Update patchinfo.20260209151441438275.93181000773252/_patchinfo

minimize CVE issue xml element

.gitmodules

@@ -3070,6 +3070,10 @@
 	path = dom2-core-tests
 	url = ../../pool/dom2-core-tests
 	branch = leap-16.0
+[submodule "doomsday"]
+	path = doomsday
+	url = ../../pool/doomsday
+	branch = leap-16.0
 [submodule "dosbox"]
 	path = dosbox
 	url = ../../pool/dosbox
@@ -7174,6 +7178,10 @@
 	path = gnu_ddrescue
 	url = ../../pool/gnu_ddrescue
 	branch = leap-16.0
+[submodule "gnucobol"]
+	path = gnucobol
+	url = ../../pool/gnucobol
+	branch = leap-16.0
 [submodule "gnuastro"]
 	path = gnuastro
 	url = ../../pool/gnuastro

patchinfo.20260204115012215375.93181000773252/_patchinfo

@@ -0,0 +1,30 @@
+<patchinfo incident="packagehub-113">
+  <issue tracker="bnc" id="1257403">VUL-0: CVE-2025-14550: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability via repeated headers when using ASGI</issue>
+  <issue tracker="bnc" id="1257406">VUL-0: CVE-2026-1285: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods</issue>
+  <issue tracker="bnc" id="1257405">VUL-0: CVE-2026-1207: python-Django,python3-Django,python-Django6: Potential SQL injection via raster lookups on PostGIS</issue>
+  <issue tracker="cve" id="2026-1207"/>
+  <issue tracker="cve" id="2026-1312"/>
+  <issue tracker="cve" id="2026-1287"/>
+  <issue tracker="bnc" id="1257407">VUL-0: CVE-2026-1287: python-Django,python3-Django,python-Django6: Potential SQL injection in column aliases via control characters</issue>
+  <issue tracker="cve" id="2025-13473"/>
+  <issue tracker="bnc" id="1257401">VUL-0: CVE-2025-13473: python-Django,python3-Django,python-Django6: Username enumeration through timing difference in mod_wsgi authentication handler</issue>
+  <issue tracker="bnc" id="1257408">VUL-0: CVE-2026-1312: python-Django,python3-Django,python-Django6: Potential SQL injection via QuerySet.order_by and FilteredRelation</issue>
+  <issue tracker="cve" id="2025-14550"/>
+  <issue tracker="cve" id="2026-1285"/>
+  <packager>mcalabkova</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-Django</summary>
+  <description>This update for python-Django fixes the following issues:
+
+Changes in python-Django:
+
+- CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by and FilteredRelation (bsc#1257408).
+- CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters (bsc#1257407).
+- CVE-2026-1207: Fixed potential SQL injection via raster lookups on PostGIS (bsc#1257405).
+- CVE-2026-1285: Fixed potential denial-of-service in django.utils.text.Truncator HTML methods (bsc#1257406).
+- CVE-2025-13473: Fixed username enumeration through timing difference in mod_wsgi authentication handler (bsc#1257401).
+- CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGI (bsc#1257403).
+</description>
+  <package>python-Django</package>
+</patchinfo>

patchinfo.20260204115510991084.93181000773252/_patchinfo

@@ -0,0 +1,22 @@
+<patchinfo incident="packagehub-112">
+  <issue tracker="cve" id="2026-1862"/>
+  <issue tracker="cve" id="2026-1861"/>
+  <issue tracker="bnc" id="1257650">VUL-0: chromium: release 144.0.7559.132</issue>
+  <packager>oertel</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+- Chromium 144.0.7559.132 (boo#1257650)
+  * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome
+    prior to 144.0.7559.132 allowed a remote attacker to potentially
+    exploit heap corruption via a crafted HTML page.
+  * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to
+    144.0.7559.132 allowed a remote attacker to potentially exploit
+    heap corruption via a crafted HTML page.
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20260206094000823685.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-115">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gnucobol</summary>
+  <description>This update for gnucobol fixes the following issues:
+
+Introduce gnucobol.
+</description>
+  <package>gnucobol</package>
+</patchinfo>

patchinfo.20260206095645434427.93181000773252/_patchinfo

@@ -1,92 +0,0 @@
-<patchinfo>
-  <packager>os-autoinst-obs-workflow</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for openQA, os-autoinst</summary>
-  <description>This update for openQA, os-autoinst fixes the following issues:
-
-Changes in openQA:
-
-- Update to version 5.1770274061.387b318c:
-  * Remove dependencies not available in 16
-  * Remove all explicit versions from ci-packages.txt
-  * Explicitly use new cache key for fullstack_cache
-  * Use devel:openQA 16.0 repositories
-  * fix: Create user directory without sudo
-  * refactor(ui): use native DOM APIs for bulk action logic
-  * Update devel:openQA:ci/base container to Leap 16
-  * Mark some one line catch statements uncoverable
-  * Move t/07-api_jobtokens.t to t/api/
-  * refactor: Avoid mapping of actions in df-based cleanup
-  * refactor: Use loop to invoke `_delete_jobs` repeatedly
-  * refactor: Simplify code for df-based cleanup further
-  * refactor: Extract repeated lookup and loop into separate function
-  * Dependency cron 2026-02-03
-  * feat(ui): add bulk action checkboxes to test overview filters
-  * feat(openqa-clone-custom-git-refspec): add "BADGE" mode
-  * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode
-  * feat(UI): add delete button for job groups and parent groups
-  * refactor(javascripts): harden by using const in admin_groups.js
-  * feat(api): prevent deletion of non-empty parent job groups
-  * docs: Fix typo in MCP documentation
-  * docs: Improve note about enabling modern Perl features
-  * test: Remove unused parameters in `OpenQA::Test::Case::login`
-  * navbar: add new item in menu to link MCP documentation
-  * Refactor t/lib/OpenQA/Test/Case.pm with signatures
-  * test: Consider all API controller code covered
-  * test: Cover remaining error cases of worker API
-  * fix: Improve error handling when updating records in admin tables
-  * test: Ensure consistent coverage of job cancellation function
-  * Prepare documentation generation for Leap 16.0
-  * test: Cover remaining lines of `Search.pm`
-  * test: Cover remaining lines of `Locks.pm`
-  * refactor: Simplify `JobTemplate::destroy`
-  * refactor: Remove unused code from `JobTemplate.pm`
-  * git subrepo pull (merge) external/os-autoinst-common
-  * style: Add quotes in openqa-bootstrap
-  * feat: default API key expiration to 1 year, aligning with UI
-  * feat: wrap array in an object in api_key API responses
-  * feat: add API endpoint for deleting API keys
-  * feat: add API endpoint for listing API keys
-  * feat: add API endpoint for creating API keys
-  * fix(openqa-bootstrap): prevent shellcheck warning SC2086
-  * Add dependency on 'file'
-  * refactor: Write code in `JobGroup.pm` in a more compact way
-  * test: Consider `Job.pm` fully covered
-  * test: Add tests for error handling of artefact upload
-  * refactor: Format artefact upload test in a more compact way
-  * test: Add tests for using assigned worker on job status updates
-  * test: Add tests for re-scheduling invalid scheduled product
-  * test: Add tests for querying non-existent scheduled product
-  * refactor: Use more compact coding style in `show_scheduled_product`
-  * refactor: Improve `Mm.pm`
-  * test: Improve tests of multi-machine API
-  * Remove unused module Config::Tiny from dependencies
-
-- Update to version 5.1769603414.6c0fa72e:
-  * Handle links on test_log on missing git repo extension
-  * test: Consider `Test.pm` fully covered
-  * test: Extend tests for showing dependency graph
-  * fix: Merge parallel clusters correctly for displaying dependency tree
-
-Changes in os-autoinst:
-
-Thu Feb 05 15:25:28 UTC 2026 - okurz@suse.com
-- Update to version 5.1770127521.c249fe9:
-  * refactor: Distinguish tests by the script path in `loadtest`
-  * refactor: Simplify approach for avoiding redefine warnings
-  * test: Allow running tests with `Test::Warnings&lt;0.033`
-  * test: Format test of `loadtestdir` in a more compact way
-  * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite
-  * feat: Allow enabling strict/warnings/signatures globally
-</description>
-  <package>openQA</package>
-  <package>openQA:openQA-devel-test</package>
-  <package>openQA:openQA-test</package>
-  <package>openQA:openQA-worker-test</package>
-  <package>openQA:openQA-client-test</package>
-  <package>os-autoinst</package>
-  <package>os-autoinst:os-autoinst-test</package>
-  <package>os-autoinst:os-autoinst-devel-test</package>
-  <package>os-autoinst:os-autoinst-openvswitch-test</package>
-</patchinfo>

patchinfo.20260209123942988001.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-116">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for doomsday</summary>
+  <description>This update for doomsday fixes the following issues:
+
+Introduce doomsday.
+</description>
+  <package>doomsday</package>
+</patchinfo>

patchinfo.20260209151441438275.93181000773252/_patchinfo

@@ -0,0 +1,26 @@
+<patchinfo>
+  <issue tracker="cve" id="2026-1998"/>
+  <issue tracker="bnc" id="1257803">VUL-0: CVE-2026-1998: micropython: segmentation fault in `mp_map_lookup` via `mp_import_all`</issue>
+  <packager>dheidler</packager>
+  <rating>low</rating>
+  <category>security</category>
+  <summary>Security update for micropython</summary>
+  <description>This update for micropython fixes the following issues:
+
+Changes in micropython:
+
+- CVE-2026-1998: Fixed segmentation fault in `mp_map_lookup` via `mp_import_all` (bsc#1257803).
+
+- Version 1.26.1
+  * esp32: update esp_tinyusb component to v1.7.6
+  * tools: add an environment variable MICROPY_MAINTAINER_BUILD
+  * esp32: add IDF Component Lockfiles to git repo
+  * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag
+  * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop
+  * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev
+
+- Fix building on single core systems
+  * Skip tests/thread/stress_schedule.py when single core system detected
+</description>
+  <package>micropython</package>
+</patchinfo>

patchinfo.20260209155200377268.93181000773252/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-114">
+  <issue tracker="bnc" id="1257869">KMail2: Klick on link does not open Browser</issue>
+  <packager>favogt</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for messagelib</summary>
+  <description>This update for messagelib fixes the following issues:
+
+Changes in messagelib:
+
+- Fix links sometimes not opening (boo#1257869, kde#493325):
+</description>
+  <package>messagelib</package>
+</patchinfo>