fix Proton integration bugs so Proton-fixes are applied
+  * Do not offer DXVK, VKD3D, D3D Extras or DDXVK-NVAPI on Proton versions;
+    Proton will handle these.
+  * The "Enable Esync" and "Enable Fsync" settings are now passed on to Proton
+  * DXVK's integrated D8VK will be enabled in Proton
+  * Emulator BIOS file location (used by libretro) may be set in Preferences
+  * Obtain the release year from GOG and Itch.io.
+  * MAME Machine setting uses a searchable entry for its enourmous list
+  * Support for importing Commodore 64 ROMs
+
+- Add BuildRequires apparmor-abstractions, apparmor-rpm-macros for
+  Leap, fix for build error: directories not owned by a package:
+  /etc/apparmor.d
+
+- update to 0.5.18:
+  * Lutris downloads the latest GE-Proton build for Wine if any Wine version is installed
+  * Use dark theme by default
+  * Display cover-art rather than banners by default
+  * Add 'Uncategorized' view to sidebar
+  * Preference options that do not work on Wayland will be hidden when on Wayland
+  * Game searches can now use fancy tags like 'installed:yes' or 'source:gog', with explanatory tool-tip
+  * A new filter button on the search box can build many of these fancy tags for you
+  * Runner searches can use 'installed:yes' as well, but no other fancy searches or anything
+  * Updated the Flathub and Amazon source to new APIs, restoring integration
+  * Itch.io source integration will load a collection named 'Lutris' if present
+  * GOG and Itch.io sources can now offer Linux and Windows installers for the same game
+  * Added support for the 'foot' terminal
+  * Support for DirectX 8 in DXVK v2.4
+  * Support for Ayatana Application Indicators
+  * Additional options for Ruffle runner
+  * Updated download links for the Atari800 and MicroM8 runners
+  * No longer re-download cached installation files even when some are missing
+  * Lutris log is included in the 'System' tab of the Preferences window
+  * Improved error reporting, with the Lutris log included in the error details
+  * Add AppArmor profile for Ubuntu versions &gt;= 23.10
+  * Add Duckstation runner
+</description>
+  <package>lutris</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251022070616351820.90520734224245/_patchinfo

@@ -0,0 +1,16 @@
+<patchinfo incident="packagehub-8">
+  <issue tracker="cve" id="2025-12036">VUL-0: CVE-2025-12036: chromium: Inappropriate implementation in V8</issue>
+  <issue tracker="bnc" id="1252402">VUL-0: CVE-2025-12036: chromium: Inappropriate implementation in V8</issue>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.122:
+
+  * CVE-2025-12036: Inappropriate implementation in V8 (boo#1252402)
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251023113823853491.93181000773252/_patchinfo

@@ -0,0 +1,57 @@
+<patchinfo incident="packagehub-7">
+  <issue tracker="bnc" id="1248768">[warewulf, REGRESSION] None of the disk/partition/filesystem Options to `wwctl profile set` appear to do anything</issue>
+  <issue tracker="bnc" id="1227465">[warewulf, kernel] After updating the Kernel in the Container Image 'wwctl container list' still shows old</issue>
+  <issue tracker="bnc" id="1246082">warewulf4-slurm suggest  slurm only</issue>
+  <issue tracker="bnc" id="1248906">VUL-0: CVE-2025-58058: warewulf4: github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory</issue>
+  <issue tracker="bnc" id="1227686">[warewulf, kernel] Feature: Allow to determine the Kernel to boot - with none set, take latest</issue>
+  <issue tracker="cve" id="2025-58058">cve#2025-58058 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-58058</issue>
+  <packager>mslacken</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for warewulf4</summary>
+  <description>This update for warewulf4 fixes the following issues:
+
+Changes in warewulf4:
+
+- Update to version 4.6.4:
+  * v4.6.4 release updates
+  * Convert disk booleans from wwbool to *bool which allows bools in
+    disk to be set to false via command line (bsc#1248768)
+  * Update NetworkManager Overlay
+    * Disable ipv4 in NetworkManager if no address or route is specified
+  * fix(wwctl): Create overlay edit tempfile in tmpdir
+  * Add default for systemd name for warewulf in warewulf.conf
+  * Atomic overlay file application in wwclient
+  * Simpler names for overlay methods
+  * Fix warewulfd api behavior when deleting distribution overlay
+
+- Update to version 4.6.3:
+  * v4.6.3 release
+  * IPv6 iPXE support
+  * Fix a syntax error in the RPM specfile
+  * Fix a race condition in wwctl overlay edit
+  * Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays
+  * Move reexec.Init() to beginning of wwctl
+  * Add documentation for using tmpfs to distribute across numa nodes
+  * added warewuld configure option
+  * Fix wwctl upgrade nodes to handle kernel argument lists (bsc#1227686 bsc#1227465)
+  * Address copilot review from #1945
+  * Refactor wwapi tests for proper isolation
+  * Bugfix: cloning a site overlay when parent dir does not exist
+  * Clone to a site overlay when adding files in wwapi
+  * Consolidated createOverlayFile and updateOverlayFile to addOverlayFile
+  * Support for creating and updating overlay file in wwapi
+  * Only return overlay files that refer to a path within the overlay
+  * add overlay file deletion support
+  * DELETE /api/overlays/{id}?force=true can delete overlays in use
+  * Restore idempotency of PUT /api/nodes/{id}
+  * Simplify overlay mtime api and add tests
+  * add node overlay buildtime
+  * Improved netplan support
+  * Rebuild overlays for discovered nodes
+  * Restrict userdocs from building during pr when not modified
+  * Update to v4.6.2 GitHub release notes
+</description>
+  <package>warewulf4</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251023150135882810.90520734224245/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-9">
+  <packager>dgarcia</packager>
+  <rating>moderate</rating>
+  <category>optional</category>
+  <summary>Optional update for fprintd</summary>
+  <description>
+This update ships fprintd 1.94.4 to openSUSE Leap 16.0 and SLES Package Hub 16.0
+</description>
+  <package>fprintd</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251025182237146698.93181000773252/_patchinfo

@@ -0,0 +1,129 @@
+<patchinfo incident="packagehub-13">
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst</summary>
+  <description>This update for openQA, os-autoinst fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1761296552.ae7c17aa:
+  * Add tests for file_security_policy
+  * Pass parameter $is_userfile to log_url
+  * Remove redirect and serve files as attachments if necessary
+  * Serve files uploaded by tests via asset domain
+  * Use direct link to subdomain for the test assets
+  * Revert "Don't redirect to asset domain via /needles/ID/(image|json) route"
+  * Revert "Don't redirect screenshots, thumbs and needles to files_domain"
+
+- Update to version 5.1761228068.a3a7f84d:
+  * Dependency cron 2025-10-23
+
+- Update to version 5.1761037330.ad78558e:
+  * Avoid needless check for number of clones
+  * Avoid creation of `git_clone` tasks for jobs with empty `DISTRI`
+
+- Update to version 5.1760515610.a802d1dd:
+  * Lower the prio of archiving jobs to avoid piling up finalize jobs
+  * Add signatures in Schema::Result::ApiKeys
+
+- Update to version 5.1760245411.e3aeaaec:
+  * Dependency cron 2025-10-12
+
+- Update to version 5.1760108577.fd2f2a48:
+  * Log unavailability due to high load only as warning
+  * Filter job stats of scheduled products also by arch and build
+  * Document how to disable image optimizations
+  * Make image optimization errors stop the job producing an incomplete job
+  * Improve wording in description about job stats API
+  * Run `optipng` for real and handle errors if it fails
+
+- Update to version 5.1759912962.689b31ed:
+  * Avoid failing `obs_rsync_run` jobs when restarting `openqa-gru.service`
+
+- Update to version 5.1759834744.06a7028a:
+  * parser: ktap: Return earlier if subtest result is SKIP
+  * parser: ktap: Fallback to subtest index if name is not available
+
+- Update to version 5.1759440640.bb989cab:
+  * Don't redirect to asset domain via /needles/ID/(image|json) route
+
+- Update to version 5.1759402042.49e912c3:
+  * Introduce array job settings
+  * Retry `obs_rsync_update_*` tasks if Gru service terminates
+
+- Update to version 5.1759329378.3b8e8685:
+  * Reduce the number of required checks for Mergify again
+  * Ensure a failing cache service is seen as such by the worker/scheduler
+
+- Update to version 5.1759248257.70b23b32:
+  * Increase number of successful checks in Mergify config again
+  * Disable Helm Chart CI checks temporarily
+  * Consider all jobs for cleanup, not just jobs that were executed
+  * Verify job deletion when dependent job present
+
+- Update to version 5.1759149505.49c40b0b:
+  * Use always the latest PostgreSQL image in Compose and documentation
+  * Update the PostgreSQL version in the contributing documentation
+  * Update PostgreSQL data path in Docker Compose file after updating to v18
+  * Specify PostgreSQL version in Docker Compose configuration explicitly
+  * mergify: Allow more time for dependabot update reaction
+  * Remove version property from docker-compose
+  * README: Fix openQA badge after switch to UEFI
+  * build(deps-dev): bump eslint from 9.35.0 to 9.36.0
+
+- Update to version 5.1758910696.7549bb98:
+  * Replace argument assignment with signatures on ObsRsync/Task
+  * Enable automatic dependabot updates again after improvements
+  * docs: Add instructions for a continuous dashboard setup
+  * Replace argument assignment with signatures Folders package
+  * Fully cover WebAPI::Plugin::ObsRsync::Controller::Folders
+  * script: Also use OPENQA_WEBUI_MODE for related services
+
+- Update to version 5.1758814503.03d923a4:
+  * Use Mojo::File in Worker for is_qemu_running
+  * Use Mojo::File in Worker for meminfo
+  * Document archiving of important jobs
+
+- Update to version 5.1758729450.b88c0b40:
+  * Reject jobs if worker is broken when receiving a new job
+
+- Update to version 5.1758711845.e5c02221:
+  * script: Allow to configure openQA mode
+  * t: run at least once Memorylimit register with max_rss_limit &gt; 0
+  * Replace argument assignation with signatures on MemoryLimit
+
+Changes in os-autoinst:
+
+- Update to version 5.1761036042.c43e4ab:
+  * Update perltidy
+  * Allow redirects in needle NeedleDownloader
+  * Don't overwrite firewall xml
+  * Add UEFI support for ipxe kernel boot
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+
+- Update to version 5.1759328765.e7438f7:
+  * Allow redirects in needle NeedleDownloader
+  * Don't overwrite firewall xml
+  * Add UEFI support for ipxe kernel boot
+  * t: Use consistent Mojo::File in 08-autotest as well
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+
+- Update to version 5.1759134946.e08d7c7:
+  * Add UEFI support for ipxe kernel boot
+  * t: Use consistent Mojo::File in 08-autotest as well
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+  * os-autoinst-setup-multi-machine: Only call zypper when necessary
+  * os-autoinst-setup-multi-machine: Improve network interface check
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251025182836794674.93181000773252/_patchinfo

@@ -0,0 +1,28 @@
+<patchinfo incident="packagehub-18">
+  <packager>jsulig</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for amarok</summary>
+  <description>This update for amarok fixes the following issues:
+
+Changes in amarok:
+
+- Update to version 3.3.1
+  * Enable saving and loading script console items, autocompletion
+    in script console, and re-enable some more scripting functionality
+  * Convert the remaining main UI toolbuttons to use icons from theme
+  * Clear out remnants of the now-discontinued MusicDNS service
+  * Fix example permission grant command in database settings (kde#386004)
+  * Fix equalizer gains not updating when selecting some presets (kde#463908)
+  * Fix continuing playback after timecoded tracks (cue files etc, (kde#270003)
+  * Fix MusicBrainz search
+  * Properly start CD playback if Amarok is not already running (kde#503310)
+  * Also transmit embedded cover art through MPRIS (kde#357620)
+  * Don't show transcoding dialog after canceling download (kde#275840)
+  * Load network information earlier to avoid crashes on startup (kde#507497)
+  * Try to export as-compatible-as-possible playlist files (kde#507329)
+  * Fix some random crashes during playback
+
+</description>
+  <package>amarok</package>
+</patchinfo>

patchinfo.20251027101618101208.187004354831441/_patchinfo

@@ -0,0 +1,32 @@
+<patchinfo incident="packagehub-16">
+  <packager>miska</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for knot</summary>
+  <description>This update for knot fixes the following issues:
+
+Changes in knot:
+
+- disable quic in stable releases due to the missing libraries
+
+update to version 3.5.1, see
+
+  https://www.knot-dns.cz/2025-10-16-version-351.html
+
+update to version 3.5.0, see
+
+  https://www.knot-dns.cz/2025-09-18-version-350.html
+
+update to version 3.4.8, see
+
+  https://www.knot-dns.cz/2025-07-29-version-348.html
+
+Use the libngtcp2_crypto_gnutls-devel instead of libngtcp2-devel
+to account for the openssl and gnutls devel files split in ngtcp2.
+
+update to version 3.4.7, see
+
+  https://www.knot-dns.cz/2025-06-04-version-347.html
+</description>
+  <package>knot</package>
+</patchinfo>

patchinfo.20251027101939269288.187004354831441/_patchinfo

@@ -0,0 +1,48 @@
+<patchinfo incident="packagehub-10">
+  <issue tracker="cve" id="2025-10527">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10536">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10528">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10537">Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10529">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10532">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10533">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 115.28, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="bnc" id="1249391">VUL-0: MozillaFirefox / MozillaThunderbird: update to 143.0 and 140.3esr</issue>
+  <packager>Yoshio_Sato</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Changes in MozillaThunderbird:
+
+Mozilla Thunderbird 140.3.0 ESR:
+
+  * Right-clicking 'List-ID' -&gt; 'Unsubscribe' created double encoded
+    draft subject
+  * Thunderbird could crash on startup
+  * Thunderbird could crash when importing mail
+  * Opening Website header link in RSS feed incorrectly re-encoded
+    URL parameters
+  MFSA 2025-78 (bsc#1249391)
+  * CVE-2025-10527
+    Sandbox escape due to use-after-free in the Graphics:
+    Canvas2D component
+  * CVE-2025-10528
+    Sandbox escape due to undefined behavior, invalid pointer in
+    the Graphics: Canvas2D component
+  * CVE-2025-10529
+    Same-origin policy bypass in the Layout component
+  * CVE-2025-10532
+    Incorrect boundary conditions in the JavaScript: GC component
+  * CVE-2025-10533
+    Integer overflow in the SVG component
+  * CVE-2025-10536
+    Information disclosure in the Networking: Cache component
+  * CVE-2025-10537
+    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
+    ESR 140.3, Firefox 143 and Thunderbird 143
+
+</description>
+  <package>MozillaThunderbird</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251027103924170417.187004354831441/_patchinfo

@@ -0,0 +1,27 @@
+<patchinfo incident="packagehub-17">
+  <issue tracker="cve" id="2025-59438">VUL-0: CVE-2025-59438: TRACKERBUG: mbedtls: padding oracle attack possible through timing of cipher error reporting</issue>
+  <packager>dheidler</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for micropython</summary>
+  <description>This update for micropython fixes the following issues:
+
+Changes in micropython:
+
+- Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438
+
+Version 1.26.0:
+
+  * Added machine.I2CTarget for creating I2C target devices on multiple ports.
+  * New MCU support: STM32N6xx (800 MHz, ML accel) &amp; ESP32-C2 (WiFi + BLE).
+  * Major float accuracy boost (~28% → ~98%), constant folding in compiler.
+  * Optimized native/Viper emitters; reduced heap use for slices.
+  * Time functions standardized (1970–2099); new boards across ESP32, SAMD, STM32, Zephyr.
+  * ESP32: ESP-IDF 5.4.2, flash auto-detect, PCNT class, LAN8670 PHY.
+  * RP2: compressed errors, better lightsleep, hard IRQ timers.
+  * Zephyr v4.0.0: PWM, SoftI2C/SPI, BLE runtime services, boot.py/main.py support.
+  * mpremote adds fs tree, improved df, portable config paths.
+  * Updated lwIP, LittleFS, libhydrogen, stm32lib; expanded hardware/CI tests.
+</description>
+  <package>micropython</package>
+</patchinfo>

patchinfo.20251030080843825030.187004354831441/_patchinfo

@@ -0,0 +1,56 @@
+<patchinfo incident="packagehub-12">
+  <issue tracker="cve" id="2025-12441"/>
+  <issue tracker="cve" id="2025-12429"/>
+  <issue tracker="cve" id="2025-12431"/>
+  <issue tracker="cve" id="2025-12444"/>
+  <issue tracker="cve" id="2025-12428"/>
+  <issue tracker="cve" id="2025-12438"/>
+  <issue tracker="cve" id="2025-12435"/>
+  <issue tracker="cve" id="2025-12437"/>
+  <issue tracker="cve" id="2025-12443"/>
+  <issue tracker="cve" id="2025-12430"/>
+  <issue tracker="cve" id="2025-12440"/>
+  <issue tracker="cve" id="2025-12445"/>
+  <issue tracker="cve" id="2025-12446"/>
+  <issue tracker="cve" id="2025-12432"/>
+  <issue tracker="cve" id="2025-12436"/>
+  <issue tracker="cve" id="2025-12434"/>
+  <issue tracker="cve" id="2025-54874">VUL-0: CVE-2025-54874: TRACKERBUG: openjpeg: missing error check can lead to the use of an uninitialized pointer and cause an out-of-bounds heap</issue>
+  <issue tracker="cve" id="2025-12433"/>
+  <issue tracker="bnc" id="1252881">VUL-0: chromium: release 142.0.7444.59</issue>
+  <issue tracker="cve" id="2025-12439"/>
+  <issue tracker="cve" id="2025-12447"/>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 142.0.7444.59, the stable channel promotion of 142.
+
+Security fixes (boo#1252881):
+
+  * CVE-2025-12428: Type Confusion in V8
+  * CVE-2025-12429: Inappropriate implementation in V8
+  * CVE-2025-12430: Object lifecycle issue in Media
+  * CVE-2025-12431: Inappropriate implementation in Extensions
+  * CVE-2025-12432: Race in V8
+  * CVE-2025-12433: Inappropriate implementation in V8
+  * CVE-2025-12434: Race in Storage
+  * CVE-2025-12435: Incorrect security UI in Omnibox
+  * CVE-2025-12436: Policy bypass in Extensions
+  * CVE-2025-12437: Use after free in PageInfo
+  * CVE-2025-12438: Use after free in Ozone
+  * CVE-2025-12439: Inappropriate implementation in App-Bound Encryption
+  * CVE-2025-12440: Inappropriate implementation in Autofill
+  * CVE-2025-12441: Out of bounds read in V8
+  * CVE-2025-12443: Out of bounds read in WebXR
+  * CVE-2025-12444: Incorrect security UI in Fullscreen UI
+  * CVE-2025-12445: Policy bypass in Extensions
+  * CVE-2025-12446: Incorrect security UI in SplitView
+  * CVE-2025-12447: Incorrect security UI in Omnibox
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251030134459405257.187004354831441/_patchinfo

@@ -0,0 +1,24 @@
+<patchinfo incident="packagehub-14">
+  <packager>adrianSuSE</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for product-composer</summary>
+  <description>This update for product-composer fixes the following issues:
+
+Update to version 0.6.16:
+
+  - merge updateinfo's with same id into one
+  - error out on updateinfo with same id, but non-mergable content
+
+Update to version 0.6.15:
+
+  * Support updateinfo handling in arch specific meta data
+
+Update to version 0.6.14:
+
+  * option to disable joliet extensions on media
+  * no joliet extensions on source and debug media anymore
+</description>
+  <package>product-composer</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251104153107003768.187004354831441/_patchinfo

@@ -0,0 +1,63 @@
+<patchinfo incident="packagehub-15">
+  <issue tracker="cve" id="2025-11710"/>
+  <issue tracker="cve" id="2025-11709"/>
+  <issue tracker="cve" id="2025-11715"/>
+  <issue tracker="bnc" id="1247774">[SLFO:Main] [SLES16.0] MozillaFirefox fails to build on s390x</issue>
+  <issue tracker="cve" id="2025-11712"/>
+  <issue tracker="cve" id="2025-11708"/>
+  <issue tracker="cve" id="2025-11714"/>
+  <issue tracker="cve" id="2025-11713"/>
+  <issue tracker="cve" id="2025-11711"/>
+  <issue tracker="bnc" id="1251263">VUL-0: MozillaFirefox / MozillaThunderbird: update to 144.0 and 140.4esr</issue>
+  <packager>MSirringhaus</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Mozilla Thunderbird 140.4:
+
+  * changed: Account Hub is now disabled by default for second
+    email account
+  * changed: Flatpak runtime has been updated to Freedesktop SDK
+    24.08
+  * fixed: Users could not read mail signed with OpenPGP v6 and
+    PQC keys
+  * fixed: Image preview in Insert Image dialog failed with CSP
+    error for web resources
+  * fixed: Emptying trash on exit did not work with some
+    providers
+  * fixed: Thunderbird could crash when applying filters
+  * fixed: Users were unable to override expired mail server
+    certificate
+  * fixed: Opening Website header link in RSS feed incorrectly
+    re-encoded URL parameters
+  * fixed: Security fixes
+
+MFSA 2025-85 (bsc#1251263):
+
+  * CVE-2025-11708
+    Use-after-free in MediaTrackGraphImpl::GetInstance()
+  * CVE-2025-11709
+    Out of bounds read/write in a privileged process triggered by
+    WebGL textures
+  * CVE-2025-11710
+    Cross-process information leaked due to malicious IPC
+    messages
+  * CVE-2025-11711
+    Some non-writable Object properties could be modified
+  * CVE-2025-11712
+    An OBJECT tag type attribute overrode browser behavior on web
+    resources without a content-type
+  * CVE-2025-11713
+    Potential user-assisted code execution in “Copy as cURL”
+    command
+  * CVE-2025-11714
+    Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR
+    140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
+  * CVE-2025-11715
+    Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird
+    ESR 140.4, Firefox 144 and Thunderbird 144
+</description>
+  <package>MozillaThunderbird</package>
+</patchinfo>

patchinfo.20251106083153138720.187004354831441/_patchinfo

@@ -0,0 +1,23 @@
+<patchinfo incident="packagehub-19">
+  <issue tracker="bnc" id="1253089">VUL-0: chromium: release 142.0.7444.134</issue>
+  <issue tracker="cve" id="2025-12727"/>
+  <issue tracker="cve" id="2025-12725"/>
+  <issue tracker="cve" id="2025-12729">VUL-0: chromium: release 142.0.7444.134</issue>
+  <issue tracker="cve" id="2025-12728"/>
+  <issue tracker="cve" id="2025-12726"/>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 142.0.7444.134 (boo#1253089):
+
+  * CVE-2025-12725: Out of bounds write in WebGPU
+  * CVE-2025-12726: Inappropriate implementation in Views
+  * CVE-2025-12727: Inappropriate implementation in V8
+  * CVE-2025-12728: Inappropriate implementation in Omnibox
+  * CVE-2025-12729: Inappropriate implementation in Omnibox
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20251111094408723997.187004354831441/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-20">
+  <packager>adrianSuSE</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for product-composer</summary>
+  <description>This update for product-composer fixes the following issues:
+
+Update to version 0.6.17:
+
+  - fix multiarch media handling of updateinfo id's
+</description>
+  <package>product-composer</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251112154630847363.187004354831441/_patchinfo

@@ -0,0 +1,16 @@
+<patchinfo incident="packagehub-21">
+  <issue tracker="bnc" id="1253267">VUL-0: chromium: release 142.0.7444.162</issue>
+  <issue tracker="cve" id="2025-13042">VUL-0: chromium: release 142.0.7444.162</issue>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 142.0.7444.162 (boo#1253267):
+
+  * CVE-2025-13042: Inappropriate implementation in V8
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251117131718442159.187004354831441/_patchinfo

@@ -0,0 +1,236 @@
+<patchinfo>
+  <issue tracker="bnc" id="1250499">VUL-0: CVE-2025-10924: gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1250497">VUL-0: CVE-2025-10922: gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10922">VUL-0: CVE-2025-10922: gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-2760">VUL-0: CVE-2025-2760: gimp: integer overflow may lead to remote code execution</issue>
+  <issue tracker="bnc" id="1250501">VUL-0: CVE-2025-10925: gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1241690">VUL-0: CVE-2025-2760: gimp: integer overflow may lead to remote code execution</issue>
+  <issue tracker="bnc" id="1250495">VUL-0: CVE-2025-10920: gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10920">VUL-0: CVE-2025-10920: gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10924">VUL-0: CVE-2025-10924: gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10925">VUL-0: CVE-2025-10925: gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <packager>mgorse</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for gimp</summary>
+  <description>This update for gimp fixes the following issues:
+
+Changes in gimp:
+
+Update to 3.0.6:
+
+  - Security:
+
+    - During development, we received reports from the Zero Day
+      Initiative of potential security issues with some of our file
+      import plug-ins. While these issues are very unlikely to
+      occur with real files, developers like Jacob Boerema and Alx
+      Sa proactively improved security for those imports.
+      The resolved reports are:
+      - ZDI-CAN-27793
+      - ZDI-CAN-27823
+      - ZDI-CAN-27836
+      - ZDI-CAN-27878
+      - ZDI-CAN-27863
+      - ZDI-CAN-27684
+
+  - Core:
+
+    - Many false-positive build warnings have been cleaned out (and
+      proper issues fixed).
+    - Various crashes fixed.
+    - When creating a layer mask from the layer's alpha, but the
+      layer has no alpha, simply fill the mask with complete
+      opacity instead of a completely transparent layer.
+    - Various core infrastructure code reviewed, cleaned up,
+      refactored and improved, in drawable, layer and filter
+      handling code, tree view code, and more.
+    - GIMP_ICONS_LIKE_A_BOSS environment variable is not working
+      anymore (because "gtk-menu-images" and "gtk-button-images"
+      have been deprecated in GTK3 and removed in GTK4) and was
+      therefore removed.
+    - Lock Content now shows as an undo step.
+    - Add alpha channel for certain transforms.
+    - Add alpha channel on filter merge, when necessary.
+    - Filters can now be applied non-destructively on channels.
+    - Improved Photoshop brush support.
+    - After deleting a palette entry, the next entry is
+      automatically selected. This allows easily deleting several
+      entries in a row, among other usage.
+    - Resize image to layers irrespective to selections.
+    - Improved in-GUI release notes' demo script language:
+
+      - We can now set a button value to click it: "toolbox:text,
+        tool-options:outline=1, tool-options:outline-direction"
+      - Color selector's module names can be used as identifiers:
+        "color-editor,color-editor:CMYK=1,color-editor:total-ink-coverage"
+
+    - Fixed Alpha to Selection on single layers with no
+      transparency.
+    - Various code is slowly ported to newer code, preparing for
+      GTK4 port (in an unplanned future step):
+
+      - Using g_set_str() (optionally redefining it in our core
+        code to avoid bumping the GLib minimum requirement).
+      - Start using GListModel in various pieces of code, in
+        particular getting rid of more and more usage of
+        GtkTreeView when possible (as it will be deprecated with
+        GTK4).
+      - New GimpRow class for all future row widgets.
+      - Use more of G_DECLARE_DERIVABLE_TYPE and
+        G_DECLARE_FINAL_TYPE where relevant.
+      - New GimpContainerListView using a GtkListBox.
+      - New GimpRowSeparator, GimpRowSettings, GimpRowFilter and
+        GimpRowDrawableFilter widgets.
+
+    - (Experimental) GEX Format was updated.
+    - Palette import:
+
+      - Set alpha value for image palette imports.
+      - Fix Lab &amp; CMYK ACB palette import.
+      - Add palette format filters to import dialog, making it more
+        apparent what palette formats are supported, and giving the
+        ability to hide irrelevant files.
+
+    - Improved filter actions' sensitivity to make sure they are
+      set insensitive when relevant. In particular filters which
+      cannot be run non-destructively (e.g. filters with aux
+      inputs, non-interactive filters and GEGL Graph) must be
+      insensitive when trying to run them on group layers.
+    - Fix bad axis centering on zoom out.
+    - Export better SVG when exporting paths.
+
+  - Tools:
+
+    - Text tool: make sure the default color is only changed when
+      the user confirms the color change.
+    - Foreground Selection tool: do not create a selection when no
+      strokes has been made. In particular this removes the
+      unnecessary delay which happened when switching to another
+      tool without actually stroking anything.
+    - All Transform tools: transform boundaries for preview is now
+      multi-layers aware.
+    - (Experimental) Seamless Clone tool: made to work again,
+      though it is still too slow to get out of Playground.
+
+  - Graphical User Interface:
+
+    - Various improvements to window management:
+
+      - Keep-Above windows are set with the Utility hint.
+      - Utility windows are not made transient to a parent.
+      - Transient factory dialogs follow the active display,
+        ensuring that new image windows would not hide your toolbox
+        and dock windows.
+
+    - Various CSS improvements for styling of the interface. Some
+      theme leaks were also fixed.
+    - New toggle button in Brushes and Fonts dockable, allowing
+      brush and font previews to optionally follow the color theme.
+      For instance, when using a dark theme, the brush and font
+      previews could be drawn on the theme background, using the
+      theme foreground colors. By default, these data previews are
+      still drawn as black on white.
+    - Palette grid is now drawn with the theme's background color.
+    - Consistent naming patterns on human-facing options (first
+      word only capitalized).
+    - About dialog:
+
+      - We will now display the date and time of the last check in
+        a "Up to date as of &lt;date&gt; at &lt;time&gt;" string, differing
+        from the "Last checked on &lt;date&gt; at &lt;time&gt;" string. The
+        former will be used to indicate that GIMP is indeed
+        up-to-date whereas the latter when a new version was
+        released and that you should update.
+      - We now respect the system time/date format on macOS and
+        Windows.
+
+    - The search popup won't pop up without an image.
+    - Better zoom step algorithm for data previews in container
+      popup (e.g. the brush popup in paint Tool Options).
+    - Disable animation in the Input Controller, Preferences and
+      Welcome dialogs for stack transition when animation are
+      disabled in system settings.
+    - Fixed crosshair hotspot on Windows (crosshair cursor for
+      brushes was offset with a non-100% display scale factor).
+    - Debug/CRITICAL dialog:
+
+      - Make sure it is non-modal.
+      - Follow the theme mode under Windows.
+
+    - While loading images, all widgets in the file dialog are made
+      insensitive, except for the Cancel button and the progress
+      bar.
+    - Both grid and list views can now zoom via scroll and zoom
+      gestures (it used to only work in list views).
+    - Pop an error message up on startup when GIO modules to read
+      HTTPS links are not found and that we therefore fail to load
+      the remote gimp_versions.json file. With the AppImage package
+      in particular, we depend on an environment daemon which
+      cannot be shipped in the package. So the next best thing is
+      to warn people and tell them what they should install to get
+      version checks.
+    - Welcome dialog:
+
+      - The "Community Tutorials" link is now shown after the
+        "Documentation" link.
+      - The "Learn more" link in Release Notes tab leads to the
+        actual release news for this version.
+
+  - Plug-ins:
+
+    - PDF export: do not draw disabled layer masks.
+    - Jigsaw: the plug-in can now draw on transparent layers.
+    - Various file format fixes and improvements: JPEG 2000 import,
+      TIFF import, DDS import, SVG import, PSP import, FITS export,
+      ICNS import, Dicom import, WBMP import, Farbfeld import, XWD
+      import, ILBM import.
+    - Sphere Designer: use spin scale instead of spin entries (the
+      latter is unusable with little horizontal space).
+    - Animation Play: frames are shown again in the playback
+      progress bar.
+    - Vala Goat Exercise: ignoring C warning in this Vala plug-in
+      as it is generated code and we cannot control it.
+    - file-gih: brush pipe selection modes now have nice,
+      translatable names.
+    - Metadata viewer: port from GtkTreeView to GtkListBox.
+    - File Raw Data: reduce Raw Data load dialogue height by moving
+      to a 2-column layout.
+    - SVG import: it is now possible to break aspect ratio with
+      specific width/height arguments, when calling the PDB
+      procedure non-interactively (from other plug-ins).
+    - Print: when run through a portal print dialog, the "Image
+      Settings" will be exposed as a secondary dialog, outputted
+      after the portal dialog, instead of a tab on the main print
+      dialog (because it is not possible to tweak the print dialog
+      when it is created by a portal). This will bring back usable
+      workflow of printing with GIMP when run in a sandbox (e.g.
+      Flatpak or Snap).
+    - Recompose: fixed for YCbCr decomposed images.
+    - Fixed vulnerabilities: ZDI-CAN-27684, ZDI-CAN-27863,
+      ZDI-CAN-27878, ZDI-CAN-27836, ZDI-CAN-27823, ZDI-CAN-27793.
+    - C Source and HTML export can now be run non-interactively too
+      (e.g. from other plug-ins).
+    - Map Object: fix missing spin boxes.
+    - Small Tiles: fix display lag.
+
+- CVE-2025-10925: Fix GIMP ILBM file parsing stack-based buffer overflow remote code
+  execution vulnerability. (ZDI-25-914, ZDI-CAN-27793, bsc#1250501)
+
+- CVE-2025-10922: Fix GIMP DCM file parsing heap-based buffer overflow remote code
+  execution vulnerability.  (ZDI-25-911, ZDI-CAN-27863, bsc#1250497)
+
+- CVE-2025-10920: Prevent overflow attack by checking if output &gt;= max, not just
+  output &gt; max. (ZDI-25-909, ZDI-CAN-27684, bsc#1250495)
+
+- CVE-2025-10924: Fix integer overflow while parsing FF files. (bsc#1250499)
+
+- CVE-2025-2760: A vulnerability allows remote attackers to execute arbitrary
+  code on affected installations of GIMP. The specific flaw exists
+  within parsing of XWD files. An integer overflow happens before
+  allocating a buffer. This fixed in GIMP 3.0.0.
+  https://www.gimp.org/news/2025/03/16/gimp-3-0-released
+  (bsc#1241690)
+</description>
+  <package>gimp</package>
+</patchinfo>

staging.config

@@ -1,4 +1,4 @@
 {
   "ObsProject": "openSUSE:Backports:SLE-16.0",
-  "StagingProject": "openSUSE:Backports:SLE-16.0:PullRequest"
+  "StagingProject": "openSUSE:Backports:SLE-16.0:PullRequest",
 }

workflow.config

@@ -1,23 +1,74 @@
 {
-        "Workflows": ["pr"],
-        "GitProjectName": "products/PackageHub#leap-16.0",
-        "Organization": "pool",
-        "Branch": "leap-16.0",
-        "ManualMergeProject": true,
-        "Reviewers": [
-                       "+legaldb",
-                       "-autogits_obs_staging_bot",
-                       "*packagehub-review"
-                     ],
-        "ReviewGroups": [
-                          {
-                             "Name": "packagehub-review",
-                             "Reviewers": [
-                                            "bigironman",
-                                            "lkocman-factory",
-                                            "maxlin_factory",
-                                            "smithfarm"
-                                          ]
-                          }
-                        ]
+  "Workflows": ["pr"],
+  "GitProjectName": "products/PackageHub#leap-16.0",
+  "Organization": "pool",
+  "Branch": "leap-16.0",
+  "ManualMergeProject": true,
+  "NoProjectGitPR": true,
+  "Reviewers": [
+    "-maintenance-release-review",
+    "*opensuse-review",
+    "+legaldb",
+    "-autogits_obs_staging_bot",
+    "-qam-openqa-review"
+  ],
+  "ReviewGroups": [
+    {
+      "Name": "maintenance-release-review",
+      "Reviewers": [
+        "abergmann",
+        "amattiazzo",
+        "bfilho",
+        "cmatos",
+        "crazybyte",
+        "emanuelecappello",
+        "gsonnu",
+        "maintenance-robot",
+        "mauriziogalli",
+        "mbozicevic",
+        "mimi_vx",
+        "mschnitzer",
+        "msmeissn",
+        "pluskalm",
+        "rfrohl",
+        "slemke"
+        ],
+      "Silent": true
+    },
+    {
+      "Name": "opensuse-review",
+      "Reviewers": [
+        "alarrosa",
+        "anag",
+        "atartamo",
+        "bigironman",
+        "darix",
+        "dimstar",
+        "dmach",
+        "eroca",
+        "jdsn",
+        "jengelh",
+        "mcalabkova",
+        "mstrigl",
+        "nkrapp",
+        "oertel",
+        "RBrownSUSE",
+        "simotek",
+        "smithfarm"
+      ],
+      "Silent": true
+    },
+    {
+      "Name": "qam-openqa-review",
+      "Reviewers": [
+        "mimi_vx",
+        "mschnitzer",
+        "msmeissn",
+        "openqa-maintenance",
+        "foursixnine-openqa",
+        "szarate"
+        ],
+      "Silent": true
+    }
+  ]
 }