Comment # 1 on bug 1234589 from Andrea Mattiazzo 
The packages below are or contain embedded packages that are vulnerable to
CVE-2024-45337:

- openSUSE:Backports:SLE-15-SP5/ceph-csi contains embedded package:
golang.org/x/crypto/ssh (0.0.0-20210220033148-5ea612d1eb83)
- openSUSE:Backports:SLE-15-SP5:Update/ceph-csi contains embedded package:
golang.org/x/crypto/ssh (0.0.0-20210220033148-5ea612d1eb83)
- openSUSE:Backports:SLE-15-SP6/ceph-csi contains embedded package:
golang.org/x/crypto/ssh (0.0.0-20210220033148-5ea612d1eb83)
- openSUSE:Backports:SLE-15-SP6:Update/ceph-csi contains embedded package:
golang.org/x/crypto/ssh (0.0.0-20210220033148-5ea612d1eb83)
- openSUSE:Factory/ceph-csi contains embedded package: golang.org/x/crypto/ssh
(0.0.0-20210220033148-5ea612d1eb83)

Please consider version bumping or patching the affected dependencies.
The listed codestreams are affected. All other codestreams should not be
affected, but feel free to double-check.
This is a auto-generated message, please reach out to the reporter directly if
you think this is incorrect.

You are receiving this mail because: