Hi everyone, I am on openSUSE Leap 15.5, everything is patched to latest. Strange thing, my latest gstreamer-plugins-bad are 1.22.0-lp155.3.7.1, whereas there is 1.22.0-150500.3.20.1 available: Security update for gstreamer-plugins-bad | SUSE Support | SUSE
zypper info gstreamer-plugins-bad
Version : 1.22.0-lp155.3.7.1
Arch : x86_64
Vendor : openSUSE
Installed Size : 8.2 MiB
Installed : Yes
Status : up-to-date
Source package : gstreamer-plugins-bad-1.22.0-lp155.3.7.1.src
zypper in -t patch SUSE-2024-89=1
Loading repository data…
Reading installed packages…
‘SUSE-2024-89=1’ not found in package names. Trying capabilities.
No provider of ‘SUSE-2024-89=1’ found.
openSUSE Leap is based on SUSE, e.g. openSUSE Leap 15.6 ist based on SLES 15 SP6.
openSUSE Leap get updates form SLES 15 backports. This is the reason for the patchname “SUSE-2024-89”.
The patch is is for openSUSE Leap: gstreamer-plugins-bad-1.22.0-lp155.3.7.1 → lp stands for Leap.
155 → for openSUSE Leap 15.5 (more exactly it comes from SLES 15 SP5 backports.
The entry “Vendor : openSUSE” shows, that the patch is for openSUSE
I am also missing this patch and asked at the security mailing list:
Thanks Carsten (Namensvetter) for this reflection and putting this on the security mailing list. I actually have another finding, maybe you can check on that, too?
zypper info busybox
Repository : openSUSE-Leap-15.5-Oss
Name : busybox
Version : 1.35.0-150500.8.2
Arch : x86_64
Vendor : SUSE LLC https://www.suse.com/
Installed Size : 1.2 MiB
Installed : Yes
Status : up-to-date
Not every package in openSUSE originates in SLE (and not every package in SLE is available in openSUSE). Not every patch in openSUSE originates in SLE (and not every patch in SLE is available in openSUSE). And even patches that do originate in SLE are available from openSUSE repositories under different names.