Update submodules from pool/product-composer#6 and create patchinfo.20251030134459405257.187004354831441/_patchinfo

Update patchinfo incident numbers [skip actions]
Merging
2025-10-30 14:45:13 +01:00 · 2025-10-29 16:01:09 +00:00 · 2025-10-29 16:00:48 +00:00 · 2025-10-29 15:29:34 +00:00 · 2025-10-29 11:37:25 +00:00 · 2025-10-29 11:37:08 +00:00
8 changed files with 91 additions and 3 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -26106,3 +26106,7 @@
 	path = perl-MCP
 	url = ../../pool/perl-MCP
 	branch = leap-16.0
+[submodule "fprintd"]
+	path = fprintd
+	url = ../../pool/fprintd
+	branch = leap-16.0
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/patchinfo.20251023150135882810.90520734224245/_patchinfo
+++ b/patchinfo.20251023150135882810.90520734224245/_patchinfo
@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-9">
+  <packager>dgarcia</packager>
+  <rating>moderate</rating>
+  <category>optional</category>
+  <summary>Optional update for fprintd</summary>
+  <description>
+This update ships fprintd 1.94.4 to openSUSE Leap 16.0 and SLES Package Hub 16.0
+</description>
+  <package>fprintd</package>
+  <seperate_build_arch/>
+</patchinfo>
--- a/patchinfo.20251027101939269288.187004354831441/_patchinfo
+++ b/patchinfo.20251027101939269288.187004354831441/_patchinfo
@@ -0,0 +1,48 @@
+<patchinfo incident="packagehub-10">
+  <issue tracker="cve" id="2025-10527">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10536">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10528">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10537">Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10529">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10532">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10533">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 115.28, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="bnc" id="1249391">VUL-0: MozillaFirefox / MozillaThunderbird: update to 143.0 and 140.3esr</issue>
+  <packager>Yoshio_Sato</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Changes in MozillaThunderbird:
+
+Mozilla Thunderbird 140.3.0 ESR:
+
+  * Right-clicking 'List-ID' -&gt; 'Unsubscribe' created double encoded
+    draft subject
+  * Thunderbird could crash on startup
+  * Thunderbird could crash when importing mail
+  * Opening Website header link in RSS feed incorrectly re-encoded
+    URL parameters
+  MFSA 2025-78 (bsc#1249391)
+  * CVE-2025-10527
+    Sandbox escape due to use-after-free in the Graphics:
+    Canvas2D component
+  * CVE-2025-10528
+    Sandbox escape due to undefined behavior, invalid pointer in
+    the Graphics: Canvas2D component
+  * CVE-2025-10529
+    Same-origin policy bypass in the Layout component
+  * CVE-2025-10532
+    Incorrect boundary conditions in the JavaScript: GC component
+  * CVE-2025-10533
+    Integer overflow in the SVG component
+  * CVE-2025-10536
+    Information disclosure in the Networking: Cache component
+  * CVE-2025-10537
+    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
+    ESR 140.3, Firefox 143 and Thunderbird 143
+
+</description>
+  <package>MozillaThunderbird</package>
+  <seperate_build_arch/>
+</patchinfo>
--- a/patchinfo.20251030134459405257.187004354831441/_patchinfo
+++ b/patchinfo.20251030134459405257.187004354831441/_patchinfo
@@ -0,0 +1,24 @@
+<patchinfo>
+  <packager>adrianSuSE</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for product-composer</summary>
+  <description>This update for product-composer fixes the following issues:
+
+Update to version 0.6.16:
+
+  - merge updateinfo's with same id into one
+  - error out on updateinfo with same id, but non-mergable content
+
+Update to version 0.6.15:
+
+  * Support updateinfo handling in arch specific meta data
+
+Update to version 0.6.14:
+
+  * option to disable joliet extensions on media
+  * no joliet extensions on source and debug media anymore
+</description>
+  <package>product-composer</package>
+  <seperate_build_arch/>
+</patchinfo>
--- a/2
+++ b/2
Author	SHA256	Message	Date
Marcus Meissner	da03c66eed	Update submodules from pool/product-composer#6 and create patchinfo.20251030134459405257.187004354831441/_patchinfo All checks were successful ObsStaging OBS Staging build Details	2025-10-30 14:45:13 +01:00
Patchinfo incident numbering	280b37a43b	Update patchinfo incident numbers [skip actions]	2025-10-29 16:01:09 +00:00
AutoGits PR Review Bot	537ee79523	Merging All checks were successful Patchinfo incident numbering / use-go-action (push) Successful in 17s Details PR: products/PackageHub!196	2025-10-29 16:00:48 +00:00
AutoGits PR Review Bot	1d8648ba28	Merging All checks were successful Patchinfo incident numbering / use-go-action (push) Successful in 16s Details PR: products/PackageHub!198	2025-10-29 15:29:34 +00:00
Patchinfo incident numbering	f42dcc1f68	Update patchinfo incident numbers [skip actions]	2025-10-29 11:37:25 +00:00
AutoGits PR Review Bot	45f8a23cee	Merging All checks were successful Patchinfo incident numbering / use-go-action (push) Successful in 14s Details PR: products/PackageHub!190	2025-10-29 11:37:08 +00:00
Elisei Roca	f089aa345a	Fix melange submodule reference All checks were successful ObsStaging OBS Staging build Details For some reason, pool/melange did not have a leap-16.0 branch. I've created one based on .changes, .spec file and sha256sum of the package source archives.	2025-10-27 16:34:51 +01:00
Marcus Meissner	bd04a8821e	Update submodules from pool/MozillaThunderbird#5 and create patchinfo.20251027101939269288.187004354831441/_patchinfo All checks were successful ObsStaging OBS Staging build Details	2025-10-27 11:20:22 +01:00
Marcus Meissner	47614025ea	Added fprintd to PHUB All checks were successful ObsStaging OBS Staging build Details	2025-10-23 15:06:14 +02:00