Update patchinfo incident numbers [skip actions]

PR: products/PackageHub!338

.gitmodules

@@ -290,6 +290,10 @@
 	path = PrusaSlicer
 	url = ../../pool/PrusaSlicer
 	branch = leap-16.0
+[submodule "dehydrated"]
+	path = dehydrated
+	url = ../../pool/dehydrated
+	branch = leap-16.0
 [submodule "QR-Code-generator"]
 	path = QR-Code-generator
 	url = ../../pool/QR-Code-generator

patchinfo.20251117131718442159.187004354831441/_patchinfo

@@ -0,0 +1,236 @@
+<patchinfo incident="packagehub-81">
+  <issue tracker="bnc" id="1250499">VUL-0: CVE-2025-10924: gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1250497">VUL-0: CVE-2025-10922: gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10922">VUL-0: CVE-2025-10922: gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-2760">VUL-0: CVE-2025-2760: gimp: integer overflow may lead to remote code execution</issue>
+  <issue tracker="bnc" id="1250501">VUL-0: CVE-2025-10925: gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1241690">VUL-0: CVE-2025-2760: gimp: integer overflow may lead to remote code execution</issue>
+  <issue tracker="bnc" id="1250495">VUL-0: CVE-2025-10920: gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10920">VUL-0: CVE-2025-10920: gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10924">VUL-0: CVE-2025-10924: gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10925">VUL-0: CVE-2025-10925: gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <packager>mgorse</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for gimp</summary>
+  <description>This update for gimp fixes the following issues:
+
+Changes in gimp:
+
+Update to 3.0.6:
+
+  - Security:
+
+    - During development, we received reports from the Zero Day
+      Initiative of potential security issues with some of our file
+      import plug-ins. While these issues are very unlikely to
+      occur with real files, developers like Jacob Boerema and Alx
+      Sa proactively improved security for those imports.
+      The resolved reports are:
+      - ZDI-CAN-27793
+      - ZDI-CAN-27823
+      - ZDI-CAN-27836
+      - ZDI-CAN-27878
+      - ZDI-CAN-27863
+      - ZDI-CAN-27684
+
+  - Core:
+
+    - Many false-positive build warnings have been cleaned out (and
+      proper issues fixed).
+    - Various crashes fixed.
+    - When creating a layer mask from the layer's alpha, but the
+      layer has no alpha, simply fill the mask with complete
+      opacity instead of a completely transparent layer.
+    - Various core infrastructure code reviewed, cleaned up,
+      refactored and improved, in drawable, layer and filter
+      handling code, tree view code, and more.
+    - GIMP_ICONS_LIKE_A_BOSS environment variable is not working
+      anymore (because "gtk-menu-images" and "gtk-button-images"
+      have been deprecated in GTK3 and removed in GTK4) and was
+      therefore removed.
+    - Lock Content now shows as an undo step.
+    - Add alpha channel for certain transforms.
+    - Add alpha channel on filter merge, when necessary.
+    - Filters can now be applied non-destructively on channels.
+    - Improved Photoshop brush support.
+    - After deleting a palette entry, the next entry is
+      automatically selected. This allows easily deleting several
+      entries in a row, among other usage.
+    - Resize image to layers irrespective to selections.
+    - Improved in-GUI release notes' demo script language:
+
+      - We can now set a button value to click it: "toolbox:text,
+        tool-options:outline=1, tool-options:outline-direction"
+      - Color selector's module names can be used as identifiers:
+        "color-editor,color-editor:CMYK=1,color-editor:total-ink-coverage"
+
+    - Fixed Alpha to Selection on single layers with no
+      transparency.
+    - Various code is slowly ported to newer code, preparing for
+      GTK4 port (in an unplanned future step):
+
+      - Using g_set_str() (optionally redefining it in our core
+        code to avoid bumping the GLib minimum requirement).
+      - Start using GListModel in various pieces of code, in
+        particular getting rid of more and more usage of
+        GtkTreeView when possible (as it will be deprecated with
+        GTK4).
+      - New GimpRow class for all future row widgets.
+      - Use more of G_DECLARE_DERIVABLE_TYPE and
+        G_DECLARE_FINAL_TYPE where relevant.
+      - New GimpContainerListView using a GtkListBox.
+      - New GimpRowSeparator, GimpRowSettings, GimpRowFilter and
+        GimpRowDrawableFilter widgets.
+
+    - (Experimental) GEX Format was updated.
+    - Palette import:
+
+      - Set alpha value for image palette imports.
+      - Fix Lab &amp; CMYK ACB palette import.
+      - Add palette format filters to import dialog, making it more
+        apparent what palette formats are supported, and giving the
+        ability to hide irrelevant files.
+
+    - Improved filter actions' sensitivity to make sure they are
+      set insensitive when relevant. In particular filters which
+      cannot be run non-destructively (e.g. filters with aux
+      inputs, non-interactive filters and GEGL Graph) must be
+      insensitive when trying to run them on group layers.
+    - Fix bad axis centering on zoom out.
+    - Export better SVG when exporting paths.
+
+  - Tools:
+
+    - Text tool: make sure the default color is only changed when
+      the user confirms the color change.
+    - Foreground Selection tool: do not create a selection when no
+      strokes has been made. In particular this removes the
+      unnecessary delay which happened when switching to another
+      tool without actually stroking anything.
+    - All Transform tools: transform boundaries for preview is now
+      multi-layers aware.
+    - (Experimental) Seamless Clone tool: made to work again,
+      though it is still too slow to get out of Playground.
+
+  - Graphical User Interface:
+
+    - Various improvements to window management:
+
+      - Keep-Above windows are set with the Utility hint.
+      - Utility windows are not made transient to a parent.
+      - Transient factory dialogs follow the active display,
+        ensuring that new image windows would not hide your toolbox
+        and dock windows.
+
+    - Various CSS improvements for styling of the interface. Some
+      theme leaks were also fixed.
+    - New toggle button in Brushes and Fonts dockable, allowing
+      brush and font previews to optionally follow the color theme.
+      For instance, when using a dark theme, the brush and font
+      previews could be drawn on the theme background, using the
+      theme foreground colors. By default, these data previews are
+      still drawn as black on white.
+    - Palette grid is now drawn with the theme's background color.
+    - Consistent naming patterns on human-facing options (first
+      word only capitalized).
+    - About dialog:
+
+      - We will now display the date and time of the last check in
+        a "Up to date as of &lt;date&gt; at &lt;time&gt;" string, differing
+        from the "Last checked on &lt;date&gt; at &lt;time&gt;" string. The
+        former will be used to indicate that GIMP is indeed
+        up-to-date whereas the latter when a new version was
+        released and that you should update.
+      - We now respect the system time/date format on macOS and
+        Windows.
+
+    - The search popup won't pop up without an image.
+    - Better zoom step algorithm for data previews in container
+      popup (e.g. the brush popup in paint Tool Options).
+    - Disable animation in the Input Controller, Preferences and
+      Welcome dialogs for stack transition when animation are
+      disabled in system settings.
+    - Fixed crosshair hotspot on Windows (crosshair cursor for
+      brushes was offset with a non-100% display scale factor).
+    - Debug/CRITICAL dialog:
+
+      - Make sure it is non-modal.
+      - Follow the theme mode under Windows.
+
+    - While loading images, all widgets in the file dialog are made
+      insensitive, except for the Cancel button and the progress
+      bar.
+    - Both grid and list views can now zoom via scroll and zoom
+      gestures (it used to only work in list views).
+    - Pop an error message up on startup when GIO modules to read
+      HTTPS links are not found and that we therefore fail to load
+      the remote gimp_versions.json file. With the AppImage package
+      in particular, we depend on an environment daemon which
+      cannot be shipped in the package. So the next best thing is
+      to warn people and tell them what they should install to get
+      version checks.
+    - Welcome dialog:
+
+      - The "Community Tutorials" link is now shown after the
+        "Documentation" link.
+      - The "Learn more" link in Release Notes tab leads to the
+        actual release news for this version.
+
+  - Plug-ins:
+
+    - PDF export: do not draw disabled layer masks.
+    - Jigsaw: the plug-in can now draw on transparent layers.
+    - Various file format fixes and improvements: JPEG 2000 import,
+      TIFF import, DDS import, SVG import, PSP import, FITS export,
+      ICNS import, Dicom import, WBMP import, Farbfeld import, XWD
+      import, ILBM import.
+    - Sphere Designer: use spin scale instead of spin entries (the
+      latter is unusable with little horizontal space).
+    - Animation Play: frames are shown again in the playback
+      progress bar.
+    - Vala Goat Exercise: ignoring C warning in this Vala plug-in
+      as it is generated code and we cannot control it.
+    - file-gih: brush pipe selection modes now have nice,
+      translatable names.
+    - Metadata viewer: port from GtkTreeView to GtkListBox.
+    - File Raw Data: reduce Raw Data load dialogue height by moving
+      to a 2-column layout.
+    - SVG import: it is now possible to break aspect ratio with
+      specific width/height arguments, when calling the PDB
+      procedure non-interactively (from other plug-ins).
+    - Print: when run through a portal print dialog, the "Image
+      Settings" will be exposed as a secondary dialog, outputted
+      after the portal dialog, instead of a tab on the main print
+      dialog (because it is not possible to tweak the print dialog
+      when it is created by a portal). This will bring back usable
+      workflow of printing with GIMP when run in a sandbox (e.g.
+      Flatpak or Snap).
+    - Recompose: fixed for YCbCr decomposed images.
+    - Fixed vulnerabilities: ZDI-CAN-27684, ZDI-CAN-27863,
+      ZDI-CAN-27878, ZDI-CAN-27836, ZDI-CAN-27823, ZDI-CAN-27793.
+    - C Source and HTML export can now be run non-interactively too
+      (e.g. from other plug-ins).
+    - Map Object: fix missing spin boxes.
+    - Small Tiles: fix display lag.
+
+- CVE-2025-10925: Fix GIMP ILBM file parsing stack-based buffer overflow remote code
+  execution vulnerability. (ZDI-25-914, ZDI-CAN-27793, bsc#1250501)
+
+- CVE-2025-10922: Fix GIMP DCM file parsing heap-based buffer overflow remote code
+  execution vulnerability.  (ZDI-25-911, ZDI-CAN-27863, bsc#1250497)
+
+- CVE-2025-10920: Prevent overflow attack by checking if output &gt;= max, not just
+  output &gt; max. (ZDI-25-909, ZDI-CAN-27684, bsc#1250495)
+
+- CVE-2025-10924: Fix integer overflow while parsing FF files. (bsc#1250499)
+
+- CVE-2025-2760: A vulnerability allows remote attackers to execute arbitrary
+  code on affected installations of GIMP. The specific flaw exists
+  within parsing of XWD files. An integer overflow happens before
+  allocating a buffer. This fixed in GIMP 3.0.0.
+  https://www.gimp.org/news/2025/03/16/gimp-3-0-released
+  (bsc#1241690)
+</description>
+  <package>gimp</package>
+</patchinfo>

patchinfo.20251227105430923343.187004354831441/_patchinfo

@@ -0,0 +1,33 @@
+<patchinfo incident="packagehub-73">
+  <packager>pgajdos</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for apache2-mod_wsgi</summary>
+  <description>This update for apache2-mod_wsgi fixes the following issues:
+
+Changes in apache2-mod_wsgi:
+
+- Don't enable the module by default. Instead, include instructions in the
+  description, consistent with other comparable modules, such as
+  apache2-mod_fcgid, apache2-mod_jk and apache2-mod_mono.  If a reverse
+  dependency of this module requires it, that package may execute
+  `a2enmod wsgi`.
+
+Update to 5.0.2 includes changes from 5.0.1:
+
+  * Eliminate noise in logs under Python 3.13 when Python garbage collection
+    decides to delay destruction of objects until a second phase, resulting in
+    the wsgi.errors log object being accessed after the request had been
+    completed and the log object marked as invalid. This resulted due to changes
+    in garbage collection behaviour in Python 3.13.
+  * Internally, when using Python 3.8 or newer, the PyConfig API will now be
+    used due to deprecation and future removal of older C API alternatives.
+    This was required to support Python 3.13.
+  * Fix issue which could result in process crashing when values were supplied
+    for user/password/realm of HTTP basic authentication which weren’t
+    compliant with UTF-8 encoding format.
+  * Fix memory leak in check_password() authentication hook handler.
+  * Change use of deprecated thread.setDaemon to thread.daemon.
+</description>
+  <package>apache2-mod_wsgi</package>
+</patchinfo>

patchinfo.20260106152652552214.93181000773252/_patchinfo

@@ -0,0 +1,12 @@
+<patchinfo incident="packagehub-71">
+  <packager>miska</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for knot</summary>
+  <description>This update for knot fixes the following issues:
+
+- update to version 3.5.2, see
+  https://www.knot-dns.cz/2025-11-28-version-352.html
+</description>
+  <package>knot</package>
+</patchinfo>

patchinfo.20260106152825813077.93181000773252/_patchinfo

@@ -0,0 +1,12 @@
+<patchinfo incident="packagehub-85">
+  <issue tracker="bnc" id="1254975">niri doesn't set the right portal notification proxy</issue>
+  <packager>mantarimay</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for niri</summary>
+  <description>This update for niri fixes the following issues:
+
+- Fixed portal notification proxy (boo#1254975)
+</description>
+  <package>niri</package>
+</patchinfo>

patchinfo.20260113100304813079.93181000773252/_patchinfo

@@ -0,0 +1,47 @@
+<patchinfo incident="packagehub-72">
+  <issue tracker="cve" id="2025-14325">firefox: JIT miscompilation in the JavaScript Engine: JIT component</issue>
+  <issue tracker="cve" id="2025-14321">firefox: Use-after-free in the WebRTC: Signaling component</issue>
+  <issue tracker="cve" id="2025-14328">firefox: Privilege escalation in the Netmonitor component</issue>
+  <issue tracker="cve" id="2025-14323">firefox: Privilege escalation in the DOM: Notifications component</issue>
+  <issue tracker="cve" id="2025-14322">firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component</issue>
+  <issue tracker="bnc" id="1254551">VUL-0: MozillaFirefox / MozillaThunderbird: update to 146.0 and 140.6esr</issue>
+  <issue tracker="cve" id="2025-14324">firefox: JIT miscompilation in the JavaScript Engine: JIT component</issue>
+  <issue tracker="cve" id="2025-14330">firefox: JIT miscompilation in the JavaScript Engine: JIT component</issue>
+  <issue tracker="cve" id="2025-14329">firefox: Privilege escalation in the Netmonitor component</issue>
+  <issue tracker="cve" id="2025-14331">firefox: Same-origin policy bypass in the Request Handling component</issue>
+  <issue tracker="cve" id="2025-14333">firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146</issue>
+  <packager>Yoshio_Sato</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Changes in MozillaThunderbird:
+
+- Mozilla Thunderbird 140.6.0 ESR
+  MFSA 2025-96 (bsc#1254551)
+  * CVE-2025-14321 (bmo#1992760)
+    Use-after-free in the WebRTC: Signaling component
+  * CVE-2025-14322 (bmo#1996473)
+    Sandbox escape due to incorrect boundary conditions in the
+    Graphics: CanvasWebGL component
+  * CVE-2025-14323 (bmo#1996555)
+    Privilege escalation in the DOM: Notifications component
+  * CVE-2025-14324 (bmo#1996840)
+    JIT miscompilation in the JavaScript Engine: JIT component
+  * CVE-2025-14325 (bmo#1998050)
+    JIT miscompilation in the JavaScript Engine: JIT component
+  * CVE-2025-14328 (bmo#1996761)
+    Privilege escalation in the Netmonitor component
+  * CVE-2025-14329 (bmo#1997018)
+    Privilege escalation in the Netmonitor component
+  * CVE-2025-14330 (bmo#1997503)
+    JIT miscompilation in the JavaScript Engine: JIT component
+  * CVE-2025-14331 (bmo#2000218)
+    Same-origin policy bypass in the Request Handling component
+  * CVE-2025-14333 (bmo#1966501, bmo#1997639)
+    Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird
+    ESR 140.6, Firefox 146 and Thunderbird 146
+</description>
+  <package>MozillaThunderbird</package>
+</patchinfo>

patchinfo.20260113100344517680.93181000773252/_patchinfo

@@ -0,0 +1,45 @@
+<patchinfo incident="packagehub-70">
+  <issue tracker="cve" id="2025-69195"/>
+  <issue tracker="bnc" id="1255729">VUL-0: CVE-2025-69195: wget2: memory corruption and crash via filename sanitization logic with attacker-controlled URLs</issue>
+  <issue tracker="cve" id="2025-69194"/>
+  <issue tracker="bnc" id="1255728">VUL-0: CVE-2025-69194: wget2: arbitrary file write via Metalink path traversal</issue>
+  <packager>jengelh</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for wget2</summary>
+  <description>This update for wget2 fixes the following issues:
+
+Changes in wget2:
+
+- Update to release 2.2.1
+  * Fix file overwrite issue with metalink [CVE-2025-69194 bsc#1255728]
+  * Fix remote buffer overflow in get_local_filename_real()
+    [CVE-2025-69195 bsc#1255729]
+  * Fix a redirect/mirror regression from 400713ca
+  * Use the local system timestamp when requested via
+    --no-use-server-timestamps
+  * Prevent file truncation with --no-clobber
+  * Improve messages about why URLs are not being followed
+  * Fix metalink with -O/--output-document
+  * Fix sorting of metalink mirrors by priority
+  * Add --show-progress to improve backwards compatibility to wget
+  * Fix buffer overflow in wget_iri_clone() after
+    wget_iri_set_scheme()
+  * Allow 'no_' prefix in config options
+  * Use libnghttp2 for HTTP/2 testing
+  * Set exit status to 8 on 403 response code
+  * Fix convert-links
+  * Fix --server-response for HTTP/1.1
+
+- Update to release 2.2.0
+  * Don't truncate file when -c and -O are combined
+  * Don't log URI userinfo to logs
+  * Fix downloading multiple files via HTTP/2
+  * Support connecting with HTTP/1.0 proxies
+  * Ignore 1xx HTTP responses for HTTP/1.1
+  * Disable TCP Fast Open by default
+  * Fix segfault when OCSP response is missing
+  * Add libproxy support
+</description>
+  <package>wget2</package>
+</patchinfo>

patchinfo.20260113125217848639.93181000773252/_patchinfo

@@ -1,4 +1,4 @@
-<patchinfo>
+<patchinfo incident="packagehub-69">
   <packager>os-autoinst-obs-workflow</packager>
   <rating>moderate</rating>
   <category>recommended</category>
@@ -42,4 +42,4 @@ Changes in openQA-devel-container:
   <package>os-autoinst:os-autoinst-devel-test</package>
   <package>os-autoinst:os-autoinst-openvswitch-test</package>
   <package>openQA-devel-container</package>
-</patchinfo>
+</patchinfo>

patchinfo.20260113130548514612.93181000773252/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-74">
+  <issue tracker="bnc" id="1255237">scripts it $XDG_CONFIG_DIRS/plasma-workspace/env stop working after ibus update</issue>
+  <packager>ftake</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for fcitx5</summary>
+  <description>This update for fcitx5 fixes the following issues:
+
+
+- Use return instead of exit in 20-fcitx-plasma-setup.sh (boo#1255237)
+- Replace "IBus" with "Fcitx" in a log message
+</description>
+  <package>fcitx5</package>
+</patchinfo>

patchinfo.20260115100809875766.93181000773252/_patchinfo

@@ -0,0 +1,35 @@
+<patchinfo incident="packagehub-80">
+  <issue tracker="cve" id="2026-0907">VUL-0: chromium: release 144.0.7559.59</issue>
+  <issue tracker="cve" id="2026-0908">VUL-0: chromium: release 144.0.7559.59</issue>
+  <issue tracker="cve" id="2026-0901">VUL-0: chromium: release 144.0.7559.59</issue>
+  <issue tracker="cve" id="2026-0902">VUL-0: chromium: release 144.0.7559.59</issue>
+  <issue tracker="cve" id="2026-0906">VUL-0: chromium: release 144.0.7559.59</issue>
+  <issue tracker="cve" id="2026-0903">VUL-0: chromium: release 144.0.7559.59</issue>
+  <issue tracker="cve" id="2026-0905">VUL-0: chromium: release 144.0.7559.59</issue>
+  <issue tracker="cve" id="2026-0900">VUL-0: chromium: release 144.0.7559.59</issue>
+  <issue tracker="cve" id="2026-0904">VUL-0: chromium: release 144.0.7559.59</issue>
+  <issue tracker="cve" id="2026-0899">VUL-0: chromium: release 144.0.7559.59</issue>
+  <issue tracker="bnc" id="1256614">VUL-0: chromium: release 144.0.7559.59</issue>
+  <packager>oertel</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+- Chromium 144.0.7559.59 (boo#1256614)
+  * CVE-2026-0899: Out of bounds memory access in V8
+  * CVE-2026-0900: Inappropriate implementation in V8
+  * CVE-2026-0901: Inappropriate implementation in Blink
+  * CVE-2026-0902: Inappropriate implementation in V8
+  * CVE-2026-0903: Insufficient validation of untrusted input in Downloads
+  * CVE-2026-0904: Incorrect security UI in Digital Credentials
+  * CVE-2026-0905: Insufficient policy enforcement in Network
+  * CVE-2026-0906: Incorrect security UI
+  * CVE-2026-0907: Incorrect security UI in Split View
+  * CVE-2026-0908: Use after free in ANGLE
+- use noopenh264 where available
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20260115100949201882.93181000773252/_patchinfo

@@ -0,0 +1,55 @@
+<patchinfo incident="packagehub-79">
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst, openQA-devel-container</summary>
+  <description>This update for openQA, os-autoinst, openQA-devel-container fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1768323619.9a70ab91:
+  * refactor: Extend tests of df-based cleanup
+  * fix: Avoid wrong deletion of archived jobs in df-based cleanup
+  * refactor: Move logic for validating percentage into helper
+  * refactor: Clarify wording in comment regarding job cleanup
+  * Use template literals in certain JavaScript code
+  * Retry delete_needles job on server restart
+  * Add test for _delete_needles
+  * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown
+  * feat: Improve rendering results on the scheduled product page
+
+- Update to version 5.1768209690.f34c2973:
+  * feat(scheduled-products): Allow adding note to result data
+  * docs: Use node_modules target
+  * docs: Mention minimum PostgreSQL version
+  * ci: Update PostgreSQL in CI/packaging to at least 14
+  * Revert "Add MCP tool annotations for Claude connector compliance"
+
+- Update to version 5.1767868268.dacbd3f7:
+  * Add MCP tool annotations for Claude connector compliance
+
+Changes in os-autoinst:
+
+- Update to version 5.1768317525.86a9a7f:
+  * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks
+  * Remove deprecated BIOS and UEFI_PFLASH variables
+  * Add documentation of APPEND variable
+  * Add undocumented KERNEL/INITRD to the supported variables
+  * os-autoinst-generate-needle-preview: Embed PNG
+
+Changes in openQA-devel-container:
+
+- Update to version 5.1768323619.9a70ab916:
+  * Update to latest openQA version
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <package>openQA-devel-container</package>
+</patchinfo>

patchinfo.20260115101101937926.93181000773252/_patchinfo

@@ -0,0 +1,22 @@
+<patchinfo incident="packagehub-83">
+  <issue tracker="jsc" id="PED-1942">feature request for adding ipvlan support to wicked for SLES15</issue>
+  <packager>cfconrad</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for wicked</summary>
+  <description>This update for wicked fixes the following issues:
+
+Changes in wicked:
+
+- Update to version 0.6.78
+  - man: small fixes in wireless manpage (gh#opensuse/wicked#1053)
+  - rtnetlink: fix RTM_NEWLINK name resolution in debug (gh#opensuse/wicked#1052)
+  - Add support for IPVLAN/IPVTAP (jsc#PED-1942, gh#opensuse/wicked#1050, gh#opensuse/wicked#1051)
+  - fsm: remove children reference array from worker (gh#opensuse/wicked#1049)
+  - ifxml: migrate and generate lower configs/policies (gh#opensuse/wicked#1048)
+  - fsm: use refcount and array macros in worker and policy (gh#opensuse/wicked#1047)
+  - route: use refcounted array and fix error leaks (gh#opensuse/wicked#1046)
+  - utils: add support for refcounted objects in generic array (gh#openSUSE/wicked#1045)
+</description>
+  <package>wicked</package>
+</patchinfo>

patchinfo.20260115101600453573.93181000773252/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-75">
+  <packager>jengelh</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for flint</summary>
+  <description>This update for flint fixes the following issues:
+
+Changes in flint:
+
+- Fixed a compile error for downstream users when using -std=c23 or
+  a newer GCC which defaults to such.
+</description>
+  <package>flint</package>
+</patchinfo>

patchinfo.20260115114750488113.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-76">
+  <packager>pgajdos</packager>
+  <rating>moderate</rating>
+  <category>optional</category>
+  <summary>Optional update for dehydrated</summary>
+  <description>This update for dehydrated fixes the following issues:
+
+Adds dehydrated to PackageHub / Leap 16.0.
+</description>
+  <package>dehydrated</package>
+</patchinfo>

patchinfo.20260115143001930772.93181000773252/_patchinfo

@@ -0,0 +1,41 @@
+<patchinfo incident="packagehub-77">
+  <issue tracker="bnc" id="1256453">polymake-devel unusable</issue>
+  <packager>jengelh</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for polymake, cddlib</summary>
+  <description>This update for polymake, cddlib fixes the following issues:
+
+Changes in polymake:
+
+- Enable polydb for Tumbleweed / suse_version &gt;=1690
+
+- Reenable callable library mode [boo#1256453]
+
+- Update to release 4.15
+  * graph: graphviz: use PDF instead of PS
+  * polytope: MILP: allow non-rational coordinates
+  * Some bugfixes
+
+- Update to release 4.14
+  * tropical: cone: refactoring and fixes for DOME, COVECTORs and
+    PSEUDOVERTICES
+  * tropical: polytope: fix vertices computation
+  * tropical: hypersurface: fixes for monomials and binomials
+
+- Update to release 4.13
+  * Support for Perl 5.40 and -std=c++20 builds
+
+Changes in cddlib:
+
+- Update to release 0.94n
+  * Fixed a potential dd_MatrixCanonicalize segfault.
+  * cddlib.pc file now points to the non-GMP version, and
+    cddgmp.pc has been added for the GMP version.
+  * Copy certificate and handle errors correctly in dd_SRedundant
+    for the V-representation code path.
+  * cddlib is now thread-safe.
+</description>
+  <package>polymake</package>
+  <package>cddlib</package>
+</patchinfo>

patchinfo.20260115164300444802.93181000773252/_patchinfo

@@ -0,0 +1,25 @@
+<patchinfo incident="packagehub-78">
+  <packager>mmamula</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for ansible-sap-launchpad</summary>
+  <description>This update for ansible-sap-launchpad fixes the following issues:
+
+Changes in ansible-sap-launchpad:
+
+- Refactor Ansible Modules and adjust for ansible-core 2.19.
+
+- 1.3.1
+  - Bugfixes:
+    - collection: Add ansible-test sanity workflow and fix sanity errors
+
+- 1.3.0
+  - Changes:
+    - collection: Refactor all Ansible Modules
+    - sap_software_download: Update for ansible-core 2.19
+  - Bugfixes:
+    - sap_software_download: Fix for failed checksums not correctly retrying
+
+</description>
+  <package>ansible-sap-launchpad</package>
+</patchinfo>

patchinfo.20260116150132416590.93181000773252/_patchinfo

@@ -0,0 +1,95 @@
+<patchinfo incident="packagehub-82">
+  <issue tracker="cve" id="2025-58190"/>
+  <issue tracker="bnc" id="1241814">VUL-0: CVE-2025-22872: go-sendxmpp: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction</issue>
+  <issue tracker="cve" id="2025-22872">VUL-0: CVE-2025-22872: TRACKERBUG: golang.org/x/net/html: tags incorrectly interpreted by tokenizer can lead to content being placed in the wrong scope during</issue>
+  <issue tracker="bnc" id="1251677">VUL-0: CVE-2025-58190: go-sendxmpp: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input</issue>
+  <issue tracker="bnc" id="1251461">VUL-0: CVE-2025-47911: go-sendxmpp: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <issue tracker="cve" id="2025-47911">VUL-0: CVE-2025-47911: TRACKERBUG: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <packager>fstrba</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for go-sendxmpp</summary>
+  <description>This update for go-sendxmpp fixes the following issues:
+
+Changes in go-sendxmpp:
+
+- Update to 0.15.1:
+  Added
+  * Add XEP-0359 Origin-ID to messages (requires go-xmpp &gt;= v0.2.18).
+  Changed
+  * HTTP upload: Ignore timeouts on disco IQs as some components do
+    not reply.
+- Upgrades the embedded golang.org/x/net to 0.46.0
+  * Fixes: bsc#1251461, CVE-2025-47911: various algorithms with
+    quadratic complexity when parsing HTML documents
+  * Fixes: bsc#1251677, CVE-2025-58190: excessive memory consumption
+    by 'html.ParseFragment' when processing specially crafted input
+
+- Update to 0.15.0:
+  Added:
+  * Add flag --verbose to show debug information.
+  * Add flag --recipients to specify recipients by file.
+  * Add flag --retry-connect to try after a waiting time if the connection fails.
+  * Add flag --retry-connect-max to specify the amount of retry attempts.
+  * Add flag --legacy-pgp for using XEP-0027 PGP encryption with Ox keys.
+  * Add support for punycode domains.
+  Changed:
+  * Update gopenpgp library to v3.
+  * Improve error detection for MUC joins.
+  * Don't try to connect to other SRV record targets if error contains 'auth-failure'.
+  * Remove support for old SSDP version (via go-xmpp v0.2.15).
+  * Http-upload: Stop checking other disco items after finding upload component.
+  * Increase default TLS version to 1.3.
+- bsc#1241814 (CVE-2025-22872): This update includes golang.org/x/net/html 0.43.0
+
+- Update to 0.14.1:
+  * Use prettier date format for error messages.
+  * Update XEP-0474 to version 0.4.0 (requires go-xmpp &gt;= 0.2.10).
+
+- Update to 0.14.0:
+  Added:
+  * Add --fast-invalidate to allow invalidating the FAST token.
+  Changed:
+  * Don't create legacy Ox private key directory in ~/.local/share/go-sendxmpp/oxprivkeys.
+  * Delete legacy Ox private key directory if it's empty.
+  * Show proper error if saved FAST mechanism isn't usable with current TLS version (requires go-xmpp &gt;= 0.2.9).
+  * Print debug output to stdout, not stderr (requires go-xmpp &gt;= 0.2.9).
+  * Show RECV: and SEND: prefix for debug output (requires go-xmpp &gt;= 0.2.9).
+  * Delete stored fast token if --fast-invalidate and --fast-off are set.
+  * Show error when FAST creds are stored but non-FAST mechanism is requested.
+
+- Update to 0.13.0:
+  Added:
+  * Add --anonymous to support anonymous authentication (requires go-xmpp &gt;= 0.2.8).
+  * Add XEP-0480: SASL Upgrade Tasks support (requires go-xmpp &gt;= 0.2.8).
+  * Add support for see-other-host stream error (requires go-xmpp &gt;= 0.2.8).
+  Changed:
+  * Don't automatically try other auth mechanisms if FAST authentication fails.
+
+- Update to 0.12.1:
+  Changed:
+  * Print error instead of quitting if a message of type error is received.
+  * Allow upload of multiple files.
+  Added:
+  * Add flag --suppress-root-warning to suppress the warning when go-sendxmpp is used by the root user.
+
+- Update to 0.12.0:
+  Added:
+  * Add possibility to look up direct TLS connection endpoint via hostmeta2 (requires xmppsrv &gt;= 0.3.3).
+  * Add flag --allow-plain to allow PLAIN authentication (requires go-xmpp &gt;= 0.2.5).
+  Changed:
+  * Disable PLAIN authentication per default.
+  * Disable PLAIN authentication after first use of a SCRAM auth mechanism (overrides --allow-plain) (requires
+    go-xmpp &gt;= 0.2.5).
+
+- Update to 0.11.4:
+  * Fix bug in SCRAM-SHA-256-PLUS (via go-xmpp &gt;= 0.2.4).
+
+- Update to 0.11.3:
+  * Add go-xmpp library version to --version output (requires go-xmpp &gt;= 0.2.2).
+  * Fix XEP-0474: SASL SCRAM Downgrade Protection hash calculation bug (via go-xmpp &gt;= v0.2.3).
+  * [gocritic]: Improve code quality.
+</description>
+  <package>go-sendxmpp</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20260119100234029640.93181000773252/_patchinfo

@@ -0,0 +1,13 @@
+<patchinfo incident="packagehub-84">
+  <issue tracker="cve" id="2025-63757"/>
+  <issue tracker="bnc" id="1255392">VUL-0: CVE-2025-63757: ffmpeg,ffmpeg-4: ffmpeg: accumulation of filtered pixel values can lead to an integer overflow</issue>
+  <packager>jonathankang</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for ffmpeg-4</summary>
+  <description>This update for ffmpeg-4 fixes the following issues:
+
+- CVE-2025-63757: Fixed swscale/output: Fix integer overflow in yuv2ya16_X_c_template() (bsc#1255392).
+</description>
+  <package>ffmpeg-4</package>
+</patchinfo>

patchinfo.20260120143234408409.93181000773252/_patchinfo

@@ -0,0 +1,15 @@
+<patchinfo incident="packagehub-86">
+  <issue tracker="cve" id="2025-68616">VUL-0: CVE-2025-68616: python-weasyprint: server-side request forgery (SSRF) protection bypass via HTTP redirects allows access to internal network resources</issue>
+  <issue tracker="bnc" id="1256936">VUL-0: CVE-2025-68616: python-weasyprint: server-side request forgery (SSRF) protection bypass via HTTP redirects allows access to internal network resources</issue>
+  <packager>dgarcia</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-weasyprint</summary>
+  <description>This update for python-weasyprint fixes the following issues:
+
+Changes in python-weasyprint:
+
+- CVE-2025-68616: Fixed a server-side request forgery in default fetcher (boo#1256936).
+</description>
+  <package>python-weasyprint</package>
+</patchinfo>