Update patchinfo.20260209151441438275.93181000773252/_patchinfo

minimize CVE issue xml element
Update micropython
2026-02-10 18:07:27 +01:00 · 2026-02-10 18:05:44 +01:00 · 2026-02-10 11:55:54 +00:00 · 2026-02-10 11:55:35 +00:00 · 2026-02-10 10:25:41 +00:00 · 2026-02-10 10:25:21 +00:00
26 changed files with 224 additions and 9 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -3070,6 +3070,10 @@
 	path = dom2-core-tests
 	url = ../../pool/dom2-core-tests
 	branch = leap-16.0
+[submodule "doomsday"]
+	path = doomsday
+	url = ../../pool/doomsday
+	branch = leap-16.0
 [submodule "dosbox"]
 	path = dosbox
 	url = ../../pool/dosbox
@@ -7174,6 +7178,10 @@
 	path = gnu_ddrescue
 	url = ../../pool/gnu_ddrescue
 	branch = leap-16.0
+[submodule "gnucobol"]
+	path = gnucobol
+	url = ../../pool/gnucobol
+	branch = leap-16.0
 [submodule "gnuastro"]
 	path = gnuastro
 	url = ../../pool/gnuastro
@@ -12966,6 +12974,10 @@
 	path = perl-Data-Visitor
 	url = ../../pool/perl-Data-Visitor
 	branch = leap-16.0
+[submodule "perl-Date-Manip"]
+	path = perl-Date-Manip
+	url = ../../pool/perl-Date-Manip
+	branch = leap-16.0
 [submodule "perl-DateTime-Calendar-Mayan"]
 	path = perl-DateTime-Calendar-Mayan
 	url = ../../pool/perl-DateTime-Calendar-Mayan
@@ -13750,6 +13762,10 @@
 	path = perl-Mojolicious-Plugin-OAuth2
 	url = ../../pool/perl-Mojolicious-Plugin-OAuth2
 	branch = leap-16.0
+[submodule "perl-Mojolicious-Plugin-OpenAPI"]
+	path = perl-Mojolicious-Plugin-OpenAPI
+	url = ../../pool/perl-Mojolicious-Plugin-OpenAPI
+	branch = leap-16.0
 [submodule "perl-Mojolicious-Plugin-Webpack"]
 	path = perl-Mojolicious-Plugin-Webpack
 	url = ../../pool/perl-Mojolicious-Plugin-Webpack
@@ -14346,6 +14362,10 @@
 	path = perl-TAP-Formatter-GitHubActions
 	url = ../../pool/perl-TAP-Formatter-GitHubActions
 	branch = leap-16.0
+[submodule "perl-TAP-Harness-JUnit"]
+	path = perl-TAP-Harness-JUnit
+	url = ../../pool/perl-TAP-Harness-JUnit
+	branch = leap-16.0
 [submodule "perl-Task-Weaken"]
 	path = perl-Task-Weaken
 	url = ../../pool/perl-Task-Weaken
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/patchinfo.20260127094025704164.93181000773252/_patchinfo
+++ b/patchinfo.20260127094025704164.93181000773252/_patchinfo
@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-108">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for perl-Date-Manip</summary>
+  <description>This update for perl-Date-Manip fixes the following issues:
+
+Introduce perl-Date-Manip.
+</description>
+  <package>perl-Date-Manip</package>
+</patchinfo>
--- a/patchinfo.20260128085041420529.93181000773252/_patchinfo
+++ b/patchinfo.20260128085041420529.93181000773252/_patchinfo
@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-107">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for perl-TAP-Harness-JUnit</summary>
+  <description>This update for perl-TAP-Harness-JUnit fixes the following issues:
+
+Introduce perl-TAP-Harness-JUnit.
+</description>
+  <package>perl-TAP-Harness-JUnit</package>
+</patchinfo>
--- a/patchinfo.20260202141654318677.93181000773252/_patchinfo
+++ b/patchinfo.20260202141654318677.93181000773252/_patchinfo
@@ -0,0 +1,15 @@
+<patchinfo incident="packagehub-105">
+  <issue tracker="cve" id="2025-68670">VUL-0: CVE-2025-68670: xrdp:  improper bounds check when processing user domain information during the connection sequence can lead to a stack buffer overflow</issue>
+  <issue tracker="bnc" id="1257362">VUL-0: CVE-2025-68670: xrdp:  improper bounds check when processing user domain information during the connection sequence can lead to a stack buffer overflow</issue>
+  <packager>xiaoguang_wang</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for xrdp</summary>
+  <description>This update for xrdp fixes the following issues:
+
+Changes in xrdp:
+
+- CVE-2025-68670: Fixed a potential overflow (bsc#1257362).
+</description>
+  <package>xrdp</package>
+</patchinfo>
--- a/patchinfo.20260203102131310899.93181000773252/_patchinfo
+++ b/patchinfo.20260203102131310899.93181000773252/_patchinfo
@@ -1,4 +1,4 @@
-<patchinfo>
+<patchinfo incident="packagehub-106">
  <issue tracker="cve" id="2025-15059"/>
  <issue tracker="cve" id="2025-14422"/>
  <issue tracker="cve" id="2025-14424"/>
@@ -114,4 +114,4 @@ Changes in gimp:
      prevent potential issues when exporting into a new format.
 </description>
  <package>gimp</package>
-</patchinfo>
+</patchinfo>
--- a/patchinfo.20260204115012215375.93181000773252/_patchinfo
+++ b/patchinfo.20260204115012215375.93181000773252/_patchinfo
@@ -0,0 +1,30 @@
+<patchinfo incident="packagehub-113">
+  <issue tracker="bnc" id="1257403">VUL-0: CVE-2025-14550: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability via repeated headers when using ASGI</issue>
+  <issue tracker="bnc" id="1257406">VUL-0: CVE-2026-1285: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods</issue>
+  <issue tracker="bnc" id="1257405">VUL-0: CVE-2026-1207: python-Django,python3-Django,python-Django6: Potential SQL injection via raster lookups on PostGIS</issue>
+  <issue tracker="cve" id="2026-1207"/>
+  <issue tracker="cve" id="2026-1312"/>
+  <issue tracker="cve" id="2026-1287"/>
+  <issue tracker="bnc" id="1257407">VUL-0: CVE-2026-1287: python-Django,python3-Django,python-Django6: Potential SQL injection in column aliases via control characters</issue>
+  <issue tracker="cve" id="2025-13473"/>
+  <issue tracker="bnc" id="1257401">VUL-0: CVE-2025-13473: python-Django,python3-Django,python-Django6: Username enumeration through timing difference in mod_wsgi authentication handler</issue>
+  <issue tracker="bnc" id="1257408">VUL-0: CVE-2026-1312: python-Django,python3-Django,python-Django6: Potential SQL injection via QuerySet.order_by and FilteredRelation</issue>
+  <issue tracker="cve" id="2025-14550"/>
+  <issue tracker="cve" id="2026-1285"/>
+  <packager>mcalabkova</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-Django</summary>
+  <description>This update for python-Django fixes the following issues:
+
+Changes in python-Django:
+
+- CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by and FilteredRelation (bsc#1257408).
+- CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters (bsc#1257407).
+- CVE-2026-1207: Fixed potential SQL injection via raster lookups on PostGIS (bsc#1257405).
+- CVE-2026-1285: Fixed potential denial-of-service in django.utils.text.Truncator HTML methods (bsc#1257406).
+- CVE-2025-13473: Fixed username enumeration through timing difference in mod_wsgi authentication handler (bsc#1257401).
+- CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGI (bsc#1257403).
+</description>
+  <package>python-Django</package>
+</patchinfo>
--- a/patchinfo.20260204115510991084.93181000773252/_patchinfo
+++ b/patchinfo.20260204115510991084.93181000773252/_patchinfo
@@ -0,0 +1,22 @@
+<patchinfo incident="packagehub-112">
+  <issue tracker="cve" id="2026-1862"/>
+  <issue tracker="cve" id="2026-1861"/>
+  <issue tracker="bnc" id="1257650">VUL-0: chromium: release 144.0.7559.132</issue>
+  <packager>oertel</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+- Chromium 144.0.7559.132 (boo#1257650)
+  * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome
+    prior to 144.0.7559.132 allowed a remote attacker to potentially
+    exploit heap corruption via a crafted HTML page.
+  * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to
+    144.0.7559.132 allowed a remote attacker to potentially exploit
+    heap corruption via a crafted HTML page.
+</description>
+  <package>chromium</package>
+</patchinfo>
--- a/patchinfo.20260204115645891071.93181000773252/_patchinfo
+++ b/patchinfo.20260204115645891071.93181000773252/_patchinfo
@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-109">
+  <packager>letsfindaway</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for OpenBoard</summary>
+  <description>This update for OpenBoard fixes the following issues:
+
+Changes in OpenBoard:
+
+- add AppData in metainfo.xml
+- update to release version 1.7.5
+</description>
+  <package>OpenBoard</package>
+</patchinfo>
--- a/patchinfo.20260204120853139168.93181000773252/_patchinfo
+++ b/patchinfo.20260204120853139168.93181000773252/_patchinfo
@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-111">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for perl-Mojolicious-Plugin-OpenAPI</summary>
+  <description>This update for perl-Mojolicious-Plugin-OpenAPI fixes the following issues:
+
+Introduce perl-Mojolicious-Plugin-OpenAPI.
+</description>
+  <package>perl-Mojolicious-Plugin-OpenAPI</package>
+</patchinfo>
--- a/patchinfo.20260204160351183292.93181000773252/_patchinfo
+++ b/patchinfo.20260204160351183292.93181000773252/_patchinfo
@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-110">
+  <issue tracker="bnc" id="1256465">Week numbers are off by one in Evolution's calendar (Year view)</issue>
+  <packager>mgorse</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for evolution</summary>
+  <description>This update for evolution fixes the following issues:
+
+Changes in evolution:
+
+- Fix incorrect week numbers in calendar year view (bsc#1256465).
+</description>
+  <package>evolution</package>
+</patchinfo>
--- a/patchinfo.20260206094000823685.93181000773252/_patchinfo
+++ b/patchinfo.20260206094000823685.93181000773252/_patchinfo
@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-115">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gnucobol</summary>
+  <description>This update for gnucobol fixes the following issues:
+
+Introduce gnucobol.
+</description>
+  <package>gnucobol</package>
+</patchinfo>
--- a/patchinfo.20260209123942988001.93181000773252/_patchinfo
+++ b/patchinfo.20260209123942988001.93181000773252/_patchinfo
@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-116">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for doomsday</summary>
+  <description>This update for doomsday fixes the following issues:
+
+Introduce doomsday.
+</description>
+  <package>doomsday</package>
+</patchinfo>
--- a/patchinfo.20260209151441438275.93181000773252/_patchinfo
+++ b/patchinfo.20260209151441438275.93181000773252/_patchinfo
@@ -0,0 +1,26 @@
+<patchinfo>
+  <issue tracker="cve" id="2026-1998"/>
+  <issue tracker="bnc" id="1257803">VUL-0: CVE-2026-1998: micropython: segmentation fault in `mp_map_lookup` via `mp_import_all`</issue>
+  <packager>dheidler</packager>
+  <rating>low</rating>
+  <category>security</category>
+  <summary>Security update for micropython</summary>
+  <description>This update for micropython fixes the following issues:
+
+Changes in micropython:
+
+- CVE-2026-1998: Fixed segmentation fault in `mp_map_lookup` via `mp_import_all` (bsc#1257803).
+
+- Version 1.26.1
+  * esp32: update esp_tinyusb component to v1.7.6
+  * tools: add an environment variable MICROPY_MAINTAINER_BUILD
+  * esp32: add IDF Component Lockfiles to git repo
+  * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag
+  * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop
+  * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev
+
+- Fix building on single core systems
+  * Skip tests/thread/stress_schedule.py when single core system detected
+</description>
+  <package>micropython</package>
+</patchinfo>
--- a/patchinfo.20260209155200377268.93181000773252/_patchinfo
+++ b/patchinfo.20260209155200377268.93181000773252/_patchinfo
@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-114">
+  <issue tracker="bnc" id="1257869">KMail2: Klick on link does not open Browser</issue>
+  <packager>favogt</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for messagelib</summary>
+  <description>This update for messagelib fixes the following issues:
+
+Changes in messagelib:
+
+- Fix links sometimes not opening (boo#1257869, kde#493325):
+</description>
+  <package>messagelib</package>
+</patchinfo>
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/2
+++ b/2
Author	SHA256	Message	Date
Robert Frohl	62c3a6df17	Update patchinfo.20260209151441438275.93181000773252/_patchinfo minimize CVE issue xml element	2026-02-10 18:07:27 +01:00
Robert Frohl	dc70bd8a7d	Update micropython	2026-02-10 18:05:44 +01:00
Patchinfo incident numbering	203c9ebc1c	Update patchinfo incident numbers [skip actions]	2026-02-10 11:55:54 +00:00
AutoGits PR Review Bot	5ce11d2031	Merging PR: products/PackageHub!425	2026-02-10 11:55:35 +00:00
Patchinfo incident numbering	4a8a71cfaa	Update patchinfo incident numbers [skip actions]	2026-02-10 10:25:41 +00:00
AutoGits PR Review Bot	5e193e7b0c	Merging PR: products/PackageHub!423	2026-02-10 10:25:21 +00:00
Patchinfo incident numbering	2ba789da73	Update patchinfo incident numbers [skip actions]	2026-02-10 10:24:10 +00:00
AutoGits PR Review Bot	5d155cfc8e	Merging PR: products/PackageHub!428	2026-02-10 10:23:48 +00:00
Robert Frohl	f0fd57da25	Update submodules from pool/messagelib#1 and create patchinfo.20260209155200377268.93181000773252/_patchinfo	2026-02-09 16:52:16 +01:00
Robert Frohl	a75756a1dd	Add doomsday	2026-02-09 13:42:34 +01:00
Patchinfo incident numbering	a5e36132b4	Update patchinfo incident numbers [skip actions]	2026-02-07 13:28:27 +00:00
AutoGits PR Review Bot	93d5c851b6	Merging PR: products/PackageHub!393	2026-02-07 13:27:50 +00:00
Patchinfo incident numbering	735cc2c65c	Update patchinfo incident numbers [skip actions]	2026-02-06 19:18:47 +00:00
AutoGits PR Review Bot	50931b6594	Merging PR: products/PackageHub!394	2026-02-06 19:18:07 +00:00
Robert Frohl	bad747d321	Add gnucobol	2026-02-06 10:42:14 +01:00
Patchinfo incident numbering	f0977f2467	Update patchinfo incident numbers [skip actions]	2026-02-05 09:32:35 +00:00
AutoGits PR Review Bot	c7f5c5003b	Merging PR: products/PackageHub!396	2026-02-05 09:31:57 +00:00
AutoGits PR Review Bot	1c6a2a337d	auto-created for chromium This commit was autocreated by AutoGits PR Review Bot referencing PRs: PR: pool/chromium!31	2026-02-05 08:28:00 +00:00
Patchinfo incident numbering	32bc2761d5	Update patchinfo incident numbers [skip actions]	2026-02-04 18:21:08 +00:00
AutoGits PR Review Bot	255b0dece9	Merging PR: products/PackageHub!401	2026-02-04 18:20:47 +00:00
Patchinfo incident numbering	eb62b13642	Update patchinfo incident numbers [skip actions]	2026-02-04 16:48:40 +00:00
AutoGits PR Review Bot	8c4efc438b	Merging PR: products/PackageHub!395	2026-02-04 16:48:22 +00:00
Robert Frohl	b2bd4b1f94	Update submodules from pool/evolution#4 and create patchinfo.20260204160351183292.93181000773252/_patchinfo	2026-02-04 17:04:27 +01:00
AutoGits PR Review Bot	4cfc011cfb	auto-created for python-Django This commit was autocreated by AutoGits PR Review Bot referencing PRs: PR: pool/python-Django!4	2026-02-04 15:10:55 +00:00
Robert Frohl	c10ac83930	Add perl-Mojolicious-Plugin-OpenAPI	2026-02-04 13:13:12 +01:00
Robert Frohl	b4cc334ca3	Update submodules from pool/OpenBoard#2 and create patchinfo.20260204115645891071.93181000773252/_patchinfo	2026-02-04 12:57:08 +01:00
Robert Frohl	b32cb083da	Update submodules from pool/chromium#31 and create patchinfo.20260204115510991084.93181000773252/_patchinfo	2026-02-04 12:55:51 +01:00
Robert Frohl	fae13248f7	Update submodules from pool/python-Django#4 and create patchinfo.20260204115012215375.93181000773252/_patchinfo	2026-02-04 12:54:31 +01:00
Patchinfo incident numbering	23516a9114	Update patchinfo incident numbers [skip actions]	2026-02-03 23:21:53 +00:00
AutoGits PR Review Bot	7543ea3cc3	Merging PR: products/PackageHub!362	2026-02-03 23:21:34 +00:00
Patchinfo incident numbering	32aca2e338	Update patchinfo incident numbers [skip actions]	2026-02-03 23:20:31 +00:00
AutoGits PR Review Bot	f36dfbd3f4	Merging PR: products/PackageHub!365	2026-02-03 23:20:14 +00:00
Patchinfo incident numbering	c03172bbca	Update patchinfo incident numbers [skip actions]	2026-02-03 17:46:43 +00:00
AutoGits PR Review Bot	92dadc23e7	Merging PR: products/PackageHub!386	2026-02-03 17:46:23 +00:00
Patchinfo incident numbering	4d24c64542	Update patchinfo incident numbers [skip actions]	2026-02-03 14:28:19 +00:00
AutoGits PR Review Bot	0270ebc4a5	Merging PR: products/PackageHub!380	2026-02-03 14:27:41 +00:00
Robert Frohl	5ad185879e	Update submodules from pool/xrdp#1 and create patchinfo.20260202141654318677.93181000773252/_patchinfo	2026-02-02 15:17:34 +01:00
Robert Frohl	58d4cec34c	Move submodule in .gitmodules to avoid conflict	2026-01-28 17:27:47 +01:00
Robert Frohl	b4cde53f22	Move submodule to avoid merge conflict	2026-01-28 17:25:33 +01:00
Robert Frohl	1b5478f24d	Add perl-TAP-Harness-JUnit	2026-01-28 09:52:15 +01:00
Robert Frohl	6d86a654c2	Add perl-Date-Manip	2026-01-27 10:43:28 +01:00