{"id":"openSUSE-RU-2026:20161-1","summary":"Recommended update for hauler","details":"This update for hauler fixes the following issues:\n\nChanges in hauler:\n\n- Update to version 1.4.1 (bsc#1256546, CVE-2026-22772):\n  * fixed typos for containerd imports (#493)\n  * fix and support containerd imports of `hauls` (#492)\n  * bump github.com/sigstore/fulcio (#489)\n\n- Update to version 1.4.0:\n  * added/updated logging for `serve` and `remove` (#487)\n  * added/fixed helm chart images/dependencies features (#485)\n  * more experimental feature updates (#486)\n  * add experimental notes (#483)\n  * updated tempdir flag to store persistent flags (#484)\n  * delete artifacts from store (#473)\n  * path rewrites (#475)\n  * updated/fixed workflow dependency versions (#478)\n\n- Update to version 1.3.2:\n  * bump to latest cosign fork release (#481)\n  * Bump golang.org/x/crypto in the go_modules group across 1 directory (#476)\n","modified":"2026-03-23T04:53:09.925078Z","published":"2026-01-27T17:25:17Z","related":["CVE-2026-22772"],"upstream":["CVE-2026-22772"],"references":[{"type":"ADVISORY"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256546"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-22772"}],"affected":[{"package":{"name":"hauler","ecosystem":"openSUSE:Leap 16.0","purl":"pkg:rpm/opensuse/hauler&distro=openSUSE%20Leap%2016.0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.1-bp160.1.1"}]}],"ecosystem_specific":{"binaries":[{"hauler":"1.4.1-bp160.1.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-RU-2026:20161-1.json"}}],"schema_version":"1.7.5"}