https://bugzilla.suse.com/show_bug.cgi?id=1233863 https://bugzilla.suse.com/show_bug.cgi?id=1233863#c1 --- Comment #1 from Andrea Mattiazzo <andrea.mattiazzo@suse.com> --- The packages below are or contain embedded packages that are vulnerable to CVE-2024-21538: - openSUSE:Backports:SLE-15-SP5/asar contains embedded package: cross-spawn (6.0.5) - openSUSE:Backports:SLE-15-SP5/asar contains embedded package: cross-spawn (7.0.3) - openSUSE:Backports:SLE-15-SP5:Update/asar contains embedded package: cross-spawn (6.0.5) - openSUSE:Backports:SLE-15-SP6/asar contains embedded package: cross-spawn (6.0.5) - openSUSE:Backports:SLE-15-SP6:Update/asar contains embedded package: cross-spawn (6.0.5) - openSUSE:Factory/asar contains embedded package: cross-spawn (6.0.5) - openSUSE:Factory/asar contains embedded package: cross-spawn (5.1.0) - openSUSE:Factory/asar contains embedded package: cross-spawn (4.0.2) Please consider version bumping or patching the affected dependencies. The listed codestreams are affected. All other codestreams should not be affected, but feel free to double-check. This is a auto-generated message, please reach out to the reporter directly if you think this is incorrect. -- You are receiving this mail because: You are on the CC list for the bug.