On Mon, Mar 28, 2022 at 04:52:45PM +0200, Ben Greiner wrote:

Hi,

Two days ago, google released a critical security fix for a vulnerability presumably already exploited in the wild.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1096 https://www.forbes.com/sites/daveywinder/2022/03/26/google-confirms-emergenc... https://www.heise.de/news/Webbrowser-Notfallupdate-fuer-Google-Chrome-663841... (German)

Packages e.g. for chromium have been fixed in Factory and SLE Backports, but the current snapshot of Tumbleweed still does not have it.

https://bugzilla.opensuse.org/show_bug.cgi?id=1197552

Shouldn't there be some fasttrack through OpenQA in order to prevent such delays?

I also submitted it to openSUSE:Factory:Update now, which is our bypass project. Ciao, Marcus