Update patchinfo incident numbers [skip actions]

PR: products/PackageHub!310

.gitmodules

@@ -26134,6 +26134,106 @@
 	path = python-pyRFC3339
 	url = ../../pool/python-pyRFC3339
 	branch = leap-16.0
+[submodule "certbot-systemd-timer"]
+	path = certbot-systemd-timer
+	url = ../../pool/certbot-systemd-timer
+	branch = leap-16.0
+[submodule "python-augeas"]
+	path = python-augeas
+	url = ../../pool/python-augeas
+	branch = leap-16.0
+[submodule "python-bson"]
+	path = python-bson
+	url = ../../pool/python-bson
+	branch = leap-16.0
+[submodule "python-certbot-apache"]
+	path = python-certbot-apache
+	url = ../../pool/python-certbot-apache
+	branch = leap-16.0
+[submodule "python-certbot-dns-cloudflare"]
+	path = python-certbot-dns-cloudflare
+	url = ../../pool/python-certbot-dns-cloudflare
+	branch = leap-16.0
+[submodule "python-certbot-dns-digitalocean"]
+	path = python-certbot-dns-digitalocean
+	url = ../../pool/python-certbot-dns-digitalocean
+	branch = leap-16.0
+[submodule "python-certbot-dns-dnsimple"]
+	path = python-certbot-dns-dnsimple
+	url = ../../pool/python-certbot-dns-dnsimple
+	branch = leap-16.0
+[submodule "python-certbot-dns-dnsmadeeasy"]
+	path = python-certbot-dns-dnsmadeeasy
+	url = ../../pool/python-certbot-dns-dnsmadeeasy
+	branch = leap-16.0
+[submodule "python-certbot-dns-linode"]
+	path = python-certbot-dns-linode
+	url = ../../pool/python-certbot-dns-linode
+	branch = leap-16.0
+[submodule "python-certbot-dns-luadns"]
+	path = python-certbot-dns-luadns
+	url = ../../pool/python-certbot-dns-luadns
+	branch = leap-16.0
+[submodule "python-certbot-dns-nsone"]
+	path = python-certbot-dns-nsone
+	url = ../../pool/python-certbot-dns-nsone
+	branch = leap-16.0
+[submodule "python-certbot-dns-ovh"]
+	path = python-certbot-dns-ovh
+	url = ../../pool/python-certbot-dns-ovh
+	branch = leap-16.0
+[submodule "python-certbot-dns-rfc2136"]
+	path = python-certbot-dns-rfc2136
+	url = ../../pool/python-certbot-dns-rfc2136
+	branch = leap-16.0
+[submodule "python-certbot-dns-route53"]
+	path = python-certbot-dns-route53
+	url = ../../pool/python-certbot-dns-route53
+	branch = leap-16.0
+[submodule "python-cloudflare"]
+	path = python-cloudflare
+	url = ../../pool/python-cloudflare
+	branch = leap-16.0
+[submodule "python-digitalocean"]
+	path = python-digitalocean
+	url = ../../pool/python-digitalocean
+	branch = leap-16.0
+[submodule "python-dns-lexicon"]
+	path = python-dns-lexicon
+	url = ../../pool/python-dns-lexicon
+	branch = leap-16.0
+[submodule "python-jsonlines"]
+	path = python-jsonlines
+	url = ../../pool/python-jsonlines
+	branch = leap-16.0
+[submodule "python-jsonpickle"]
+	path = python-jsonpickle
+	url = ../../pool/python-jsonpickle
+	branch = leap-16.0
+[submodule "python-localzone"]
+	path = python-localzone
+	url = ../../pool/python-localzone
+	branch = leap-16.0
+[submodule "python-pytest-httpx"]
+	path = python-pytest-httpx
+	url = ../../pool/python-pytest-httpx
+	branch = leap-16.0
+[submodule "python-requests-file"]
+	path = python-requests-file
+	url = ../../pool/python-requests-file
+	branch = leap-16.0
+[submodule "python-softlayer"]
+	path = python-softlayer
+	url = ../../pool/python-softlayer
+	branch = leap-16.0
+[submodule "python-softlayer-zeep"]
+	path = python-softlayer-zeep
+	url = ../../pool/python-softlayer-zeep
+	branch = leap-16.0
+[submodule "python-tldextract"]
+	path = python-tldextract
+	url = ../../pool/python-tldextract
+	branch = leap-16.0
 [submodule "openQA-devel-container"]
 	path = openQA-devel-container
 	url =  ../../pool/openQA-devel-container

0Backports/Backports.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jan  5 10:38:32 UTC 2026 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded, remove xen related packages (bsc#1253226)
+      xen-tools-xendomains-wait-disk
+
 -------------------------------------------------------------------
 Fri Oct 10 07:19:41 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
 

0Backports/Backports.productcompose

@@ -281,6 +281,7 @@ packagesets:
   - xen-doc-html
   - xen-tools
   - xen-tools-domU
+  - xen-tools-xendomains-wait-disk
   - yum-utils
 
 # TODO: unneeded Leap package per architecture
@@ -701,6 +702,9 @@ packagesets:
   - cargo-packaging
   - cargo1.87
   - cargo1.88
+  - cargo1.89
+  - cargo1.90
+  - cargo1.91
   - catatonit
   - cblas-devel
   - cblas-devel-static
@@ -1408,7 +1412,6 @@ packagesets:
   - gobject-introspection-devel
   - golang-github-cpuguy83-go-md2man
   - golang-github-google-jsonnet
-  - golang-github-prometheus-prometheus
   - golang-github-prometheus-promu
   - golang-packaging
   - google-errorprone-annotation
@@ -6796,6 +6799,9 @@ packagesets:
   - rhino-engine
   - rhino-javadoc
   - rhino-runtime
+  - rmt-server
+  - rmt-server-config
+  - rmt-server-pubcloud
   - rollback-helper
   - rootlesskit
   - rp-pppoe
@@ -6852,6 +6858,9 @@ packagesets:
   - rust-keylime
   - rust1.87
   - rust1.88
+  - rust1.89
+  - rust1.90
+  - rust1.91
   - samba
   - samba-ad-dc
   - samba-ad-dc-libs
@@ -7080,7 +7089,6 @@ packagesets:
   - system-user-news
   - system-user-nobody
   - system-user-ntp
-  - system-user-prometheus
   - system-user-pulse
   - system-user-qemu
   - system-user-root

_config

@@ -168,7 +168,7 @@ Macros:
 
 # Leap specific package list, the same list with excludebuild must add to Backports project
 # Most of package should be built in Backports
-%if "%_project" == "openSUSE:Backports:SLE-16.0"
+%if 0%{?_is_in_project}
 # we build ffado:ffado-mixer for openSUSE, the main one is built in SLFO
 BuildFlags: excludebuild:ffado
 # build gpgme:qt flavor for qt5 support

patchinfo.20251027101540783529.187004354831441/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-67">
+  <packager>lkocman</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for grub2-compat-ia32</summary>
+  <description>This update for grub2-compat-ia32 fixes the following issues:
+
+- Drop update-bootloader --get as it returns 0
+  even if the variable is unset
+- Add update-bootloader also into post and postun Requires 
+  </description>
+  <package>grub2-compat-ia32</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251208143300643166.187004354831441/_patchinfo

@@ -0,0 +1,63 @@
+<patchinfo incident="packagehub-61">
+  <packager>bigironman</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for icinga-php-thirdparty, icinga-php-library, icingaweb2</summary>
+  <description>This update for icinga-php-thirdparty, icinga-php-library, icingaweb2 fixes the following issues:
+
+Changes in icinga-php-thirdparty:
+
+- Update to 0.13.1
+
+  - No changelog from upstream.
+
+- Update to 0.12.1
+
+  - No changelog from upstream.
+
+Changes in icinga-php-library:
+
+- Update to 1.17.0
+
+  - No changelog from upstream.
+
+Changes in icingaweb2:
+
+- Update to 2.12.6
+
+  - Search box shows many magnifying glasses for some community themes #5395
+  - Authentication hooks are not called with external backends #5415
+  - Improve Minimal layout #5386
+
+- Update to 2.12.5
+
+  * PHP 8.4 Support
+    We're again a little behind schedule, but now we support PHP 8.4!
+    This means that installations on Ubuntu 25.04 and Fedora 42+ can
+    now install Icinga Web without worrying about PHP related
+    incompatibilities. Icinga packages will be available in the
+    next few days.
+  * Good Things Take Time
+    There's only a single (notable) recent issue that is fixed
+    with this release. All the others are a bit older.
+    - External URLs set up as dashlets are not embedded the same
+      as navigation items #5346
+  * But the team sat together a few weeks ago and fixed a bug here
+    and there. And of course, also in Icinga Web!
+    - Users who are not allowed to change the theme, cannot change
+      the theme mode either #5385
+    - Improved compatibility with several SSO authentication
+      providers #5000, #5227
+    - Filtering for older-than events with relative time does not
+      work #5263
+    - Empty values are NULL in CSV exports #5350
+  * Breaking, Somewhat
+    This is mainly for developers.
+    With the support of PHP 8.4, we introduced a new environment
+    variable, ICINGAWEB_ENVIRONMENT. Unless set to dev, Icinga Web
+    will not show nor log deprecation notices anymore.
+</description>
+  <package>icinga-php-thirdparty</package>
+  <package>icinga-php-library</package>
+  <package>icingaweb2</package>
+</patchinfo>

patchinfo.20251217091639760898.93181000773252/_patchinfo

@@ -0,0 +1,65 @@
+<patchinfo incident="packagehub-59">
+  <issue tracker="cve" id="2025-21614">CVE-2025-21614 go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies</issue>
+  <issue tracker="bnc" id="1247629">VUL-0: CVE-2025-21613: cheat: github.com/go-git/go-git/v5: argument injection via the URL field</issue>
+  <issue tracker="cve" id="2025-58181">VUL-0: CVE-2025-58181: TRACKERBUG: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption</issue>
+  <issue tracker="cve" id="2025-21613">VUL-0: CVE-2025-21613: TRACKERBUG: github.com/go-git/go-git/v5: argument injection via the URL field</issue>
+  <issue tracker="cve" id="2025-47913">VUL-0: CVE-2025-47913: TRACKERBUG: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or</issue>
+  <issue tracker="bnc" id="1253922">VUL-0: CVE-2025-58181: cheat: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption</issue>
+  <issue tracker="cve" id="2025-47914">VUL-0: CVE-2025-47914: TRACKERBUG: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read</issue>
+  <issue tracker="cve" id="2025-22870">VUL-0: CVE-2025-22870: TRACKERBUG: golang.org/net/http, golang.org/x/net/proxy, golang.org/x/net/http/httpproxy: proxy bypass using IPv6 zone IDs</issue>
+  <issue tracker="cve" id="2023-48795">VUL-0: CVE-2023-48795: openssh: prefix truncation breaking ssh channel integrity aka Terrapin Attack</issue>
+  <issue tracker="bnc" id="1254051">VUL-0: CVE-2025-47914: cheat: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read</issue>
+  <issue tracker="bnc" id="1253593">VUL-0: CVE-2025-47913: cheat: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request</issue>
+  <issue tracker="cve" id="2025-22869">VUL-0: CVE-2025-22869: TRACKERBUG: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh</issue>
+  <packager>witekbedyk</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for cheat</summary>
+  <description>This update for cheat fixes the following issues:
+
+- Security:
+  * CVE-2025-47913: Fix client process termination (bsc#1253593)
+  * CVE-2025-58181: Fix potential unbounded memory consumption (bsc#1253922)
+  * CVE-2025-47914: Fix panic due to an out of bounds read (bsc#1254051)
+  * Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0
+  * Replace golang.org/x/net=golang.org/x/net@v0.47.0
+  * Replace golang.org/x/sys=golang.org/x/sys@v0.38.0
+
+- Packaging improvements:
+  * Drop Requires: golang-packaging. The recommended Go toolchain
+    dependency expression is BuildRequires: golang(API) &gt;= 1.x or
+    optionally the metapackage BuildRequires: go
+  * Use BuildRequires: golang(API) &gt;= 1.19 matching go.mod
+  * Build PIE with pattern that may become recommended procedure:
+    %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build
+    A go toolchain buildmode default config would be preferable
+    but none exist at this time.
+  * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable
+  * Remove go build -o output binary location and name. Default
+    binary has the same name as package of func main() and is
+    placed in the top level of the build directory.
+  * Add basic %check to execute binary --help
+
+- Packaging improvements:
+  * Service go_modules replace dependencies with CVEs
+  * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1
+    Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm
+  * Replace golang.org/x/net=golang.org/x/net@v0.36.0
+    Fixes GO-2025-3503 CVE-2025-22870
+  * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0
+    Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8
+    Fixes GO-2025-3487 CVE-2025-22869
+  * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0
+    Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4
+    Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m
+  * Service tar_scm set mode manual from disabled
+  * Service tar_scm create archive from git so we can exclude
+    vendor directory upstream committed to git. Committed vendor
+    directory contents have build issues even after go mod tidy.
+  * Service tar_scm exclude dir vendor
+  * Service set_version set mode manual from disabled
+  * Service set_version remove param basename not needed
+</description>
+  <package>cheat</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251218074156387460.187004354831441/_patchinfo

@@ -0,0 +1,21 @@
+<patchinfo incident="packagehub-60">
+  <issue tracker="cve" id="2025-14766">VUL-0: chromium: release 143.0.7499.146</issue>
+  <issue tracker="cve" id="2025-14174">Google Chrome: chromium: Out of bounds memory access via crafted HTML page</issue>
+  <issue tracker="bnc" id="1255115">VUL-0: chromium: release 143.0.7499.146</issue>
+  <issue tracker="cve" id="2025-14765">VUL-0: chromium: release 143.0.7499.146</issue>
+  <packager>oertel</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+Chromium 143.0.7499.146 (boo#1255115):
+
+  * CVE-2025-14765: Use after free in WebGPU
+  * CVE-2025-14766: Out of bounds read and write in V8
+  * CVE-2025-14174: Out of bounds memory access in ANGLE
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20251218142204589141.93181000773252/_patchinfo

@@ -0,0 +1,123 @@
+<patchinfo incident="packagehub-62">
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst, openQA-devel-container</summary>
+  <description>This update for openQA, os-autoinst, openQA-devel-container fixes the following issues:
+
+Changes in openQA:
+
+Thu Dec 18 03:54:10 UTC 2025 - okurz@suse.com
+
+- Update to version 5.1766014013.377e64fe:
+  * feat(Needle::Save): Adapt to new error handling
+  * feat(OpenQA::Git): Make error handling more flexible with exceptions
+
+- Update to version 5.1765887110.8fc02990:
+  * Avoid partial deletion of a screenshot if Minion job is aborted
+  * Add `SignalBlocker` to delay signal handling during critical sections
+
+- Update to version 5.1765805960.2112d43d:
+  * fix(codecov): Fix wrong casing for 'fully_covered' entries
+
+- Update to version 5.1765535865.b566a24c:
+  * fix(codecov): Be strict about coverage thresholds
+  * Show jobs that have been cloned when `t` parameter is used on overview
+
+- Update to version 5.1765469360.5c0525b5:
+  * worker: Add coverage for OVS DBus checks
+  * Fix overview when filtering by test and module result at the same time
+  * Return signal as part of run_cmd result
+  * Add scanner for untracked screenshots
+  * KTAP: Properly hide details of a skipped subtest
+  * docs: Restory logic of the sentence about NFT vs firewalld
+  * docs: Clarify DHCP/RA availability on MM networks
+  * feat: Allow to configure key+secret with env variables
+
+- Update to version 5.1765286149.3debb8ea:
+  * KTAP: Don't increment parsed_lines_count in "SKIP" lines
+  * KTAP: Define unparsed_lines and parsed_lines_count
+
+- Update to version 5.1765217707.d6e697fd:
+  * Test commenting on overview page together with TODO filter
+  * Fix job IDs that are considered for mass-commenting on overview page
+
+- Update to version 5.1765009312.be30f6e0:
+  * README: Remove left-over empty badge reference
+
+Changes in os-autoinst:
+
+- Update to version 5.1767623406.688dd0e:
+  * os-autoinst-generate-needle-preview: Embed PNG
+  * Tweak curl call not to hang
+  * Fix opencv dependency due to upstream changes
+  * Restore package  builds on older openSUSE versions
+  * Remove `ShellCheck` from devel dependencies on s390x
+
+- Update to version 5.1766037062.44c7d2a:
+  * Tweak curl call not to hang
+  * Fix opencv dependency due to upstream changes
+  * Restore package  builds on older openSUSE versions
+  * Remove `ShellCheck` from devel dependencies on s390x
+  * Remove obsolete 'bin/' folder
+
+- Update to version 5.1765976654.0026f92:
+  * Fix opencv dependency due to upstream changes
+  * Restore package  builds on older openSUSE versions
+  * Remove `ShellCheck` from devel dependencies on s390x
+  * Remove obsolete 'bin/' folder
+  * Improve documentation strings for get/check_var
+
+- Update to version 5.1765808557.b89e9b4:
+  * Restore package  builds on older openSUSE versions
+  * Remove `ShellCheck` from devel dependencies on s390x
+  * Remove obsolete 'bin/' folder
+  * Simplify the code to increment the counter
+  * audio: Allow for multiple audio recordings per test
+
+- Update to version 5.1765804109.1e7c99a:
+  * Remove `ShellCheck` from devel dependencies on s390x
+  * Remove obsolete 'bin/' folder
+  * Simplify the code to increment the counter
+  * audio: Allow for multiple audio recordings per test
+  * Improve documentation strings for get/check_var
+
+- Update to version 5.1765533145.a82864c:
+  * Remove obsolete 'bin/' folder
+  * Simplify the code to increment the counter
+  * audio: Allow for multiple audio recordings per test
+  * Improve documentation strings for get/check_var
+  * Add port forwarding example for NICTYPE_USER_OPTIONS
+
+- Update to version 5.1765450253.f16e6ac:
+  * Simplify the code to increment the counter
+  * audio: Allow for multiple audio recordings per test
+  * Improve documentation strings for get/check_var
+  * Add port forwarding example for NICTYPE_USER_OPTIONS
+  * Fix regression from abcaa66b by disabling virtio-keyboard by default
+  * distribution: Add "disable_key_repeat"
+  * Use 'virtio-keyboard' by default to allow fixing key repetition errors
+
+- Update to version 5.1765311639.7e3a762:
+  * Simplify the code to increment the counter
+  * audio: Allow for multiple audio recordings per test
+  * Add port forwarding example for NICTYPE_USER_OPTIONS
+  * Fix regression from abcaa66b by disabling virtio-keyboard by default
+  * Add IPv6 support for multi machine tests
+
+Changes in openQA-devel-container:
+
+- Update to version 5.1766014013.377e64fe9:
+  * Update to latest openQA version
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <package>openQA-devel-container</package>
+</patchinfo>

patchinfo.20260106100749431638.93181000773252/_patchinfo

@@ -0,0 +1,24 @@
+<patchinfo incident="packagehub-63">
+  <issue tracker="cve" id="2025-58181"/>
+  <issue tracker="cve" id="2025-47913"/>
+  <issue tracker="cve" id="2025-58190"/>
+  <issue tracker="cve" id="2025-47914"/>
+  <issue tracker="cve" id="2025-47911"/>
+  <issue tracker="bnc" id="1253512">VUL-0: CVE-2025-47913: trivy: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request</issue>
+  <issue tracker="bnc" id="1253977">VUL-0: CVE-2025-47914: trivy: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read</issue>
+  <issue tracker="bnc" id="1251547">VUL-0: CVE-2025-58190: trivy: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input</issue>
+  <issue tracker="bnc" id="1251363">VUL-0: CVE-2025-47911: trivy: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <issue tracker="bnc" id="1253786">VUL-0: CVE-2025-58181: trivy: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption</issue>
+  <packager>dirkmueller</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for trivy</summary>
+  <description>This update for trivy fixes the following issues:
+
+- Update to version 0.68.2:
+  * release: v0.68.2 [release/v0.68] (#9950)
+  * fix(deps): bump alpine from `3.22.1` to `3.23.0` [backport: release/v0.68] (#9949)
+  * ci: enable `check-latest` for `setup-go` [backport: release/v0.68] (#9946)
+</description>
+  <package>trivy</package>
+</patchinfo>

patchinfo.20260106101959221503.93181000773252/_patchinfo

@@ -0,0 +1,33 @@
+<patchinfo incident="packagehub-66">
+  <issue tracker="bnc" id="1239678">VUL-0: CVE-2025-2337: matio: heap buffer overflow in function Mat_VarPrint of file src/mat.c</issue>
+  <issue tracker="cve" id="2025-2337">VUL-0: CVE-2025-2337: matio: heap buffer overflow in function Mat_VarPrint of file src/mat.c</issue>
+  <issue tracker="cve" id="2025-2338">VUL-0: CVE-2025-2338: matio: heap buffer overflow in function strdup_vprintf of file src/io.c</issue>
+  <issue tracker="bnc" id="1239677">VUL-0: CVE-2025-2338: matio: heap buffer overflow in function strdup_vprintf of file src/io.c</issue>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for matio</summary>
+  <description>This update for matio fixes the following issues:
+
+- update to version 1.5.29:
+  * Fix printing rank-1-variable in Mat_VarPrint
+  * Fix array index out of bounds in Mat_VarPrint when printing
+    UTF-8 character data (boo#1239678, CVE-2025-2337)
+  * Fix heap-based buffer overflow in strdup_vprintf
+    (boo#1239677, CVE-2025-2338)
+  * Changed Mat_VarPrint to print all values of rank-2-variable
+  * Several other fixes, for example for access violations in
+    Mat_VarPrint
+
+- Update to version 1.5.28:
+  * Fixed bug writing MAT_T_INT8/MAT_T_UINT8 encoded character
+    array to compressed v5 MAT file (regression of v1.5.12).
+  * Fixed bug reading all-zero sparse array of v4 MAT file
+    (regression of v1.5.18).
+  * Updated C99 snprintf.c.
+  * CMake: Enabled testing.
+  * Several other fixes, for example for access violations in
+    Mat_VarPrint.
+</description>
+  <package>matio</package>
+</patchinfo>

patchinfo.20260107170113751929.93181000773252/_patchinfo

@@ -0,0 +1,76 @@
+<patchinfo incident="packagehub-65">
+  <packager>sbradnick</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for ranger</summary>
+  <description>This update for ranger fixes the following issues:
+
+- Update to version 1.9.4+git20250910.3f7a3546:
+  * img_display: Avoid unicode escape sequences for Ueberzug input
+  * man: fix documentation of which license ranger uses exactly
+  * rifle: fixed+clarified usage string
+
+- Update to version 1.9.4+git20250604.7e38143:
+  * fixed bug with command info staying
+  * Revert "fixed open_with bugginess"
+  * fixed open_with bugginess
+  * commands: Reword comment for brevity and accuracy
+  * GHActions: Pass config_files rather than boolean to flake8
+  * commands: Disable invalid-name and too-many-lines pylints
+  * Pylint: Disable invalid-name and too-many-lines for commands.py
+  * add :unnarrow to disable :narrow mode
+  * rifle: Update version
+
+- Update to version 1.9.4+git20250305.7ad50fa:
+  * 7-zip now has an official Linux version (7zz)
+  * add: support for tilde in bookmarks
+  * img_display: address PR feedback
+  * docs: kitty image previews are supported in other terminals now
+  * img_display: auto-detect support for kitty image previews
+  * rifle(terminals): support auto-detecting ghostty terminal emulator
+  * Modified order of expantions in peview_script
+  * Add GNOME papers to document viewers
+  * Added ability to use environmental variables in preview_script option
+  * doc: Regenerate man pages to have the proper version
+  * Makefile: Update version Grep since adding logo to README
+  * ranger/__init__: Caught another unbumped version
+  * mime.types: Add .nim extension for text/plain
+  * Fixed mistooks of nim scripts as a video aNIMations in rifle.conf
+  * GHActions: Pypy don't run old Flake8/Pylint
+  * GHActions: Use Pypy 3.10
+  * actions: Use keywords for rifle.execute
+  * runner: Allow action as positional argument
+  * ui: Refresh window in initialize
+  * ui: endwin already sets cursor to normal visibility
+  * requirements: Add setuptools
+  * img_display: Silence no-member false positive
+  * core/main: Drop unused variable prefix_length
+  * core,ext: Avoid return in finally shadowing return value
+  * test_py2_compat: Prevent use of yield from
+  * core,ext: Reduce positional arguments where possible
+  * pager,history: Replace branch with min/max builtins
+  * Pylint: Update custom checker for compatibility with 3.3.1
+  * GHActions: Bump action versions
+  * README: Use forge-agnostic URL
+  * README: Capitalize ranger
+  * README: Bump version
+  * README: Replace Travis with GHActions badge
+  * README: Center header
+  * make logo in readme wider
+  * move the ranger logo to the very top
+  * Add option confirm_on_trash
+  * Fix typos
+  * Add IINA to rifle.conf
+  * browsercolumn: ANSI escape codes support
+  * #1182: Fix signals for OS X
+
+- Update to version 1.9.3+git20240801.bd9b37f:
+  * properly decode file:// urls given to ranger as argument (fixes #2900)
+  * fix #2873 WM_NAME now shows "not accessible" in non-existent directories
+  * Fixed inconsistency in ranger documentation where it was stated that commanding 'linemode humanreadablesizemtime' changed the linemode to display human readable modification time and file size, but the correct command for this is 'linemode sizehumanreadablemtime'
+  * README: fix link formatting on github's markdown renderer
+  * README: add liberapay badge
+  * Mention viewmode key binding in man
+</description>
+  <package>ranger</package>
+</patchinfo>

patchinfo.20260108114750488113.93181000773252/_patchinfo

@@ -0,0 +1,19 @@
+<patchinfo incident="packagehub-64">
+  <issue tracker="cve" id="2026-0628">VUL-0: CVE-2026-0628: chromium: Insufficient policy enforcement in WebView tag fixed in 143.0.7499.192</issue>
+  <issue tracker="bnc" id="1256067">VUL-0: CVE-2026-0628: chromium: Insufficient policy enforcement in WebView tag fixed in 143.0.7499.192</issue>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+- Chromium 143.0.7499.192 (boo#1256067):
+  * CVE-2026-0628: Insufficient policy enforcement in WebView tag
+
+- Chromium 143.0.7499.169 (stable released 2025-12-18)
+  * no cve listed yet
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20260112114750488113.93181000773252/_patchinfo

@@ -0,0 +1,35 @@
+<patchinfo incident="packagehub-68">
+  <packager>mcalabkova</packager>
+  <rating>moderate</rating>
+  <category>optional</category>
+  <summary>Optional update for certbot</summary>
+  <description>This update for certbot fixes the following issues:
+
+Various certbot packages and dependencies are being added.
+</description>
+<package>certbot-systemd-timer</package>
+<package>python-augeas</package>
+<package>python-bson</package>
+<package>python-certbot-apache</package>
+<package>python-certbot-dns-cloudflare</package>
+<package>python-certbot-dns-digitalocean</package>
+<package>python-certbot-dns-dnsimple</package>
+<package>python-certbot-dns-dnsmadeeasy</package>
+<package>python-certbot-dns-linode</package>
+<package>python-certbot-dns-luadns</package>
+<package>python-certbot-dns-nsone</package>
+<package>python-certbot-dns-ovh</package>
+<package>python-certbot-dns-rfc2136</package>
+<package>python-certbot-dns-route53</package>
+<package>python-cloudflare</package>
+<package>python-digitalocean</package>
+<package>python-dns-lexicon</package>
+<package>python-jsonlines</package>
+<package>python-jsonpickle</package>
+<package>python-localzone</package>
+<package>python-pytest-httpx</package>
+<package>python-requests-file</package>
+<package>python-softlayer</package>
+<package>python-softlayer-zeep</package>
+<package>python-tldextract</package>
+</patchinfo>