http://bugzilla.suse.com/show_bug.cgi?id=1136958 Alexandros Toptsoglou changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|VUL-0: CVE-2019-12439: |VUL-1: CVE-2019-12439: |bubblewrap: temporary |bubblewrap: temporary |directory misuse as mount |directory misuse as mount |point |point -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136958 Alexandros Toptsoglou changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://smash.suse.de/issue | |/233976/ -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136958 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136958 http://bugzilla.suse.com/show_bug.cgi?id=1136958#c2 Alexandros Toptsoglou changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(atoptsoglou@suse. | |com) | --- Comment #2 from Alexandros Toptsoglou --- (In reply to Sebastian Wagner from comment #1)

fixed in Virtualization:containers Request for Factory: https://build.opensuse.org/request/show/706819 Request for Leap 15.1: https://build.opensuse.org/request/show/706820

Is it also required for Leap 15.0?

Hi Sebastian, Since Leap 15.0 is still on life. It is preferable to have a submission also for Leap. Thanks. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136958 http://bugzilla.suse.com/show_bug.cgi?id=1136958#c3 --- Comment #3 from Sebastian Wagner --- See https://build.opensuse.org/request/show/708190 for 15.0. I managed to adapt the patch for the older version -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136958 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:10346:moderate | -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136958 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:11815:important | -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136958 http://bugzilla.suse.com/show_bug.cgi?id=1136958#c7 --- Comment #7 from Swamp Workflow Management --- SUSE-SU-2019:1826-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1136958 CVE References: CVE-2019-12439 Sources used: SUSE Linux Enterprise Module for Desktop Applications 15 (src): bubblewrap-0.2.0-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136958 http://bugzilla.suse.com/show_bug.cgi?id=1136958#c8 --- Comment #8 from Swamp Workflow Management --- openSUSE-SU-2019:1721-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1136958 CVE References: CVE-2019-12439 Sources used: openSUSE Leap 15.0 (src): bubblewrap-0.2.0-lp150.2.3.1 -- You are receiving this mail because: You are on the CC list for the bug.