https://bugzilla.suse.com/show_bug.cgi?id=1234492 https://bugzilla.suse.com/show_bug.cgi?id=1234492#c1 --- Comment #1 from Gianluca Gabrielli <gianluca.gabrielli@suse.com> --- The packages below are or contain embedded packages that are vulnerable to . Tracking as affected: - openSUSE:Backports:SLE-15-SP5/spdx-sbom-generator contains embedded package: golang.org/x/crypto/ssh (0.0.0-20200302210943-78000ba7a073) - openSUSE:Backports:SLE-15-SP5:Update/spdx-sbom-generator contains embedded package: golang.org/x/crypto/ssh (0.0.0-20200302210943-78000ba7a073) - openSUSE:Backports:SLE-15-SP6/spdx-sbom-generator contains embedded package: golang.org/x/crypto/ssh (0.0.0-20200302210943-78000ba7a073) - openSUSE:Backports:SLE-15-SP6:Update/spdx-sbom-generator contains embedded package: golang.org/x/crypto/ssh (0.0.0-20200302210943-78000ba7a073) - openSUSE:Factory/spdx-sbom-generator contains embedded package: golang.org/x/crypto/ssh (0.0.0-20200302210943-78000ba7a073) Please consider version bumping or patching the affected dependencies. The listed codestreams are affected. All other codestreams should not be affected, but feel free to double-check. This is a auto-generated message, please reach out to the reporter directly if you think this is incorrect. No bug-owner found for these packages, if the assignation is not correct feel free to re-assign. -- You are receiving this mail because: You are on the CC list for the bug.