Packages changed: libssh libzypp (17.31.17 -> 17.31.18) plasma5-desktop (5.27.7 -> 5.27.7.1) python311 python311-core webkit2gtk3 (2.40.4 -> 2.40.5) webkit2gtk4 (2.40.4 -> 2.40.5) xen === Details === ==== libssh ==== Subpackages: libssh-config libssh4 - Add fix to spec file for the incorrect include path as a result of the default openSSH move to /usr/etc, (boo#1211718). ==== libzypp ==== Version update (17.31.17 -> 17.31.18) - SINGLE_RPMTRANS: Respect ZYPP_READONLY_HACK when checking the zypp-rpm lock (fixes openSUSE/openSUSE-repos#29) - version 17.31.18 (22) ==== plasma5-desktop ==== Version update (5.27.7 -> 5.27.7.1) Subpackages: plasma5-desktop-emojier plasma5-desktop-lang - Update to 5.27.7.1: * Panel: fix applet not returning focus after pressing applet shortcut (kde#472909) * Migrate missing key handling/accessibility features from default CompactRepresentation ==== python311 ==== Subpackages: python311-curses python311-dbm - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). (The patch is faulty, gh#python/cpython#106669, but upstream decided not to just revert it). ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). (The patch is faulty, gh#python/cpython#106669, but upstream decided not to just revert it). ==== webkit2gtk3 ==== Version update (2.40.4 -> 2.40.5) Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.40.5 (boo#1213905): + Fix several crashes and rendering issues. + Security fixes: CVE-2023-38133, CVE-2023-38572, CVE-2023-38592, CVE-2023-38594, CVE-2023-38595, CVE-2023-38597,, CVE-2023-38599,, CVE-2023-38600, CVE-2023-38611. ==== webkit2gtk4 ==== Version update (2.40.4 -> 2.40.5) Subpackages: WebKitGTK-6.0-lang libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.40.5 (boo#1213905): + Fix several crashes and rendering issues. + Security fixes: CVE-2023-38133, CVE-2023-38572, CVE-2023-38592, CVE-2023-38594, CVE-2023-38595, CVE-2023-38597,, CVE-2023-38599,, CVE-2023-38600, CVE-2023-38611. ==== xen ==== - Add more debug to libxc-sr-track-migration-time.patch This is supposed to help with doing the math in case xl restore fails with ERANGE as reported in bug#1209311 - bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed (XSA-433) 64bea1b2-x86-AMD-Zenbleed.patch