https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug ID: 1225537 Summary: openSUSE Leap 15.6 known security regressions Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: lubos.kocman@suse.com Blocks: 1224165 Target Milestone: --- Found By: --- Blocker: --- The packages listed blow are missing security maintenance in Leap 15.6 that we already released into openSUSE Leap 15.5. We should not release a new distribution release with known vulnerability regressions. Specifically these are maintenance updates we already performed into penSUSE:Backports:SLE-15-SP5:Update, that are not in openSUSE:Backports:SLE-15-SP6 in one way or another. boo#1217918 tor https://build.opensuse.org/request/show/1177405 to TW boo#1223420 cJSON https://build.opensuse.org/request/show/1176529 to devel project boo#1216403 gifsicle https://build.opensuse.org/request/show/1177406 to TW boo#1216429 roundcubemail https://build.opensuse.org/request/show/1177407 to TW boo#1222593, boo#1222594 sngrep https://build.opensuse.org/request/show/1177409 to TW boo#1212060, boo#1212061, boo#1212062, boo#1212063 sox https://build.opensuse.org/request/show/1177410 boo#1217153 yt-dlp https://build.opensuse.org/request/show/1177411 Bonus: CVE-2024-22423 not addressed boo#1219775, boo#1218199 zabbix https://build.opensuse.org/request/show/1177412 This does not include a comparison as to what is fixed in in Tumbleweed and missing in Leap 15.6. Ask to security and release team: monitor all of the above, and ensure that these or equivalent updates are submitted -- You are receiving this mail because: You are on the CC list for the bug.