Update patchinfo incident numbers [skip actions]

PR: products/PackageHub!216

0Backports/Backports.productcompose

@@ -147,6 +147,8 @@ packagesets:
   - kernel-livepatch-6_12_0-160000_4-rt
   - kernel-livepatch-6_12_0-160000_5-default
   - kernel-livepatch-6_12_0-160000_5-rt
+  - kernel-livepatch-6_12_0-160000_6-default
+  - kernel-livepatch-6_12_0-160000_6-rt
   - kernel-rt-livepatch
   - kernel-rt-livepatch-devel
   - krb5-mini

patchinfo.20251113160751974202.187004354831441/_patchinfo

@@ -0,0 +1,16 @@
+<patchinfo incident="packagehub-28">
+  <packager>adrianSuSE</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for product-composer</summary>
+  <description>This update for product-composer fixes the following issues:
+
+Changes in product-composer:
+
+Update to version 0.6.18:
+
+  - Fix filtering of not used rpms in updateinfo
+</description>
+  <package>product-composer</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251113161402184432.187004354831441/_patchinfo

@@ -0,0 +1,140 @@
+<patchinfo incident="packagehub-29">
+  <packager>mgorse</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gramps</summary>
+  <description>This update for gramps fixes the following issues:
+
+Changes in gramps:
+
+Update to version 6.0.3:
+
+  * Revert “Pass an object rather than a handle to the note editor callback”.
+    Fixes #13884.
+  * Update translations.
+
+Update to version 6.0.2;
+
+  * Fix date modifiers for lt.
+  * Update translation template for new release.
+  * Add optimization to HasIdOf rules.
+  * Connect the Help button in the repository reference editor. Fixes #13352.
+  * Pass an object rather than a handle to the note editor callback. Fixes
+    #13702.
+  * Fix broken compound dates with bce year in XML import. Fixes #13631.
+  * Avoid multiple copies of Rules after Plugin manager reload. Fixes #13844.
+  * Fix bad surname list after upgrade from bsddb. Fixes #13807.
+  * Fix narrated web when two places have same name but a different type. Fixes
+    #13841.
+  * Fix crash in citation view due to wrong filter_info. Fixes #13796.
+  * Don’t attempt to call set_orientation if self.pui is None. Fixes #13820.
+  * Don’t crash in search_changed if self.search_list has no active item. Fixes
+    #13793.
+  * Fix incorrect addons project after upgrade from Gramps 5.2. Fixes #13789.
+  * Respect user choice of CSS files for existing narrated web site. Fixes
+    #13792.
+  * Ensure that the spell checker gets removed with the editor. Fixes #13795.
+  * Fix Optimizer class when combining sub-filters. Fixes #13799.
+  * Remove check for Gtk translations in Snap packages.
+  * Update translations.
+
+Update to version 6.0.1:
+
+  * Update translations: ar, br, ca, cs, de, de_AT, el, en_GB, es, fi, fr, ga,
+    he, it, ja, ko, nb, nl, pl, pt_PT, ro, sk, sv, tr, uk, zh_CN.
+  * Update translation template for new release.
+  * Extend SearchBar so that it supports text search and filters. Fixes #13720.
+  * Fix patronymic in name display. Fixes #13764.
+  * Update links in the README to v6.0.
+  * Update the INSTALL file. Issue #13717.
+
+    + Change install from setup.py to pip.
+    + Update typical installation locations.
+    + Remove the --resourcepath option which no longer exists.
+
+  * Fix wiki help link in the Addon Manager. Fixes #13735.
+  * Remove the outer progress meter from the filter prepare phase. Fixes #13725.
+  * Fix error when importing a GEDCOM file into an existing tree. Fixes #13726.
+  * Avoid empty metadata fields. Fixes #13721.
+  * Update Italian date modifiers.
+
+Update to version 6.0.0:
+
+  * Full changelog available at
+    https://gramps-project.org/blog/2025/03/gramps-6-0-0-released/
+  * Reports
+
+    + The narrative web report has four main improvements:
+
+      - New indexes for big databases.
+      - Add heatmap.
+      - Improve language and hamburger menus.
+      - Show other roles for an event.
+
+    + Other report changes:
+
+      - Add gender symbol option to the detailed descendant, detailed ancestral
+        and descendant report.
+      - Add Gramps ID option to Kinship Report.
+      - Tree reports convert images to thumbnails for embedding. This allows
+        cropped rectangles selected in the media references to be displayed.
+      - Report options are now memorised on a per family tree (database) level.
+
+  * Gramplets
+
+    + Improvements to the backlinks (References) gramplets:
+    + Allow an object to be made active from within the backlinks gramplet.
+    + Add a context menu to make “Edit” and “Make Active” more discoverable.
+    + Allow objects in the backlinks gramplets to be dragged to the clipboard.
+    + Add edit capability to the notes gramplets.
+    + Enhanced version of the Filter gramplet.
+
+  * Selector dialogs
+    + A standard search bar has been added to the person selector dialog. It
+      may default to selecting men or women by default, but selecting on other
+      columns is possible.
+    + It is now possible to select multiple media objects in the media selector
+      and gallery tabs.
+    + The media selector has a new path column.
+
+  * Other changes
+
+    + Improvements to the Probably Alive code.
+    + New rules: “Has Event”, “Has Source” and “Having Note of Type”.
+    + New Gedcom 7.0 event roles: “Father”, Mother”, “Parent”, “Child”, “Multiple”, Friend”, “Neighbour” and “Officiator”.
+    + Allow web-accessible file references in media objects.
+    + Add a preference option for the selection of the toolbar style.
+    + Enhancements to the help display. This is ongoing though.
+    + Enable Web Connection menu in all list views.
+
+Update to version 5.2.4:
+
+  * Fix Citations gramplet to recognize event reference citations. Fixes #13555.
+  * Fix exception when finding relationship to home person. Fixes #13495.
+  * Fix mouse scroll direction in pedigree view.
+  * Fix incorrect usage of exec. As of PEP558, locals() is not populated by
+    exec(). This change means that this call is broken on Python 3.13.
+  * Remove some usage of globals().
+  * Remove unnecessary use of exec.
+  * Test current_date being an empty date in probably alive function. Fixes #13431.
+  * Improve warning message in date_test.py when 3 tests are skipped.
+  * Correctly assign sortval = 0 when a date is EMPTY. Fixes #13415, #13423.
+  * Fix unicode conversion bug when upgrading from schema 16 to 17.
+  * Correct the documentation for the match() method of the Date class. Also
+    added more detail to documentation in 3 other cases. Fixes #13428.
+  * Gramps version output now reports OS rather than Platform. Fixes #12285.
+  * Downgrade upgrade messages from warning to informational level. Fixes #13464.
+  * Fix list size option in the top surnames gramplet. Allow users to specify
+    how many surnames appear in the list from 10 to 1000. Fixes #13448.
+  * Correct misleading description of GUI element placement.
+  * Use the preferred calendar for new dates only in the date editor. Fixes #13403.
+  * Fix docs typo in INSTALL file.
+  * Fix printing of Books. Fixes #12804.
+  * Render reports with styled notes containing subscript and strikethrough. Fixes #13417.
+  * Remove broken link to svn2cl package in the About dialog. Fixes #13152.
+  * Improve media performance in the narrative web report. Fixes #13370.
+  * Updated translations.
+</description>
+  <package>gramps</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251114110535882810.90520734224245/_patchinfo

@@ -0,0 +1,16 @@
+<patchinfo incident="packagehub-22">
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for certbot</summary>
+  <description>This update for certbot fixes the following issues:
+
+This update adds the certbot stack. (python modules: ConfigArgParse, acme, certbot, certbot-nginx, josepy, pyRFC3339).
+</description>
+<package>python-ConfigArgParse</package>
+<package>python-acme</package>
+<package>python-certbot</package>
+<package>python-certbot-nginx</package>
+<package>python-josepy</package>
+<package>python-pyRFC3339</package>
+</patchinfo>

patchinfo.20251117132013106524.187004354831441/_patchinfo

@@ -0,0 +1,31 @@
+<patchinfo incident="packagehub-23">
+  <issue tracker="bnc" id="1238516">quilt: cannot refresh patches for non-x86 code</issue>
+  <issue tracker="bnc" id="1236907">rpm,quilt: update to rpm 4.20 breaks many "quilt setup" invocations</issue>
+  <packager>jdelvare</packager>
+  <rating>important</rating>
+  <category>recommended</category>
+  <summary>Recommended update for quilt</summary>
+  <description>This update for quilt fixes the following issues:
+
+Changes in quilt:
+
+Update to version 0.69:
+
+  * Fix escaping of % and backslash in patch names
+  * new: Stop claiming support of option -p ab
+  * patches: Several performance optimizations
+  * series: Simplify the code
+
+- Make it possible to run "quilt setup" on a spec file which excludes the local
+  architecture (boo#1238516).
+
+- Fix building noarch packages with rpm &gt;= 4.20 (boo#1236907).
+- Make it possible to preprocess spec files which do not comply with the standard. Most
+  notably multibuild OBS spec files need to be preprocessed. Use
+  option "--spec-filter=obs" for these (boo#1236907).
+- Detect the change of build root path hierarchy introduced by rpm 4.20 (boo#1236907).
+- Install the bash completion file to the right directory (reported
+  by rpmlint).
+</description>
+  <package>quilt</package>
+</patchinfo>

patchinfo.20251118105940725571.187004354831441/_patchinfo

@@ -0,0 +1,19 @@
+<patchinfo incident="packagehub-24">
+  <issue tracker="bnc" id="1253698">(CVE-2025-13223) (CVE-2025-13224) VUL-0 chromium: release 142.0.7444.175</issue>
+  <issue tracker="cve" id="2025-13224">(CVE-2025-13223) (CVE-2025-13224) VUL-0 chromium: release 142.0.7444.175</issue>
+  <issue tracker="cve" id="2025-13223"/>
+  <packager>oertel</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+Chromium 142.0.7444.175 (boo#1253698):
+
+  * CVE-2025-13223: Type Confusion in V8
+  * CVE-2025-13224: Type Confusion in V8
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20251118110024655567.187004354831441/_patchinfo

@@ -0,0 +1,67 @@
+<patchinfo incident="packagehub-27">
+  <issue tracker="cve" id="2025-13016">firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component</issue>
+  <issue tracker="cve" id="2025-13019">firefox: Same-origin policy bypass in the DOM: Workers component</issue>
+  <issue tracker="cve" id="2025-13020">firefox: Use-after-free in the WebRTC: Audio/Video component</issue>
+  <issue tracker="cve" id="2025-13017">firefox: Same-origin policy bypass in the DOM: Notifications component</issue>
+  <issue tracker="cve" id="2025-13015">firefox: Spoofing issue in Firefox</issue>
+  <issue tracker="cve" id="2025-13012">VUL-0: MozillaFirefox / MozillaThunderbird: update to 145.0 and 140.5esr</issue>
+  <issue tracker="cve" id="2025-13018">firefox: Mitigation bypass in the DOM: Security component</issue>
+  <issue tracker="cve" id="2025-13014">firefox: Use-after-free in the Audio/Video component</issue>
+  <issue tracker="cve" id="2025-13013">firefox: Mitigation bypass in the DOM: Core &amp; HTML component</issue>
+  <issue tracker="bnc" id="1253188">VUL-0: MozillaFirefox / MozillaThunderbird: update to 145.0 and 140.5esr</issue>
+  <packager>Yoshio_Sato</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Changes in MozillaThunderbird:
+
+Mozilla Thunderbird 140.5.0 ESR
+
+MFSA 2025-91 (bsc#1253188):
+
+  * CVE-2025-13012
+    Race condition in the Graphics component
+  * CVE-2025-13016
+    Incorrect boundary conditions in the JavaScript: WebAssembly
+    component
+  * CVE-2025-13017
+    Same-origin policy bypass in the DOM: Notifications component
+  * CVE-2025-13018
+    Mitigation bypass in the DOM: Security component
+  * CVE-2025-13019
+    Same-origin policy bypass in the DOM: Workers component
+  * CVE-2025-13013
+    Mitigation bypass in the DOM: Core &amp; HTML component
+  * CVE-2025-13020
+    Use-after-free in the WebRTC: Audio/Video component
+  * CVE-2025-13014
+    Use-after-free in the Audio/Video component
+  * CVE-2025-13015
+    Spoofing issue in Thunderbird
+  * fixed: Could not drag and drop ICS file to Today Pane
+  * fixed: With Thunderbird closed, clicking a 'mailto:' link to
+    send signed message failed
+  * fixed: Upgrade from 128.x-&gt;140.x broke authentication for
+    @att.net using Yahoo backend
+
+Mozilla Thunderbird 140.4.0 ESR
+
+  * Account Hub is now disabled by default for second email account
+  * Users could not read mail signed with OpenPGP v6 and PQC keys
+  * Image preview in Insert Image dialog failed with CSP error for web resources
+  * Emptying trash on exit did not work with some providers
+  * Thunderbird could crash when applying filters
+  * Users were unable to override expired mail server certificate
+  * Opening Website header link in RSS feed incorrectly re-encoded
+    URL parameters
+
+Mozilla Thunderbird 140.3.1 ESR:
+
+  * several bugfixes listed here
+    https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes
+-------------------------------------------------------------------
+</description>
+  <package>MozillaThunderbird</package>
+</patchinfo>

patchinfo.20251119124936938893.187004354831441/_patchinfo

@@ -0,0 +1,25 @@
+<patchinfo incident="packagehub-26">
+  <packager>cfconrad</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for synce4l</summary>
+  <description>This update for synce4l fixes the following issues:
+
+synce4l was updated to 1.1.1:
+
+  * fix possible resource leak
+  * fix requested thread stack size
+  * fix scorecard.yml
+  * initialize pin ID to -1
+  * fix crash in dpll_rt_recv()
+  * create scorecard.yml
+  * unlink smc_socket_path before binding
+  * check smc_socket_path length
+  * change default smc_socket_path to /run/synce4l_socket
+  * fix more compiler warnings
+
+- Initial packaging of version 1.0.0.
+</description>
+  <package>synce4l</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251119130842836205.187004354831441/_patchinfo

@@ -0,0 +1,54 @@
+<patchinfo incident="packagehub-25">
+  <issue tracker="bnc" id="1247368">nmon does not support max cpu configuration</issue>
+  <packager>dirkmueller</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for nmon</summary>
+  <description>This update for nmon fixes the following issues:
+
+Changes in nmon:
+
+- Increase CPU MAX to 2048 (bsc#1247368)
+
+update to 16q:
+
+  * bugfixes
+  * POWER pool_capacity now correctly divided by 100.
+  * Online view POWER Welcome panel on POWER reports the top MHz
+  Small changes only:
+  * Boottime shown online in the Kernel "k" panel
+  * Utilisation stats: /proc/stat now reports 10 Utilisation stats
+  * Bug caused Seg Faults core dumps fixed while collecting to a
+  * Fix: Improved memory handling for extreme numbers of processes
+    (1000's) or rapid exec of processes  (100's in a millisecond)
+    for large Linux servers. We have examples on Intel of 80 CPU
+  * Online Dot "." command no longer also changes what is displayed
+    as users said it was confusing.
+  * Minor online start-up flash screen text changes to include C
+    concise CPU stats and U for full  Utilisation stats (all 10 of
+    them) instead of a file.
+  * Copyright and GPL v3 notice in the code plus online "h" and
+  * Source code re-indented.
+  * Fixes for Welcome screen on Mainframe
+  * Fixed for Curses handling when collecting data to file - big
+    bug for main frame and x86.
+  * Fixes for Welcome screen on Mainframe
+  * Fixed for Curses handling when collecting data to file - big
+    bug for main frame and x86.
+    + You need a S822LC With NVIDIA GPU(s) and Nvidia Library
+      installed libnvidia-ml.so
+  * CPU Wide View - online view for up to 192 CPUs
+  * CPU MHz per Core ratings for machine that allow cores with
+    different MHz - online &amp; saved to file
+  * lscpu stats capture - online &amp; to file
+  * Z experiment mode showing CPU interrupts - Renamed U stats in
+    version 16b - online only
+  * Online colourising stats to aid usability - online only
+  * Massive improvement in help information: nmon -? and nmon -h
+  * Code change to alphabetic order for getopt() and key input
+  * New nmon logo on flash screen - online only
+  * Extra kernel stats - online only
+</description>
+  <package>nmon</package>
+  <seperate_build_arch/>
+</patchinfo>