bor@leap15:~> zypper lu Loading repository data... Reading installed packages... S | Repository | Name | Current Version | Available Version | Arch --+--------------------------------------------------------------+--------------------+-----------------+-------------------+------- v | Update repository with updates from SUSE Linux Enterprise 15 | MozillaThunderbird | 78.10.0-8.23.1 | 78.10.2-8.27.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | python3-py | 1.8.1-5.3.5 | 1.8.1-5.6.1 | noarch bor@leap15:~> zypper lp Loading repository data... Reading installed packages... Repository | Name | Category | Severity | Interactive | Status | Summary -------------------------------------------------------------+----------------+-------------+-----------+-------------+--------+---------------------------- Update repository with updates from SUSE Linux Enterprise 15 | SUSE-2021-1526 | recommended | important | --- | needed | Recommended update for bash Found 1 applicable patch: 1 patch needed (0 security patches) bor@leap15:~> I was under impression that after GA only patches are released. Both updated packages come from SLE SP2 update repository without corresponding patch info. Is it intentional? If we look at SUSE site, patch information *does* exist and it is SUSE-SLE-Product-WE-15-SP2-2021-1854 and SUSE-SLE-Module-Basesystem-15-SP2-2021-1859. Oh, and why repository is SLE SP2 and not SLE SP3? This would be logical, no? Leap 15.3 on SLE SP3 after all, but these two updates are not in http://download.opensuse.org/update/leap/15.3/sle/sle-sp3/ (although they are available for SLE).