<div class="container">
<h1>Security update for expat</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:20207-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-04-29T11:07:48Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219559">bsc#1219559</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219561">bsc#1219561</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1221289">bsc#1221289</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229930">bsc#1229930</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229931">bsc#1229931</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229932">bsc#1229932</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232579">bsc#1232579</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232601">bsc#1232601</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1239618">bsc#1239618</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/SLE-21253">jsc#SLE-21253</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2013-0340.html">CVE-2013-0340</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2019-15903.html">CVE-2019-15903</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-52425.html">CVE-2023-52425</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-52426.html">CVE-2023-52426</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-28757.html">CVE-2024-28757</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-45490.html">CVE-2024-45490</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-45491.html">CVE-2024-45491</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-45492.html">CVE-2024-45492</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-50602.html">CVE-2024-50602</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-8176.html">CVE-2024-8176</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2019-15903</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2019-15903</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2019-15903</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2019-15903</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-52425</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-52425</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-52426</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-52426</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-28757</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-28757</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-28757</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-45490</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.9</span>
<span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-45490</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-45490</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-45490</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">9.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-45491</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.9</span>
<span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-45491</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-45491</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">9.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-45492</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.9</span>
<span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-45492</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-45492</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">9.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-50602</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.6</span>
<span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-50602</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-50602</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-8176</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.7</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-8176</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-8176</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Micro 6.0</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves 10 vulnerabilities and contains one feature can now be installed.</p>
<h2>Description:</h2>
<p>This update for expat fixes the following issues:</p>
<p>Version update to 2.7.1:</p>
<ul>
<li>
<p>Bug fixes:</p>
</li>
<li>
<p>Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:</p>
<ul>
<li>XML_GetCurrentByteCount</li>
<li>XML_GetCurrentByteIndex</li>
<li>XML_GetCurrentColumnNumber</li>
<li>XML_GetCurrentLineNumber</li>
<li>XML_GetInputContext</li>
</ul>
</li>
<li>
<p>Other changes:
#976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat<em>.so.1.10.1)
to 11:2:10 (libexpat</em>.so.1.10.2); see https://verbump.de/
for what these numbers do</p>
<pre><code>Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
</code></pre>
<p>#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives</p>
</li>
</ul>
<p>Version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])</p>
<ul>
<li>Security fixes:</li>
<li>CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:<ul>
<li>general entities in character data ("<e>&g1;</e>")</li>
<li>general entities in attribute values ("<e k1='&g1;'/>")</li>
<li>parameter entities ("%p1;")</li>
</ul>
</li>
</ul>
<p>Known impact is (reliable and easy) denial of service:</p>
<p>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C</p>
<p>(Base Score: 7.5, Temporal Score: 7.2)</p>
<p>Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.</p>
<ul>
<li>Other changes:<ul>
<li>Document changes since the previous release</li>
<li>Version info bumped from 11:0:10 (libexpat<em>.so.1.10.0)
to 11:1:10 (libexpat</em>.so.1.10.1); see https://verbump.de/
for what these numbers do</li>
</ul>
</li>
</ul>
<p>Version update to 2.6.4:</p>
<ul>
<li>Security fixes: [bsc#1232601][bsc#1232579]<ul>
<li>CVE-2024-50602 -- Fix crash within function XML_ResumeParser
from a NULL pointer dereference by disallowing function
XML_StopParser to (stop or) suspend an unstarted parser.
A new error code XML_ERROR_NOT_STARTED was introduced to
properly communicate this situation. // CWE-476 CWE-754</li>
</ul>
</li>
<li>Other changes:<ul>
<li>Version info bumped from 10:3:9 (libexpat<em>.so.1.9.3)
to 11:0:10 (libexpat</em>.so.1.10.0); see https://verbump.de/
for what these numbers do</li>
</ul>
</li>
</ul>
<p>Update to 2.6.3:</p>
<ul>
<li>
<p>Security fixes:</p>
<ul>
<li>CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.</li>
<li>CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.</li>
<li>CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.</li>
</ul>
</li>
<li>
<p>Other changes:</p>
<ul>
<li>Version info bumped from 10:2:9 (libexpat<em>.so.1.9.2)
to 10:3:9 (libexpat</em>.so.1.9.3); see https://verbump.de/
for what these numbers do </li>
</ul>
</li>
</ul>
<p>Update to 2.6.2:</p>
<ul>
<li>CVE-2024-28757 -- Prevent billion laughs attacks with isolated
use of external parsers (bsc#1221289)</li>
<li>Reject direct parameter entity recursion and avoid the related
undefined behavior</li>
</ul>
<p>Update to 2.6.1:</p>
<ul>
<li>Expose billion laughs API with XML_DTD defined and XML_GE
undefined, regression from 2.6.0</li>
<li>Make tests independent of CPU speed, and thus more robust</li>
</ul>
<p>Update to 2.6.0: </p>
<ul>
<li>Security fixes:<ul>
<li>CVE-2023-52425 (bsc#1219559)<br />
Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request #789 and to include earlier pull request #771,
in order to not break the fix.</li>
<li>CVE-2023-52426 (bsc#1219561)
Fix billion laughs attacks for users
compiling <em>without</em> XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).</li>
</ul>
</li>
<li>Bug fixes:<ul>
<li>Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark</li>
<li>Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined</li>
<li>Protect against closing entities out of order</li>
</ul>
</li>
<li>Other changes:<ul>
<li>Improve support for arc4random/arc4random_buf</li>
<li>Improve buffer growth in XML_GetBuffer and XML_Parse</li>
<li>xmlwf: Support --help and --version</li>
<li>xmlwf: Support custom buffer size for XML_GetBuffer and read</li>
<li>xmlwf: Improve language and URL clickability in help output</li>
<li>examples: Add new example "element_declarations.c"</li>
<li>Be stricter about macro XML_CONTEXT_BYTES at build time</li>
<li>Make inclusion to expat_config.h consistent</li>
<li>Autotools: configure.ac: Support --disable-maintainer-mode</li>
<li>Autotools: Sync CMake templates with CMake 3.26</li>
<li>Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability</li>
<li>Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows</li>
<li>Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)</li>
<li>Autotools|CMake: Fix PACKAGE_BUGREPORT variable</li>
<li>Autotools|CMake: Make test suite require a C++11 compiler</li>
<li>CMake: Require CMake >=3.5.0</li>
<li>CMake: Lowercase off_t and size_t to help a bug in Meson</li>
<li>CMake: Sort xmlwf sources alphabetically</li>
<li>CMake|Windows: Fix generation of DLL file version info</li>
<li>CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON</li>
<li>docs: Document the importance of isFinal + adjust tests
accordingly</li>
<li>docs: Improve use of "NULL" and "null"</li>
<li>docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)</li>
<li>docs: reference.html: Promote function XML_ParseBuffer more</li>
<li>docs: reference.html: Add HTML anchors to XML_* macros</li>
<li>docs: reference.html: Upgrade to OK.css 1.2.0</li>
<li>docs: Fix typos</li>
<li>docs|CI: Use HTTPS URLs instead of HTTP at various places</li>
<li>Address compiler warnings</li>
<li>Address clang-tidy warnings</li>
<li>Version info bumped from 9:10:8 (libexpat<em>.so.1.8.10)
to 10:0:9 (libexpat</em>.so.1.9.0); see https://verbump.de/
for what these numbers do</li>
</ul>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Micro 6.0
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-6.0-304=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
<ul>
<li>libexpat1-2.7.1-1.1</li>
<li>expat-debugsource-2.7.1-1.1</li>
<li>libexpat1-debuginfo-2.7.1-1.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2013-0340.html">https://www.suse.com/security/cve/CVE-2013-0340.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2019-15903.html">https://www.suse.com/security/cve/CVE-2019-15903.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-52425.html">https://www.suse.com/security/cve/CVE-2023-52425.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-52426.html">https://www.suse.com/security/cve/CVE-2023-52426.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-28757.html">https://www.suse.com/security/cve/CVE-2024-28757.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-45490.html">https://www.suse.com/security/cve/CVE-2024-45490.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-45491.html">https://www.suse.com/security/cve/CVE-2024-45491.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-45492.html">https://www.suse.com/security/cve/CVE-2024-45492.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-50602.html">https://www.suse.com/security/cve/CVE-2024-50602.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-8176.html">https://www.suse.com/security/cve/CVE-2024-8176.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219559">https://bugzilla.suse.com/show_bug.cgi?id=1219559</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219561">https://bugzilla.suse.com/show_bug.cgi?id=1219561</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1221289">https://bugzilla.suse.com/show_bug.cgi?id=1221289</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229930">https://bugzilla.suse.com/show_bug.cgi?id=1229930</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229931">https://bugzilla.suse.com/show_bug.cgi?id=1229931</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229932">https://bugzilla.suse.com/show_bug.cgi?id=1229932</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232579">https://bugzilla.suse.com/show_bug.cgi?id=1232579</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232601">https://bugzilla.suse.com/show_bug.cgi?id=1232601</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1239618">https://bugzilla.suse.com/show_bug.cgi?id=1239618</a>
</li>
<li>
<a href="https://jira.suse.com/browse/SLE-21253">https://jira.suse.com/browse/SLE-21253</a>
</li>
</ul>
</div>