SUSE-RU-2025:0145-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2025/suse-ru-20250145-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:0145-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/SUSE-RU-2025:0145-1

Related

Published

2025-01-16T14:27:33Z

Modified

2025-01-16T14:27:33Z

Summary

Recommended update for bubblewrap, flatpak, wayland-protocols

Details

This update for bubblewrap, flatpak updates flatpak to 1.16.0.

flatpak changes:

Update to version 1.16.0:
- Bug fixes:
  - Update libglnx to 2024-12-06:
    
    . Fix an assertion failure if creating a parent directory encounters a dangling symlink. . Fix a Meson warning. . Don't emit terminal progress indicator escape sequences by default. They are interpreted as notifications by some terminal emulators.
  - Fix introspection annotations in libflatpak.
- Enhancements:
  - Add the FLATPAKTTYPROGRESS environment variable, which re-enables the terminal progress indicator escape sequences added in 1.15.91.
  - Document the FLATPAKFANCYOUTPUT environment variable, which allows disabling the fancy formatting when outputting to a terminal.

Update to version 1.15.91 (unstable):

Enhancements:
- Add the FLATPAKDATADIR environment variable, which allows overriding at runtime the data directory location that Flatpak uses to search for configuration files such as remotes. This is useful for running tests, and for when installing using Flatpak in a chroot.
- Add a FLATPAKDOWNLOADTMPDIR variable. This allows using download directories other than /var/tmp.
- Emit progress escape sequence. This can be used by terminal emulators to detect and display progress of Flatpak operations on their graphical user interfaces.
Bug fixes:
- Install missing test data. This should fix 'as-installed' tests via ginsttest-runner, used for example in Debian's autopkgtest framework.
- Unify and improve how the Wayland socket is passed to the sandboxed app. This should fix a regression that is triggered by compositors that both implement the security-context-v1 protocol, and sets the WAYLAND_DISPLAY environment variable when launching Flatpak apps.
- Fix the plural form of a translatable string.

Update to version 1.15.12:

Return to using the process ID of the Flatpak app in the cgroup name. Using the instance ID in 1.15.11 caused crashes when installing apps, extensions or runtimes that use the 'extra data' mechanism, which does not set up an instance ID.

Changes from version 1.15.11:

Dependencies:
- In distributions that compile Flatpak to use a separate xdg-dbus-proxy executable, version 0.1.6 is recommended (but not required).
- The minimum xdg-dbus-proxy continues to be 0.1.0.
Enhancements:
- Allow applications like WebKit to connect the AT-SPI accessibility tree of processes in a sub-sandbox with the tree in the main process. . New sandboxing parameter flatpak run --a11y-own-name, which is like --own-name but for the accessibility bus. . flatpak-portal API v7: add new sandbox-a11y-own-names option, which accepts names matching ${FLATPAKID}.* . Apps may call the org.a11y.atspi.Socket.Embedded method on names matching ${FLATPAKID}.Sandboxed.* by default . flatpak run -vv $app_id shows all applicable sandboxing parameters and their source, including overrides, as debug messages
- Introduce USB device listing . Apps can list which USB devices they want to access ahead of time by using the --usb parameter. Check the manpages for the more information about the accepted syntax. . Denying access to USB devices is also possible with the --no-usb parameter. The syntax is equal to --usb. . Both options merely store metadata, and aren't used by Flatpak itself. This metadata is intended to be used by the (as of now, still in progress) USB portal to decide which devices the app can enumerate and request access.
- Add support for KDE search completion
- Use the instance id of the Flatpak app as part of the cgroup name. This better matches the naming conventions for cgroup.
Bug fixes:
- Update libglnx to 2024-08-23
- fix build in environments that use -Werror=return-type, such as openSUSE Tumbleweed
- add a fallback definition for GPIDFORMAT with older GLib
- avoid warnings for gstealfd() with newer GLib
- improve compatibility of g_closefrom() backport with newer GLib
- Update meson wrap file for xdg-dbus-proxy to version 0.1.6:
- compatibility with D-Bus implementations that pipeline the authentication handshake, such as sd-bus and zbus
- compatibility with D-Bus implementations that use non-consecutive serial numbers, such as godbus and zbus
- broadcast signals can be allowed without having to add TALK permission
- fix memory leaks
Internal changes:
- Better const-correctness
- Fix a shellcheck warning in the tests
  - add weak dep on p11-kit-server for certificate transfer (boo#1188902)
  - disable parental controls for now by using '-Dmalcontent=disabled', to work around issues with xdg-desktop-portal

Update to version 1.14.10:

Dependencies: In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, either version 0.10.0, version 0.6.x ≥ 0.6.3, or a version with a backport of the --bind-fd option is required. These versions add a new feature which is required by the security fix in this release.
Security fixes: Don't follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (bsc#1229157, CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
Documentation: Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)
Version 1.14.9 was not released due to an incompatibility with older versions of GLib. Version 1.14.10 replaces it.

Update to version 1.14.8:

No changes. This release is rolling out to correct mismatching submodule versions in the release tarball.

Update to version 1.14.7:

New features: Automatically reload D-Bus session bus configuration after installing or upgrading apps, to pick up any exported D-Bus services (#3342)
Bug fixes:
- Expand the list of environment variables that Flatpak apps do not inherit from the host system (#5765, #5785)
- Don't refuse to start apps when there is no D-Bus system bus available (#5076)
- Don't try to repeat migration of apps whose data was migrated to a new name and then deleted (#5668)
- Fix warnings from newer GLib versions (#5660)
- Always set the container environment variable (#5610)
- In flatpak ps, add xdg-desktop-portal-gnome to the list of backends we'll use to learn which apps are running in the background (#5729)
- Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into the shell environment (#5574)
- Avoid undefined behaviour of signed left-shift when storing object IDs in a hash table (#5738)
- Fix Docbook validity in documentation (#5719)
- Skip more tests when FUSE isn't available (#5611)
- Fix a misleading comment in the test for CVE-2024-32462 (#5779)
Internal changes:
- Fix Github Workflows recipes

Update to version 1.14.6:

Security fixes:
- Don't allow an executable name to be misinterpreted as a command-line option for bwrap(1). This prevents a sandbox escape where a malicious or compromised app could ask xdg-desktop-portal to generate a .desktop file with access to files outside the sandbox. (CVE-2024-32462, bsc#1223110)
Other bug fixes:
- Don't parse <developer><name/></developer> as the application name (#5700)

bubblewrap changes:

Update to 0.11.0:

New --overlay, --tmp-overlay, --ro-overlay and --overlay-src options allow creation of overlay mounts. This feature is not available when bubblewrap is installed setuid.
New --level-prefix option produces output that can be parsed by tools like logger --prio-prefix and systemd-cat --level-prefix=1
bug fixes and developer visible changes

Update to version v0.10.0:

New features: Add the --[ro-]bind-fd option, which can be used to mount a filesystem represented by a file descriptor without time-of-check/time-of-use attacks. This is needed when resolving security issue in Flatpak. (CVE-2024-42472, bsc#1229157)
Other changes: Fix some confusing syntax in SetupOpFlag (no functional change).

Update to v0.9.0:

Build system changed to Meson from Autotools
Add --argv0 https://github.com/containers/bubblewrap/issues/91
--symlink is now idempotent, meaning it succeeds if the symlink already exists and already has the desired target
Clarify security considerations in documentation
Clarify documentation for --cap-add
Report a better error message if mount(2) fails with ENOSPC
Fix a double-close on error reading from --args, --seccomp or --add-seccomp-fd argument
Improve memory allocation behaviour

wayland-protocols was changed:

Update to version 1.36:

xdg-dialog: fix missing namespace in protocol name

Changes from version 1.35:

cursor-shape-v1: Does not advertises the list of supported cursors
xdg-shell: add missing enum attribute to setconstraintadjustment
xdg-shell: recommend against drawing decorations when tiled
tablet-v2: mark as stable
staging: add alpha-modifier protocol

Update to 1.36:

Fix to the xdg dialog protocol
tablet-v2 protocol is now stable
alpha-modifier: new protocol
Bug fix to the cursor shape documentation
The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled

Update to 1.34:

xdg-dialog: new protocol
xdg-toplevel-drag: new protocol
Fix typo in ext-foreign-toplevel-list-v1
tablet-v2: clarify that name/id events are optional
linux-drm-syncobj-v1: new protocol
linux-explicit-synchronization-v1: add linux-drm-syncobj note

Update to version 1.33:

xdg-shell: Clarify what a toplevel by default includes
linux-dmabuf: sync changes from unstable to stable
linux-dmabuf: require all planes to use the same modifier
presentation-time: stop referring to Linux/glibc
security-context-v1: Make sandbox engine names use reverse-DNS
xdg-decoration: remove ambiguous wording in configure event
xdg-decoration: fix configure event summary
linux-dmabuf: mark as stable
linux-dmabuf: add note about implicit sync
security-context-v1: Document what can be done with the open sockets
security-context-v1: Document out of band metadata for flatpak
- Use gcc11 in SLE15 in order to fix a ppc64le test that was failing when built with gcc7 (boo#1216320)

Update to version 1.32:

ext-foreign-toplevel-list: new protocol
cursor-shape-v1: new protocol
security-context-v1: new protocol
xdg-shell: add suspended toplevel state
Apart from these new additions, this release also brings the usual clarifications, cleanups and fixes.

References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP6 / bubblewrap

Package

Name: bubblewrap
Purl: pkg:rpm/suse/bubblewrap&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.0-150500.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Desktop Applications 15 SP6 / flatpak

Package

Name: flatpak
Purl: pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.0-150600.3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150600.3.6.1",
            "flatpak-remote-flathub": "1.16.0-150600.3.6.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150600.3.6.1",
            "flatpak-zsh-completion": "1.16.0-150600.3.6.1",
            "libflatpak0": "1.16.0-150600.3.6.1",
            "flatpak": "1.16.0-150600.3.6.1",
            "system-user-flatpak": "1.16.0-150600.3.6.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS / bubblewrap

Package

Name: bubblewrap
Purl: pkg:rpm/suse/bubblewrap&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.0-150500.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS / flatpak

Package

Name: flatpak
Purl: pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.0-150500.3.15.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS / wayland-protocols

Package

Name: wayland-protocols
Purl: pkg:rpm/suse/wayland-protocols&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.36-150500.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS / bubblewrap

Package

Name: bubblewrap
Purl: pkg:rpm/suse/bubblewrap&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.0-150500.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS / flatpak

Package

Name: flatpak
Purl: pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.0-150500.3.15.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS / wayland-protocols

Package

Name: wayland-protocols
Purl: pkg:rpm/suse/wayland-protocols&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.36-150500.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP5-LTSS / bubblewrap

Package

Name: bubblewrap
Purl: pkg:rpm/suse/bubblewrap&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.0-150500.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP5-LTSS / flatpak

Package

Name: flatpak
Purl: pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.0-150500.3.15.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP5-LTSS / wayland-protocols

Package

Name: wayland-protocols
Purl: pkg:rpm/suse/wayland-protocols&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.36-150500.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP5 / bubblewrap

Package

Name: bubblewrap
Purl: pkg:rpm/suse/bubblewrap&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.0-150500.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP5 / flatpak

Package

Name: flatpak
Purl: pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.0-150500.3.15.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP5 / wayland-protocols

Package

Name: wayland-protocols
Purl: pkg:rpm/suse/wayland-protocols&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.36-150500.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150500.3.15.1",
            "flatpak-remote-flathub": "1.16.0-150500.3.15.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150500.3.15.1",
            "flatpak-zsh-completion": "1.16.0-150500.3.15.1",
            "libflatpak0": "1.16.0-150500.3.15.1",
            "flatpak": "1.16.0-150500.3.15.1",
            "system-user-flatpak": "1.16.0-150500.3.15.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1",
            "wayland-protocols-devel": "1.36-150500.3.3.1"
        }
    ]
}

openSUSE:Leap 15.6 / bubblewrap

Package

Name: bubblewrap
Purl: pkg:rpm/opensuse/bubblewrap&distro=openSUSE%20Leap%2015.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.0-150500.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150600.3.6.1",
            "flatpak-remote-flathub": "1.16.0-150600.3.6.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150600.3.6.1",
            "flatpak-zsh-completion": "1.16.0-150600.3.6.1",
            "libflatpak0": "1.16.0-150600.3.6.1",
            "flatpak": "1.16.0-150600.3.6.1",
            "system-user-flatpak": "1.16.0-150600.3.6.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1"
        }
    ]
}

openSUSE:Leap 15.6 / flatpak

Package

Name: flatpak
Purl: pkg:rpm/opensuse/flatpak&distro=openSUSE%20Leap%2015.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.0-150600.3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "flatpak-devel": "1.16.0-150600.3.6.1",
            "flatpak-remote-flathub": "1.16.0-150600.3.6.1",
            "typelib-1_0-Flatpak-1_0": "1.16.0-150600.3.6.1",
            "flatpak-zsh-completion": "1.16.0-150600.3.6.1",
            "libflatpak0": "1.16.0-150600.3.6.1",
            "flatpak": "1.16.0-150600.3.6.1",
            "system-user-flatpak": "1.16.0-150600.3.6.1",
            "bubblewrap": "0.11.0-150500.3.9.1",
            "bubblewrap-zsh-completion": "0.11.0-150500.3.9.1"
        }
    ]
}