Update patchinfo.20260209151441438275.93181000773252/_patchinfo

minimize CVE issue xml element
Update micropython
2026-02-10 18:07:27 +01:00 · 2026-02-10 18:05:44 +01:00 · 2026-02-10 11:55:54 +00:00 · 2026-02-10 11:55:35 +00:00 · 2026-02-10 10:25:41 +00:00 · 2026-02-10 10:25:21 +00:00
13 changed files with 128 additions and 4 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -3070,6 +3070,10 @@
 	path = dom2-core-tests
 	url = ../../pool/dom2-core-tests
 	branch = leap-16.0
+[submodule "doomsday"]
+	path = doomsday
+	url = ../../pool/doomsday
+	branch = leap-16.0
 [submodule "dosbox"]
 	path = dosbox
 	url = ../../pool/dosbox
@@ -7174,6 +7178,10 @@
 	path = gnu_ddrescue
 	url = ../../pool/gnu_ddrescue
 	branch = leap-16.0
+[submodule "gnucobol"]
+	path = gnucobol
+	url = ../../pool/gnucobol
+	branch = leap-16.0
 [submodule "gnuastro"]
 	path = gnuastro
 	url = ../../pool/gnuastro
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/patchinfo.20260204115012215375.93181000773252/_patchinfo
+++ b/patchinfo.20260204115012215375.93181000773252/_patchinfo
@@ -0,0 +1,30 @@
+<patchinfo incident="packagehub-113">
+  <issue tracker="bnc" id="1257403">VUL-0: CVE-2025-14550: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability via repeated headers when using ASGI</issue>
+  <issue tracker="bnc" id="1257406">VUL-0: CVE-2026-1285: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods</issue>
+  <issue tracker="bnc" id="1257405">VUL-0: CVE-2026-1207: python-Django,python3-Django,python-Django6: Potential SQL injection via raster lookups on PostGIS</issue>
+  <issue tracker="cve" id="2026-1207"/>
+  <issue tracker="cve" id="2026-1312"/>
+  <issue tracker="cve" id="2026-1287"/>
+  <issue tracker="bnc" id="1257407">VUL-0: CVE-2026-1287: python-Django,python3-Django,python-Django6: Potential SQL injection in column aliases via control characters</issue>
+  <issue tracker="cve" id="2025-13473"/>
+  <issue tracker="bnc" id="1257401">VUL-0: CVE-2025-13473: python-Django,python3-Django,python-Django6: Username enumeration through timing difference in mod_wsgi authentication handler</issue>
+  <issue tracker="bnc" id="1257408">VUL-0: CVE-2026-1312: python-Django,python3-Django,python-Django6: Potential SQL injection via QuerySet.order_by and FilteredRelation</issue>
+  <issue tracker="cve" id="2025-14550"/>
+  <issue tracker="cve" id="2026-1285"/>
+  <packager>mcalabkova</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-Django</summary>
+  <description>This update for python-Django fixes the following issues:
+
+Changes in python-Django:
+
+- CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by and FilteredRelation (bsc#1257408).
+- CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters (bsc#1257407).
+- CVE-2026-1207: Fixed potential SQL injection via raster lookups on PostGIS (bsc#1257405).
+- CVE-2026-1285: Fixed potential denial-of-service in django.utils.text.Truncator HTML methods (bsc#1257406).
+- CVE-2025-13473: Fixed username enumeration through timing difference in mod_wsgi authentication handler (bsc#1257401).
+- CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGI (bsc#1257403).
+</description>
+  <package>python-Django</package>
+</patchinfo>
--- a/patchinfo.20260204115510991084.93181000773252/_patchinfo
+++ b/patchinfo.20260204115510991084.93181000773252/_patchinfo
@@ -0,0 +1,22 @@
+<patchinfo incident="packagehub-112">
+  <issue tracker="cve" id="2026-1862"/>
+  <issue tracker="cve" id="2026-1861"/>
+  <issue tracker="bnc" id="1257650">VUL-0: chromium: release 144.0.7559.132</issue>
+  <packager>oertel</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+- Chromium 144.0.7559.132 (boo#1257650)
+  * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome
+    prior to 144.0.7559.132 allowed a remote attacker to potentially
+    exploit heap corruption via a crafted HTML page.
+  * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to
+    144.0.7559.132 allowed a remote attacker to potentially exploit
+    heap corruption via a crafted HTML page.
+</description>
+  <package>chromium</package>
+</patchinfo>
--- a/patchinfo.20260206094000823685.93181000773252/_patchinfo
+++ b/patchinfo.20260206094000823685.93181000773252/_patchinfo
@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-115">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gnucobol</summary>
+  <description>This update for gnucobol fixes the following issues:
+
+Introduce gnucobol.
+</description>
+  <package>gnucobol</package>
+</patchinfo>
--- a/patchinfo.20260209123942988001.93181000773252/_patchinfo
+++ b/patchinfo.20260209123942988001.93181000773252/_patchinfo
@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-116">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for doomsday</summary>
+  <description>This update for doomsday fixes the following issues:
+
+Introduce doomsday.
+</description>
+  <package>doomsday</package>
+</patchinfo>
--- a/patchinfo.20260209151441438275.93181000773252/_patchinfo
+++ b/patchinfo.20260209151441438275.93181000773252/_patchinfo
@@ -0,0 +1,26 @@
+<patchinfo>
+  <issue tracker="cve" id="2026-1998"/>
+  <issue tracker="bnc" id="1257803">VUL-0: CVE-2026-1998: micropython: segmentation fault in `mp_map_lookup` via `mp_import_all`</issue>
+  <packager>dheidler</packager>
+  <rating>low</rating>
+  <category>security</category>
+  <summary>Security update for micropython</summary>
+  <description>This update for micropython fixes the following issues:
+
+Changes in micropython:
+
+- CVE-2026-1998: Fixed segmentation fault in `mp_map_lookup` via `mp_import_all` (bsc#1257803).
+
+- Version 1.26.1
+  * esp32: update esp_tinyusb component to v1.7.6
+  * tools: add an environment variable MICROPY_MAINTAINER_BUILD
+  * esp32: add IDF Component Lockfiles to git repo
+  * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag
+  * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop
+  * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev
+
+- Fix building on single core systems
+  * Skip tests/thread/stress_schedule.py when single core system detected
+</description>
+  <package>micropython</package>
+</patchinfo>
--- a/patchinfo.20260209155200377268.93181000773252/_patchinfo
+++ b/patchinfo.20260209155200377268.93181000773252/_patchinfo
@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-114">
+  <issue tracker="bnc" id="1257869">KMail2: Klick on link does not open Browser</issue>
+  <packager>favogt</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for messagelib</summary>
+  <description>This update for messagelib fixes the following issues:
+
+Changes in messagelib:
+
+- Fix links sometimes not opening (boo#1257869, kde#493325):
+</description>
+  <package>messagelib</package>
+</patchinfo>
--- a/2
+++ b/2
Author	SHA256	Message	Date
Robert Frohl	62c3a6df17	Update patchinfo.20260209151441438275.93181000773252/_patchinfo minimize CVE issue xml element	2026-02-10 18:07:27 +01:00
Robert Frohl	dc70bd8a7d	Update micropython	2026-02-10 18:05:44 +01:00
Patchinfo incident numbering	203c9ebc1c	Update patchinfo incident numbers [skip actions]	2026-02-10 11:55:54 +00:00
AutoGits PR Review Bot	5ce11d2031	Merging PR: products/PackageHub!425	2026-02-10 11:55:35 +00:00
Patchinfo incident numbering	4a8a71cfaa	Update patchinfo incident numbers [skip actions]	2026-02-10 10:25:41 +00:00
AutoGits PR Review Bot	5e193e7b0c	Merging PR: products/PackageHub!423	2026-02-10 10:25:21 +00:00
Patchinfo incident numbering	2ba789da73	Update patchinfo incident numbers [skip actions]	2026-02-10 10:24:10 +00:00
AutoGits PR Review Bot	5d155cfc8e	Merging PR: products/PackageHub!428	2026-02-10 10:23:48 +00:00
Robert Frohl	f0fd57da25	Update submodules from pool/messagelib#1 and create patchinfo.20260209155200377268.93181000773252/_patchinfo	2026-02-09 16:52:16 +01:00
Robert Frohl	a75756a1dd	Add doomsday	2026-02-09 13:42:34 +01:00
Patchinfo incident numbering	a5e36132b4	Update patchinfo incident numbers [skip actions]	2026-02-07 13:28:27 +00:00
AutoGits PR Review Bot	93d5c851b6	Merging PR: products/PackageHub!393	2026-02-07 13:27:50 +00:00
Patchinfo incident numbering	735cc2c65c	Update patchinfo incident numbers [skip actions]	2026-02-06 19:18:47 +00:00
AutoGits PR Review Bot	50931b6594	Merging PR: products/PackageHub!394	2026-02-06 19:18:07 +00:00
Robert Frohl	bad747d321	Add gnucobol	2026-02-06 10:42:14 +01:00
AutoGits PR Review Bot	1c6a2a337d	auto-created for chromium This commit was autocreated by AutoGits PR Review Bot referencing PRs: PR: pool/chromium!31	2026-02-05 08:28:00 +00:00
AutoGits PR Review Bot	4cfc011cfb	auto-created for python-Django This commit was autocreated by AutoGits PR Review Bot referencing PRs: PR: pool/python-Django!4	2026-02-04 15:10:55 +00:00
Robert Frohl	b32cb083da	Update submodules from pool/chromium#31 and create patchinfo.20260204115510991084.93181000773252/_patchinfo	2026-02-04 12:55:51 +01:00
Robert Frohl	fae13248f7	Update submodules from pool/python-Django#4 and create patchinfo.20260204115012215375.93181000773252/_patchinfo	2026-02-04 12:54:31 +01:00