From 969f62f547655cf58aa10ece868dd89863642414 Mon Sep 17 00:00:00 2001
From: Jia Chao <jiac13@chinaunicom.cn>
Date: Tue, 25 Jun 2024 14:38:19 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20analyzer:=20db?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
---
 Cargo.toml          |     4 +
 src/analyzer/db.rs  |   100 +
 src/analyzer/mod.rs |     1 +
 src/cli.rs          |     2 +-
 src/lib.rs          |     2 +
 test/updateinfo.xml | 67586 ++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 67694 insertions(+), 1 deletion(-)
 create mode 100644 src/analyzer/db.rs
 create mode 100644 src/analyzer/mod.rs
 create mode 100644 test/updateinfo.xml

diff --git a/Cargo.toml b/Cargo.toml
index 389e0fd..53c1098 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -5,3 +5,7 @@ edition = "2021"
 
 [dependencies]
 clap = { version = "4.0", features = ["derive"] }
+cvrf-xmlparser = { git = "http://git.culinux.net/jiachao2130/cvrf-xmlparser.git", version = "0.1.0" }
+updateinfo-xmlparser = { git = "http://git.culinux.net/jiachao2130/updateinfo-xmlparser.git", version = "0.1.0" }
+serde = { version = "1", features = ["serde_derive"] }
+toml = { version = "0.8" }
diff --git a/src/analyzer/db.rs b/src/analyzer/db.rs
new file mode 100644
index 0000000..8417a80
--- /dev/null
+++ b/src/analyzer/db.rs
@@ -0,0 +1,100 @@
+use std::collections::HashMap;
+
+use cvrf_xmlparser::{SaInfo, CVE};
+use serde::{Deserialize, Serialize};
+use updateinfo_xmlparser::{UpdateInfoDb, RpmInfo};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct PacakgeDb {
+    db: HashMap<String, Vec<RpmInfo>>,
+}
+
+impl PacakgeDb {
+    pub fn new() -> Self {
+        PacakgeDb {
+            db: HashMap::new(),
+        }
+    }
+
+    /// 从已有的 updateinfo 仓库文件中，获取所有与安全更新相关的软件包
+    pub fn load_from_updateinfodb(&mut self, updateinfodb: &UpdateInfoDb) {
+        for updateinfo in &updateinfodb.db {
+            for pkg in &updateinfo.pkglist {
+                if let Some(rpms) = self.db.get_mut(pkg.name()) {
+                    rpms.push(pkg.clone());
+                } else {
+                    let rpms = vec![pkg.clone()];
+                    self.db.insert(pkg.name().to_string(), rpms);
+                }
+            }
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct SaDb {
+    db: HashMap<String, SaInfo>,
+}
+
+impl SaDb {
+    pub fn new() -> Self {
+        SaDb {
+            db: HashMap::new(),
+        }
+    }
+
+    /// 一般来自对 cvrf 文件解析并转换为 SaInfo 的文本数据文件
+    pub fn load_from_file(&mut self, file: &str) -> crate::Result<()> {
+        let data = std::fs::read_to_string(file)?;
+        self.db = toml::from_str(&data)?;
+        Ok(())
+    }
+
+    /// 从 SaInfo 中提取出所有的 CVE 源
+    pub fn get_cvedb(&self) -> CveDb {
+        let mut cvedb = CveDb::new();
+
+        self.db.iter().for_each(|(_, sainfo)| {
+            sainfo.cves.iter().for_each(|cve| {
+                cvedb.db.insert(cve.id.clone(), cve.clone());
+            })
+        });
+
+        cvedb
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct CveDb {
+    db: HashMap<String, CVE>,
+}
+
+impl CveDb {
+    #[allow(dead_code)]
+    pub fn new() -> Self {
+        CveDb {
+            db: HashMap::new(),
+        }
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn pkgdb_works() {
+        assert!(true);
+
+        let updatexml = "test/updateinfo.xml";
+        let mut updatedb = UpdateInfoDb::new();
+        updatedb.load_xml(&updatexml).unwrap();
+
+        let mut pkgdb = PacakgeDb::new();
+        pkgdb.load_from_updateinfodb(&updatedb);
+
+        let bash_pkgs = pkgdb.db.get("bash").unwrap();
+
+        assert_eq!(bash_pkgs.len(), 2);
+    }
+}
diff --git a/src/analyzer/mod.rs b/src/analyzer/mod.rs
new file mode 100644
index 0000000..dec1023
--- /dev/null
+++ b/src/analyzer/mod.rs
@@ -0,0 +1 @@
+pub mod db;
diff --git a/src/cli.rs b/src/cli.rs
index 1025d99..a50530c 100644
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -1,4 +1,4 @@
-use clap::{Parser, command};
+use clap::{command, Parser};
 
 /// CULinux Vulnerability Analyze Tool (简称 CULinux-VAT) 是一个用于分析是一个用于分析和检测 Linux
 /// 系统漏洞的工具。该工具旨在帮助系统管理员和安全专业人员识别和修复潜在的安全漏洞，以确保 CULinux
diff --git a/src/lib.rs b/src/lib.rs
index b3cd904..caa7a77 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,5 +1,7 @@
 pub mod cli;
 
+mod analyzer;
+
 /// 定义 crate::Error
 /// 大部分函数返回的错误
 pub type Error = Box<dyn std::error::Error + Send + Sync>;
diff --git a/test/updateinfo.xml b/test/updateinfo.xml
new file mode 100644
index 0000000..9a3c58f
--- /dev/null
+++ b/test/updateinfo.xml
@@ -0,0 +1,67586 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<updates>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1587</id>
+          <title>An update for mariadb is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-03-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46669" id="CVE-2021-46669" title="CVE-2021-46669" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46661" id="CVE-2021-46661" title="CVE-2021-46661" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46667" id="CVE-2021-46667" title="CVE-2021-46667" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46666" id="CVE-2021-46666" title="CVE-2021-46666" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46662" id="CVE-2021-46662" title="CVE-2021-46662" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46663" id="CVE-2021-46663" title="CVE-2021-46663" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46665" id="CVE-2021-46665" title="CVE-2021-46665" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46664" id="CVE-2021-46664" title="CVE-2021-46664" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46659" id="CVE-2021-46659" title="CVE-2021-46659" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46657" id="CVE-2021-46657" title="CVE-2021-46657" type="cve"></reference>
+          </references>
+          <description>MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.(CVE-2021-46669)MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).(CVE-2021-46661)MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.(CVE-2021-46667)MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.(CVE-2021-46666)MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.(CVE-2021-46662)MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.(CVE-2021-46663)MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.(CVE-2021-46665)MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.(CVE-2021-46664)MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.(CVE-2021-46659)get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.(CVE-2021-46657)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="mariadb" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-config" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-config-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-common" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-test" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-galera" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-backup" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-gssapi-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-errmsg" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-errmsg-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debugsource" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debuginfo" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-oqgraph-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-pam" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-pam-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-rocksdb-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-rocksdb-engine-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mariadb-server-uitls" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-uitls-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-gssapi-server" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-common" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-backup" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-debugsource" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-debuginfo" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-devel" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-errmsg" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-errmsg-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-embedded" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-oqgraph-engine" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-embedded-devel" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-config" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-config-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-server-galera" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-server" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-test" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-pam" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-pam-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-server-utils" release="2.oe1" version="10.5.15">
+                         <filename>mariadb-server-utils-10.5.15-2.oe1.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1587</id>
+          <title>An update for mariadb is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-03-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46669" id="CVE-2021-46669" title="CVE-2021-46669" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46661" id="CVE-2021-46661" title="CVE-2021-46661" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46667" id="CVE-2021-46667" title="CVE-2021-46667" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46666" id="CVE-2021-46666" title="CVE-2021-46666" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46662" id="CVE-2021-46662" title="CVE-2021-46662" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46663" id="CVE-2021-46663" title="CVE-2021-46663" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46665" id="CVE-2021-46665" title="CVE-2021-46665" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46664" id="CVE-2021-46664" title="CVE-2021-46664" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46659" id="CVE-2021-46659" title="CVE-2021-46659" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46657" id="CVE-2021-46657" title="CVE-2021-46657" type="cve"></reference>
+          </references>
+          <description>MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.(CVE-2021-46669) MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).(CVE-2021-46661) MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.(CVE-2021-46667) MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.(CVE-2021-46666) MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.(CVE-2021-46662) MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.(CVE-2021-46663) MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.(CVE-2021-46665) MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.(CVE-2021-46664) MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.(CVE-2021-46659) get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.(CVE-2021-46657)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="mariadb-gssapi-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-errmsg" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-errmsg-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-test" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-oqgraph-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-config" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-config-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-backup" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debugsource" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-common" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debuginfo" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-galera" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-utils" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-utils-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-rocksdb-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-rocksdb-engine-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-pam" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-pam-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-common" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-oqgraph-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-backup" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-test" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-gssapi-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-config" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-config-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debuginfo" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-errmsg" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-errmsg-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debugsource" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server-galera" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-pam" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-pam-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server-utils" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-utils-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1607</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0908" id="CVE-2022-0908" title="CVE-2022-0908" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0907" id="CVE-2022-0907" title="CVE-2022-0907" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0865" id="CVE-2022-0865" title="CVE-2022-0865" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0909" id="CVE-2022-0909" title="CVE-2022-0909" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0924" id="CVE-2022-0924" title="CVE-2022-0924" type="cve"></reference>
+          </references>
+          <description>Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.(CVE-2022-0908)Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.(CVE-2022-0907)Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.(CVE-2022-0865)Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.(CVE-2022-0909)Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.(CVE-2022-0924)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff" release="12.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="12.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="12.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="12.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="12.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="12.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="12.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="12.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="12.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="12.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="12.ule3.oe1" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-12.ule3.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="12.ule3.oe1" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-12.ule3.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="12.ule3.oe1" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-12.ule3.oe1.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1609</id>
+          <title>An update for python-paramiko is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24302" id="CVE-2022-24302" title="CVE-2022-24302" type="cve"></reference>
+          </references>
+          <description>In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.(CVE-2022-24302)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-paramiko-help" release="3.ule3" version="2.8.1">
+                         <filename>python-paramiko-help-2.8.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-paramiko" release="3.ule3" version="2.8.1">
+                         <filename>python3-paramiko-2.8.1-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1609</id>
+          <title>An update for python-paramiko is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24302" id="CVE-2022-24302" title="CVE-2022-24302" type="cve"></reference>
+          </references>
+          <description>In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.(CVE-2022-24302)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-paramiko" release="3.ule3" version="2.8.1">
+                         <filename>python3-paramiko-2.8.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-paramiko-help" release="3.ule3" version="2.8.1">
+                         <filename>python-paramiko-help-2.8.1-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1612</id>
+          <title>An update for openvpn is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0547" id="CVE-2022-0547" title="CVE-2022-0547" type="cve"></reference>
+          </references>
+          <description>OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.(CVE-2022-0547)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="openvpn-help" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-help-2.5.5-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvpn" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-2.5.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvpn-devel" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-devel-2.5.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvpn-debuginfo" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-debuginfo-2.5.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvpn-debugsource" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-debugsource-2.5.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvpn" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-2.5.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvpn-devel" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-devel-2.5.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvpn-debuginfo" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-debuginfo-2.5.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvpn-debugsource" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-debugsource-2.5.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1612</id>
+          <title>An update for openvpn is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0547" id="CVE-2022-0547" title="CVE-2022-0547" type="cve"></reference>
+          </references>
+          <description>OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.(CVE-2022-0547)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openvpn" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-2.5.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvpn-devel" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-devel-2.5.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvpn-debuginfo" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-debuginfo-2.5.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvpn-debugsource" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-debugsource-2.5.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="openvpn-help" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-help-2.5.5-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvpn-debuginfo" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-debuginfo-2.5.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvpn-devel" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-devel-2.5.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvpn" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-2.5.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvpn-debugsource" release="2.ule3" version="2.5.5">
+                         <filename>openvpn-debugsource-2.5.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1613</id>
+          <title>An update for gd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-40145" id="CVE-2021-40145" title="CVE-2021-40145" type="cve"></reference>
+          </references>
+          <description>** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor&amp;apos;s position is &amp;quot;The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.&amp;quot;(CVE-2021-40145)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gd" release="2.ule3" version="2.3.2">
+                         <filename>gd-2.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gd-devel" release="2.ule3" version="2.3.2">
+                         <filename>gd-devel-2.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gd-debuginfo" release="2.ule3" version="2.3.2">
+                         <filename>gd-debuginfo-2.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gd-debugsource" release="2.ule3" version="2.3.2">
+                         <filename>gd-debugsource-2.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gd-devel" release="2.ule3" version="2.3.2">
+                         <filename>gd-devel-2.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gd" release="2.ule3" version="2.3.2">
+                         <filename>gd-2.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gd-debuginfo" release="2.ule3" version="2.3.2">
+                         <filename>gd-debuginfo-2.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gd-debugsource" release="2.ule3" version="2.3.2">
+                         <filename>gd-debugsource-2.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1613</id>
+          <title>An update for gd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-40145" id="CVE-2021-40145" title="CVE-2021-40145" type="cve"></reference>
+          </references>
+          <description>** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor s position is  The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.(CVE-2021-40145)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gd" release="2.ule3" version="2.3.2">
+                         <filename>gd-2.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gd-debugsource" release="2.ule3" version="2.3.2">
+                         <filename>gd-debugsource-2.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gd-devel" release="2.ule3" version="2.3.2">
+                         <filename>gd-devel-2.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gd-debuginfo" release="2.ule3" version="2.3.2">
+                         <filename>gd-debuginfo-2.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gd-progs" release="2.ule3" version="2.3.2">
+                         <filename>gd-progs-2.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gd-debuginfo" release="2.ule3" version="2.3.2">
+                         <filename>gd-debuginfo-2.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gd-debugsource" release="2.ule3" version="2.3.2">
+                         <filename>gd-debugsource-2.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gd-progs" release="2.ule3" version="2.3.2">
+                         <filename>gd-progs-2.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gd-devel" release="2.ule3" version="2.3.2">
+                         <filename>gd-devel-2.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gd" release="2.ule3" version="2.3.2">
+                         <filename>gd-2.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1614</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26966" id="CVE-2022-26966" title="CVE-2022-26966" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27223" id="CVE-2022-27223" title="CVE-2022-27223" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-0854" id="CVE-2021-0854" title="CVE-2021-0854" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.(CVE-2022-26966) In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.(CVE-2022-27223) A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.(CVE-2021-0854)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1614</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26966" id="CVE-2022-26966" title="CVE-2022-26966" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27223" id="CVE-2022-27223" title="CVE-2022-27223" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.(CVE-2022-26966)In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.(CVE-2022-27223)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="bpftool-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.20.0.52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python2-perf" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>python2-perf-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python2-perf-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>python2-perf-debuginfo-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.20.0.52.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.20.0.52.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1615</id>
+          <title>An update for bind is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-25220" id="CVE-2021-25220" title="CVE-2021-25220" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0396" id="CVE-2022-0396" title="CVE-2022-0396" type="cve"></reference>
+          </references>
+          <description>BIND 9.11.0 -&gt; 9.11.36 9.12.0 -&gt; 9.16.26 9.17.0 -&gt; 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -&gt; 9.11.36-S1 9.16.8-S1 -&gt; 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.(CVE-2021-25220) BIND 9.16.11 -&gt; 9.16.26, 9.17.0 -&gt; 9.18.0 and versions 9.16.11-S1 -&gt; 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.(CVE-2022-0396)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="32" arch="aarch64" name="bind-debugsource" release="8.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-utils" release="8.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-libs" release="8.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind" release="8.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-libs-lite" release="8.ule3" version="9.16.23">
+                         <filename>bind-libs-lite-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-chroot" release="8.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-export-libs" release="8.ule3" version="9.16.23">
+                         <filename>bind-export-libs-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-export-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-export-devel-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11" release="8.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="python3-bind" release="8.ule3" version="9.16.23">
+                         <filename>python3-bind-9.16.23-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-debuginfo" release="8.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debuginfo" release="8.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-export-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-export-devel-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-chroot" release="8.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-utils" release="8.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debugsource" release="8.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-libs" release="8.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-libs-lite" release="8.ule3" version="9.16.23">
+                         <filename>bind-libs-lite-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind" release="8.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-export-libs" release="8.ule3" version="9.16.23">
+                         <filename>bind-export-libs-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11" release="8.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1615</id>
+          <title>An update for bind is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-25220" id="CVE-2021-25220" title="CVE-2021-25220" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0396" id="CVE-2022-0396" title="CVE-2022-0396" type="cve"></reference>
+          </references>
+          <description>BIND 9.11.0 -&amp;gt; 9.11.36 9.12.0 -&amp;gt; 9.16.26 9.17.0 -&amp;gt; 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -&amp;gt; 9.11.36-S1 9.16.8-S1 -&amp;gt; 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.(CVE-2021-25220)BIND 9.16.11 -&gt; 9.16.26, 9.17.0 -&gt; 9.18.0 and versions 9.16.11-S1 -&gt; 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.(CVE-2022-0396)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="32" arch="aarch64" name="bind-debugsource" release="8.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-utils" release="8.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-libs" release="8.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind" release="8.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-libs-lite" release="8.ule3" version="9.16.23">
+                         <filename>bind-libs-lite-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-chroot" release="8.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-export-libs" release="8.ule3" version="9.16.23">
+                         <filename>bind-export-libs-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-export-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-export-devel-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11" release="8.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-debuginfo" release="8.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="python3-bind" release="8.ule3" version="9.16.23">
+                         <filename>python3-bind-9.16.23-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debuginfo" release="8.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-export-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-export-devel-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-chroot" release="8.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-utils" release="8.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debugsource" release="8.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-libs" release="8.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-libs-lite" release="8.ule3" version="9.16.23">
+                         <filename>bind-libs-lite-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-devel" release="8.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind" release="8.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-export-libs" release="8.ule3" version="9.16.23">
+                         <filename>bind-export-libs-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11" release="8.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1616</id>
+          <title>An update for mariadb is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46658" id="CVE-2021-46658" title="CVE-2021-46658" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46668" id="CVE-2021-46668" title="CVE-2021-46668" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24051" id="CVE-2022-24051" title="CVE-2022-24051" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24050" id="CVE-2022-24050" title="CVE-2022-24050" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24048" id="CVE-2022-24048" title="CVE-2022-24048" type="cve"></reference>
+          </references>
+          <description>save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.(CVE-2021-46658) MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.(CVE-2021-46668) MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.(CVE-2022-24051) MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.(CVE-2022-24050) MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.(CVE-2022-24048)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="mariadb-gssapi-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-errmsg" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-errmsg-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-test" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-oqgraph-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-config" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-config-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-backup" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debugsource" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-common" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debuginfo" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-galera" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-utils" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-utils-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-rocksdb-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-rocksdb-engine-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-pam" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-pam-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-common" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-oqgraph-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-backup" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-test" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-gssapi-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-config" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-config-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debuginfo" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-errmsg" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-errmsg-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debugsource" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server-galera" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-pam" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-pam-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server-utils" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-utils-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1616</id>
+          <title>An update for mariadb is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46658" id="CVE-2021-46658" title="CVE-2021-46658" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46668" id="CVE-2021-46668" title="CVE-2021-46668" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24051" id="CVE-2022-24051" title="CVE-2022-24051" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24050" id="CVE-2022-24050" title="CVE-2022-24050" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24048" id="CVE-2022-24048" title="CVE-2022-24048" type="cve"></reference>
+          </references>
+          <description>save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=True for a subquery.(CVE-2021-46658)MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.(CVE-2021-46668)MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.(CVE-2022-24051)MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.(CVE-2022-24050)MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.(CVE-2022-24048)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="mariadb" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-config" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-config-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-common" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-test" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-galera" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-backup" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-gssapi-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-errmsg" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-errmsg-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debugsource" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debuginfo" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-oqgraph-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-pam" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-pam-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-rocksdb-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-rocksdb-engine-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-utils" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-utils-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-gssapi-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-common" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-backup" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debugsource" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debuginfo" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-errmsg" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-errmsg-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-oqgraph-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-config" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-config-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server-galera" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-test" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-pam" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-pam-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server-utils" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-utils-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1618</id>
+          <title>An update for squid is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-28116" id="CVE-2021-28116" title="CVE-2021-28116" type="cve"></reference>
+          </references>
+          <description>Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.(CVE-2021-28116)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="7" arch="aarch64" name="squid" release="13.ule3" version="4.9">
+                         <filename>squid-4.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debuginfo" release="13.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debugsource" release="13.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid" release="13.ule3" version="4.9">
+                         <filename>squid-4.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debuginfo" release="13.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debugsource" release="13.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1618</id>
+          <title>An update for squid is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-28116" id="CVE-2021-28116" title="CVE-2021-28116" type="cve"></reference>
+          </references>
+          <description> Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.(CVE-2021-28116)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="7" arch="aarch64" name="squid" release="13.ule3" version="4.9">
+                         <filename>squid-4.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debuginfo" release="13.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debugsource" release="13.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid" release="13.ule3" version="4.9">
+                         <filename>squid-4.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debuginfo" release="13.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debugsource" release="13.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1619</id>
+          <title>An update for mariadb is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24052" id="CVE-2022-24052" title="CVE-2022-24052" type="cve"></reference>
+          </references>
+          <description>MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.(CVE-2022-24052)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="mariadb" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-config" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-config-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-common" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-test" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-galera" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-backup" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-gssapi-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-errmsg" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-errmsg-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debugsource" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debuginfo" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-oqgraph-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-pam" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-pam-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-rocksdb-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-rocksdb-engine-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-utils" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-utils-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-gssapi-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-common" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-backup" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debugsource" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debuginfo" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-errmsg" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-errmsg-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-oqgraph-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-config" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-config-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server-galera" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-test" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-pam" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-pam-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server-utils" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-utils-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1619</id>
+          <title>An update for mariadb is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24052" id="CVE-2022-24052" title="CVE-2022-24052" type="cve"></reference>
+          </references>
+          <description>MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.(CVE-2022-24052)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="mariadb-debuginfo" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-test" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mariadb-cracklib" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-cracklib-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-galera" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-common" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-oqgraph-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mariadb-errmessage" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-errmessage-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-backup" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debugsource" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-gssapi-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-common" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-common-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-devel-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debuginfo" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debuginfo-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-cracklib" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-cracklib-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debugsource" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-debugsource-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-gssapi-server" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-gssapi-server-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-oqgraph-engine" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-oqgraph-engine-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-test" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-test-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server-galera" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-server-galera-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded-devel" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-devel-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-errmessage" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-errmessage-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-embedded-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-backup" release="2.ule3" version="10.5.15">
+                         <filename>mariadb-backup-10.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1621</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27666" id="CVE-2022-27666" title="CVE-2022-27666" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-39698" id="CVE-2021-39698" title="CVE-2021-39698" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1198" id="CVE-2022-1198" title="CVE-2022-1198" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28390" id="CVE-2022-28390" title="CVE-2022-28390" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1016" id="CVE-2022-1016" title="CVE-2022-1016" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-39713" id="CVE-2021-39713" title="CVE-2021-39713" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1055" id="CVE-2022-1055" title="CVE-2022-1055" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23039" id="CVE-2022-23039" title="CVE-2022-23039" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23040" id="CVE-2022-23040" title="CVE-2022-23040" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23041" id="CVE-2022-23041" title="CVE-2022-23041" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23042" id="CVE-2022-23042" title="CVE-2022-23042" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28893" id="CVE-2022-28893" title="CVE-2022-28893" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20009" id="CVE-2022-20009" title="CVE-2022-20009" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26142" id="CVE-2020-26142" title="CVE-2020-26142" type="cve"></reference>
+          </references>
+          <description>A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.(CVE-2022-27666)In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel(CVE-2021-39698)Vulnerability Summary for CVE-2022-1198.(CVE-2022-1198)ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.(CVE-2022-28390)A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle return with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.(CVE-2022-1016)Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel.(CVE-2021-39713)A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5.(CVE-2022-1055)Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23039)Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23040)Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23041)Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23042)The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.(CVE-2022-28893)In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel(CVE-2022-20009)An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.(CVE-2020-26142)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python2-perf" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>python2-perf-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python2-perf-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>python2-perf-debuginfo-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1621</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1198" id="CVE-2022-1198" title="CVE-2022-1198" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27666" id="CVE-2022-27666" title="CVE-2022-27666" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-39698" id="CVE-2021-39698" title="CVE-2021-39698" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28390" id="CVE-2022-28390" title="CVE-2022-28390" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1016" id="CVE-2022-1016" title="CVE-2022-1016" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-1055" id="CVE-2021-1055" title="CVE-2021-1055" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23039" id="CVE-2022-23039" title="CVE-2022-23039" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23040" id="CVE-2022-23040" title="CVE-2022-23040" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23041" id="CVE-2022-23041" title="CVE-2022-23041" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23042" id="CVE-2022-23042" title="CVE-2022-23042" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28893" id="CVE-2022-28893" title="CVE-2022-28893" type="cve"></reference>
+          </references>
+          <description>A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.(CVE-2022-27666) In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel(CVE-2021-39698) Vulnerability Summary for CVE-2022-1198.(CVE-2022-1198) ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.(CVE-2022-28390) A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle return with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.(CVE-2022-1016) A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5.(CVE-2022-1055) Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23039) Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23040) Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23041) Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23042) The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.(CVE-2022-28893)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-headers" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.27.0.57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.27.0.57.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.27.0.57.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1622</id>
+          <title>An update for tomcat is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-41079" id="CVE-2021-41079" title="CVE-2021-41079" type="cve"></reference>
+          </references>
+          <description>Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.(CVE-2021-41079)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="tomcat" release="26.ule3" version="9.0.10">
+                         <filename>tomcat-9.0.10-26.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat-help" release="26.ule3" version="9.0.10">
+                         <filename>tomcat-help-9.0.10-26.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat-jsvc" release="26.ule3" version="9.0.10">
+                         <filename>tomcat-jsvc-9.0.10-26.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1622</id>
+          <title>An update for tomcat is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-41079" id="CVE-2021-41079" title="CVE-2021-41079" type="cve"></reference>
+          </references>
+          <description>Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.(CVE-2021-41079)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="tomcat" release="26.ule3" version="9.0.10">
+                         <filename>tomcat-9.0.10-26.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat-help" release="26.ule3" version="9.0.10">
+                         <filename>tomcat-help-9.0.10-26.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat-jsvc" release="26.ule3" version="9.0.10">
+                         <filename>tomcat-jsvc-9.0.10-26.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1623</id>
+          <title>An update for varnish is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23959" id="CVE-2022-23959" title="CVE-2022-23959" type="cve"></reference>
+          </references>
+          <description>In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections(CVE-2022-23959)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="varnish" release="5.ule3" version="7.0.1">
+                         <filename>varnish-7.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debuginfo" release="5.ule3" version="7.0.1">
+                         <filename>varnish-debuginfo-7.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debugsource" release="5.ule3" version="7.0.1">
+                         <filename>varnish-debugsource-7.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-devel" release="5.ule3" version="7.0.1">
+                         <filename>varnish-devel-7.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="varnish-help" release="5.ule3" version="7.0.1">
+                         <filename>varnish-help-7.0.1-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish" release="5.ule3" version="7.0.1">
+                         <filename>varnish-7.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debuginfo" release="5.ule3" version="7.0.1">
+                         <filename>varnish-debuginfo-7.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debugsource" release="5.ule3" version="7.0.1">
+                         <filename>varnish-debugsource-7.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-devel" release="5.ule3" version="7.0.1">
+                         <filename>varnish-devel-7.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1623</id>
+          <title>An update for varnish is now available for openEuler-20.03-LTS-SP1</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23959" id="CVE-2022-23959" title="CVE-2022-23959" type="cve"></reference>
+          </references>
+          <description>In Varnish Cache before 7.0.1 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections(CVE-2022-23959)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="varnish-help" release="5.ule3" version="7.0.1">
+                         <filename>varnish-help-7.0.1-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish" release="5.ule3" version="7.0.1">
+                         <filename>varnish-7.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debuginfo" release="5.ule3" version="7.0.1">
+                         <filename>varnish-debuginfo-7.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debugsource" release="5.ule3" version="7.0.1">
+                         <filename>varnish-debugsource-7.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-devel" release="5.ule3" version="7.0.1">
+                         <filename>varnish-devel-7.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish" release="5.ule3" version="7.0.1">
+                         <filename>varnish-7.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debuginfo" release="5.ule3" version="7.0.1">
+                         <filename>varnish-debuginfo-7.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debugsource" release="5.ule3" version="7.0.1">
+                         <filename>varnish-debugsource-7.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-devel" release="5.ule3" version="7.0.1">
+                         <filename>varnish-devel-7.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1624</id>
+          <title>An update for busybox is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391" id="CVE-2022-28391" title="CVE-2022-28391" type="cve"></reference>
+          </references>
+          <description>BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record s value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal s colors.(CVE-2022-28391)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="busybox" release="14.ule3" version="1.31.1">
+                         <filename>busybox-1.31.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="busybox-debuginfo" release="14.ule3" version="1.31.1">
+                         <filename>busybox-debuginfo-1.31.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="busybox-debugsource" release="14.ule3" version="1.31.1">
+                         <filename>busybox-debugsource-1.31.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="busybox-help" release="14.ule3" version="1.31.1">
+                         <filename>busybox-help-1.31.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="busybox-petitboot" release="14.ule3" version="1.31.1">
+                         <filename>busybox-petitboot-1.31.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="busybox" release="14.ule3" version="1.31.1">
+                         <filename>busybox-1.31.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="busybox-debuginfo" release="14.ule3" version="1.31.1">
+                         <filename>busybox-debuginfo-1.31.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="busybox-debugsource" release="14.ule3" version="1.31.1">
+                         <filename>busybox-debugsource-1.31.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="busybox-help" release="14.ule3" version="1.31.1">
+                         <filename>busybox-help-1.31.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="busybox-petitboot" release="14.ule3" version="1.31.1">
+                         <filename>busybox-petitboot-1.31.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1624</id>
+          <title>An update for busybox is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391" id="CVE-2022-28391" title="CVE-2022-28391" type="cve"></reference>
+          </references>
+          <description>BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record s value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal s colors.(CVE-2022-28391)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="busybox" release="14.ule3" version="1.34.1">
+                         <filename>busybox-1.34.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="busybox-debuginfo" release="14.ule3" version="1.34.1">
+                         <filename>busybox-debuginfo-1.34.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="busybox-debugsource" release="14.ule3" version="1.34.1">
+                         <filename>busybox-debugsource-1.34.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="busybox-help" release="14.ule3" version="1.34.1">
+                         <filename>busybox-help-1.34.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="" name="busybox-petitboot" release="14.ule3.aarch64" version="1.34.1">
+                         <filename>busybox-petitboot-1.34.1-14.ule3.aarch64.rpm </filename>
+                    </package>
+                    <package arch="x86_64" name="busybox" release="14.ule3" version="1.34.1">
+                         <filename>busybox-1.34.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="busybox-debuginfo" release="14.ule3" version="1.34.1">
+                         <filename>busybox-debuginfo-1.34.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="busybox-debugsource" release="14.ule3" version="1.34.1">
+                         <filename>busybox-debugsource-1.34.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="busybox-help" release="14.ule3" version="1.34.1">
+                         <filename>busybox-help-1.34.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="" name="busybox-petitboot" release="14.ule3.x86_64" version="1.34.1">
+                         <filename>busybox-petitboot-1.34.1-14.ule3.x86_64.rpm </filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1625</id>
+          <title>An update for xerces-j2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23437" id="CVE-2022-23437" title="CVE-2022-23437" type="cve"></reference>
+          </references>
+          <description>There s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.(CVE-2022-23437)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="xerces-j2" release="1.ule3" version="2.12.2">
+                         <filename>xerces-j2-2.12.2-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="" name="xerces-j2-help" release="1.ule3.noarch" version="2.12.2">
+                         <filename>xerces-j2-help-2.12.2-1.ule3.noarch.rpm </filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1625</id>
+          <title>An update for xerces-j2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-04-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23437" id="CVE-2022-23437" title="CVE-2022-23437" type="cve"></reference>
+          </references>
+          <description>There s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.(CVE-2022-23437)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="xerces-j2" release="1.ule3" version="2.12.2">
+                         <filename>xerces-j2-2.12.2-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xerces-j2-help" release="1.ule3" version="2.12.2">
+                         <filename>xerces-j2-help-2.12.2-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1626</id>
+          <title>An update for cifs-utils is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29869" id="CVE-2022-29869" title="CVE-2022-29869" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27239" id="CVE-2022-27239" title="CVE-2022-27239" type="cve"></reference>
+          </references>
+          <description>cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.(CVE-2022-29869)In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.(CVE-2022-27239)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="cifs-utils" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cifs-utils-debuginfo" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-debuginfo-6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cifs-utils-debugsource" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-debugsource-6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cifs-utils-devel" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-devel-6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cifs-utils-help" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-help-6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cifs-utils" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cifs-utils-debuginfo" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-debuginfo-6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cifs-utils-debugsource" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-debugsource-6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cifs-utils-devel" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-devel-6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cifs-utils-help" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-help-6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1626</id>
+          <title>An update for cifs-utils is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29869" id="CVE-2022-29869" title="CVE-2022-29869" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27239" id="CVE-2022-27239" title="CVE-2022-27239" type="cve"></reference>
+          </references>
+          <description>cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.(CVE-2022-29869) In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.(CVE-2022-27239)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="cifs-utils" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cifs-utils-debuginfo" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-debuginfo-6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cifs-utils-debugsource" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-debugsource-6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cifs-utils-devel" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-devel-6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cifs-utils-help" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-help-6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cifs-utils" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cifs-utils-debuginfo" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-debuginfo-6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cifs-utils-debugsource" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-debugsource-6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cifs-utils-devel" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-devel-6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cifs-utils-help" release="3.ule3" version="6.14">
+                         <filename>cifs-utils-help-6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1627</id>
+          <title>An update for epiphany is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45085" id="CVE-2021-45085" title="CVE-2021-45085" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45086" id="CVE-2021-45086" title="CVE-2021-45086" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45087" id="CVE-2021-45087" title="CVE-2021-45087" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45088" id="CVE-2021-45088" title="CVE-2021-45088" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29536" id="CVE-2022-29536" title="CVE-2022-29536" type="cve"></reference>
+          </references>
+          <description>XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.(CVE-2021-45085)XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server s suggested_filename is used as the pdf_name value in PDF.js.(CVE-2021-45086)XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.(CVE-2021-45087)XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.(CVE-2021-45088)In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.(CVE-2022-29536)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="epiphany" release="1.ule3" version="40.6">
+                         <filename>epiphany-40.6-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="epiphany-debuginfo" release="1.ule3" version="40.6">
+                         <filename>epiphany-debuginfo-40.6-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="epiphany-debugsource" release="1.ule3" version="40.6">
+                         <filename>epiphany-debugsource-40.6-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="epiphany-runtime" release="1.ule3" version="40.6">
+                         <filename>epiphany-runtime-40.6-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany" release="1.ule3" version="40.6">
+                         <filename>epiphany-40.6-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany-debuginfo" release="1.ule3" version="40.6">
+                         <filename>epiphany-debuginfo-40.6-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany-debugsource" release="1.ule3" version="40.6">
+                         <filename>epiphany-debugsource-40.6-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany-runtime" release="1.ule3" version="40.6">
+                         <filename>epiphany-runtime-40.6-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1627</id>
+          <title>An update for epiphany is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45085" id="CVE-2021-45085" title="CVE-2021-45085" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45086" id="CVE-2021-45086" title="CVE-2021-45086" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45087" id="CVE-2021-45087" title="CVE-2021-45087" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45088" id="CVE-2021-45088" title="CVE-2021-45088" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29536" id="CVE-2022-29536" title="CVE-2022-29536" type="cve"></reference>
+          </references>
+          <description>XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.(CVE-2021-45085) XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server s suggested_filename is used as the pdf_name value in PDF.js.(CVE-2021-45086) XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.(CVE-2021-45087) XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.(CVE-2021-45088) In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.(CVE-2022-29536)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="epiphany" release="1.ule3" version="40.6">
+                         <filename>epiphany-40.6-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="epiphany-debuginfo" release="1.ule3" version="40.6">
+                         <filename>epiphany-debuginfo-40.6-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="epiphany-debugsource" release="1.ule3" version="40.6">
+                         <filename>epiphany-debugsource-40.6-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="epiphany-runtime" release="1.ule3" version="40.6">
+                         <filename>epiphany-runtime-40.6-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany" release="1.ule3" version="40.6">
+                         <filename>epiphany-40.6-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany-debuginfo" release="1.ule3" version="40.6">
+                         <filename>epiphany-debuginfo-40.6-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany-debugsource" release="1.ule3" version="40.6">
+                         <filename>epiphany-debugsource-40.6-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany-runtime" release="1.ule3" version="40.6">
+                         <filename>epiphany-runtime-40.6-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1629</id>
+          <title>An update for gzip is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1271" id="CVE-2022-1271" title="CVE-2022-1271" type="cve"></reference>
+          </references>
+          <description>The vulnerability exists due to insufficient validation when handling filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system. The vulnerability allows a remote attacker to compromise an affected system.(CVE-2022-1271)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gzip" release="3.ule3" version="1.11">
+                         <filename>gzip-1.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gzip-debuginfo" release="3.ule3" version="1.11">
+                         <filename>gzip-debuginfo-1.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gzip-debugsource" release="3.ule3" version="1.11">
+                         <filename>gzip-debugsource-1.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gzip-help" release="3.ule3" version="1.11">
+                         <filename>gzip-help-1.11-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gzip" release="3.ule3" version="1.11">
+                         <filename>gzip-1.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gzip-debuginfo" release="3.ule3" version="1.11">
+                         <filename>gzip-debuginfo-1.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gzip-debugsource" release="3.ule3" version="1.11">
+                         <filename>gzip-debugsource-1.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1629</id>
+          <title>An update for gzip is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1271" id="CVE-2022-1271" title="CVE-2022-1271" type="cve"></reference>
+          </references>
+          <description>The vulnerability exists due to insufficient validation when handling filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system. The vulnerability allows a remote attacker to compromise an affected system.(CVE-2022-1271)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gzip" release="3.ule3" version="1.11">
+                         <filename>gzip-1.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gzip-debuginfo" release="3.ule3" version="1.11">
+                         <filename>gzip-debuginfo-1.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gzip-debugsource" release="3.ule3" version="1.11">
+                         <filename>gzip-debugsource-1.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gzip-help" release="3.ule3" version="1.11">
+                         <filename>gzip-help-1.11-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gzip" release="3.ule3" version="1.11">
+                         <filename>gzip-1.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gzip-debuginfo" release="3.ule3" version="1.11">
+                         <filename>gzip-debuginfo-1.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gzip-debugsource" release="3.ule3" version="1.11">
+                         <filename>gzip-debugsource-1.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1630</id>
+          <title>An update for jdom2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33813" id="CVE-2021-33813" title="CVE-2021-33813" type="cve"></reference>
+          </references>
+          <description>An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.(CVE-2021-33813)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="jdom2" release="15.ule3" version="2.0.6">
+                         <filename>jdom2-2.0.6-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jdom2-help" release="15.ule3" version="2.0.6">
+                         <filename>jdom2-help-2.0.6-15.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1630</id>
+          <title>An update for jdom2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33813" id="CVE-2021-33813" title="CVE-2021-33813" type="cve"></reference>
+          </references>
+          <description>An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.(CVE-2021-33813)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="jdom2" release="15.ule3" version="2.0.6">
+                         <filename>jdom2-2.0.6-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jdom2-help" release="15.ule3" version="2.0.6">
+                         <filename>jdom2-help-2.0.6-15.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1631</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1205" id="CVE-2022-1205" title="CVE-2022-1205" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1199" id="CVE-2022-1199" title="CVE-2022-1199" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1353" id="CVE-2022-1353" title="CVE-2022-1353" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23960" id="CVE-2022-23960" title="CVE-2022-23960" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29156" id="CVE-2022-29156" title="CVE-2022-29156" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0500" id="CVE-2022-0500" title="CVE-2022-0500" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23036" id="CVE-2022-23036" title="CVE-2022-23036" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-39686" id="CVE-2021-39686" title="CVE-2021-39686" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0001" id="CVE-2022-0001" title="CVE-2022-0001" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23038" id="CVE-2022-23038" title="CVE-2022-23038" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23037" id="CVE-2022-23037" title="CVE-2022-23037" type="cve"></reference>
+          </references>
+          <description>A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system(CVE-2022-1205)A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.(CVE-2022-1199)A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.(CVE-2022-1353)Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.(CVE-2022-23960)drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.(CVE-2022-29156)A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.(CVE-2022-0500)Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042(CVE-2022-23036)In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel(CVE-2021-39686)Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.(CVE-2022-0001)Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042(CVE-2022-23038)Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042(CVE-2022-23037)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="kernel-debugsource" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1632</id>
+          <title>An update for lua is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28805" id="CVE-2022-28805" title="CVE-2022-28805" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-44647" id="CVE-2021-44647" title="CVE-2021-44647" type="cve"></reference>
+          </references>
+          <description>singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.(CVE-2022-28805) Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.(CVE-2021-44647)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="lua" release="6.ule3" version="5.4.3">
+                         <filename>lua-5.4.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-debuginfo" release="6.ule3" version="5.4.3">
+                         <filename>lua-debuginfo-5.4.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-debugsource" release="6.ule3" version="5.4.3">
+                         <filename>lua-debugsource-5.4.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-devel" release="6.ule3" version="5.4.3">
+                         <filename>lua-devel-5.4.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="lua-help" release="6.ule3" version="5.4.3">
+                         <filename>lua-help-5.4.3-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua" release="6.ule3" version="5.4.3">
+                         <filename>lua-5.4.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-debuginfo" release="6.ule3" version="5.4.3">
+                         <filename>lua-debuginfo-5.4.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-debugsource" release="6.ule3" version="5.4.3">
+                         <filename>lua-debugsource-5.4.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-devel" release="6.ule3" version="5.4.3">
+                         <filename>lua-devel-5.4.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1632</id>
+          <title>An update for lua is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28805" id="CVE-2022-28805" title="CVE-2022-28805" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-44647" id="CVE-2021-44647" title="CVE-2021-44647" type="cve"></reference>
+          </references>
+          <description>singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.(CVE-2022-28805)Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.(CVE-2021-44647)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="lua" release="6.ule3" version="5.4.3">
+                         <filename>lua-5.4.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-debuginfo" release="6.ule3" version="5.4.3">
+                         <filename>lua-debuginfo-5.4.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-debugsource" release="6.ule3" version="5.4.3">
+                         <filename>lua-debugsource-5.4.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-devel" release="6.ule3" version="5.4.3">
+                         <filename>lua-devel-5.4.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="lua-help" release="6.ule3" version="5.4.3">
+                         <filename>lua-help-5.4.3-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua" release="6.ule3" version="5.4.3">
+                         <filename>lua-5.4.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-debuginfo" release="6.ule3" version="5.4.3">
+                         <filename>lua-debuginfo-5.4.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-debugsource" release="6.ule3" version="5.4.3">
+                         <filename>lua-debugsource-5.4.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-devel" release="6.ule3" version="5.4.3">
+                         <filename>lua-devel-5.4.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1633</id>
+          <title>An update for mutt is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1328" id="CVE-2022-1328" title="CVE-2022-1328" type="cve"></reference>
+          </references>
+          <description>Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line.(CVE-2022-1328)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="5" arch="aarch64" name="mutt" release="2.ule3" version="2.1.3">
+                         <filename>mutt-2.1.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="mutt-debuginfo" release="2.ule3" version="2.1.3">
+                         <filename>mutt-debuginfo-2.1.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="mutt-debugsource" release="2.ule3" version="2.1.3">
+                         <filename>mutt-debugsource-2.1.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="noarch" name="mutt-help" release="2.ule3" version="2.1.3">
+                         <filename>mutt-help-2.1.3-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="mutt" release="2.ule3" version="2.1.3">
+                         <filename>mutt-2.1.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="mutt-debuginfo" release="2.ule3" version="2.1.3">
+                         <filename>mutt-debuginfo-2.1.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="mutt-debugsource" release="2.ule3" version="2.1.3">
+                         <filename>mutt-debugsource-2.1.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1633</id>
+          <title>An update for mutt is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1328" id="CVE-2022-1328" title="CVE-2022-1328" type="cve"></reference>
+          </references>
+          <description>Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line.(CVE-2022-1328)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="5" arch="aarch64" name="mutt" release="2.ule3" version="2.1.3">
+                         <filename>mutt-2.1.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="mutt-debuginfo" release="2.ule3" version="2.1.3">
+                         <filename>mutt-debuginfo-2.1.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="mutt-debugsource" release="2.ule3" version="2.1.3">
+                         <filename>mutt-debugsource-2.1.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="noarch" name="mutt-help" release="2.ule3" version="2.1.3">
+                         <filename>mutt-help-2.1.3-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="mutt" release="2.ule3" version="2.1.3">
+                         <filename>mutt-2.1.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="mutt-debuginfo" release="2.ule3" version="2.1.3">
+                         <filename>mutt-debuginfo-2.1.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="mutt-debugsource" release="2.ule3" version="2.1.3">
+                         <filename>mutt-debugsource-2.1.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1634</id>
+          <title>An update for mysql5 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21270" id="CVE-2022-21270" title="CVE-2022-21270" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21303" id="CVE-2022-21303" title="CVE-2022-21303" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21304" id="CVE-2022-21304" title="CVE-2022-21304" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21344" id="CVE-2022-21344" title="CVE-2022-21344" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21367" id="CVE-2022-21367" title="CVE-2022-21367" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35624" id="CVE-2021-35624" title="CVE-2021-35624" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2356" id="CVE-2021-2356" title="CVE-2021-2356" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2011" id="CVE-2021-2011" title="CVE-2021-2011" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2010" id="CVE-2021-2010" title="CVE-2021-2010" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2007" id="CVE-2021-2007" title="CVE-2021-2007" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21270)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21303)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21304)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21344)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21367)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).(CVE-2021-35624)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2021-2356)Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2011)Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).(CVE-2021-2010)Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-2007)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mysql5" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-common" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-common-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-debuginfo" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-debuginfo-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-debugsource" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-debugsource-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-devel" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-devel-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-embedded" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-embedded-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-embedded-devel" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-embedded-devel-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-errmsg" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-errmsg-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-libs" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-libs-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-server" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-server-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-test" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-test-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-common" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-common-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-debuginfo" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-debuginfo-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-debugsource" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-debugsource-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-devel" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-devel-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-embedded" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-embedded-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-embedded-devel" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-embedded-devel-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-errmsg" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-errmsg-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-libs" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-libs-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-server" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-server-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-test" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-test-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1634</id>
+          <title>An update for mysql5 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21270" id="CVE-2022-21270" title="CVE-2022-21270" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21303" id="CVE-2022-21303" title="CVE-2022-21303" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21304" id="CVE-2022-21304" title="CVE-2022-21304" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21344" id="CVE-2022-21344" title="CVE-2022-21344" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21367" id="CVE-2022-21367" title="CVE-2022-21367" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35624" id="CVE-2021-35624" title="CVE-2021-35624" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2356" id="CVE-2021-2356" title="CVE-2021-2356" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21270) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21303) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21304) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21344) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21367) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).(CVE-2021-35624) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2021-2356)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mysql5" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-common" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-common-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-debuginfo" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-debuginfo-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-debugsource" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-debugsource-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-devel" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-devel-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-embedded" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-embedded-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-embedded-devel" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-embedded-devel-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-errmsg" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-errmsg-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-libs" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-libs-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-server" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-server-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-test" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-test-5.7.37-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-common" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-common-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-debuginfo" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-debuginfo-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-debugsource" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-debugsource-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-devel" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-devel-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-embedded" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-embedded-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-embedded-devel" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-embedded-devel-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-errmsg" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-errmsg-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-libs" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-libs-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-server" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-server-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-test" release="1.ule3" version="5.7.37">
+                         <filename>mysql5-test-5.7.37-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1635</id>
+          <title>An update for ncurses is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29458" id="CVE-2022-29458" title="CVE-2022-29458" type="cve"></reference>
+          </references>
+          <description>ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.(CVE-2022-29458)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ncurses" release="3.ule3" version="6.3">
+                         <filename>ncurses-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-debuginfo" release="3.ule3" version="6.3">
+                         <filename>ncurses-debuginfo-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-debugsource" release="3.ule3" version="6.3">
+                         <filename>ncurses-debugsource-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-devel" release="3.ule3" version="6.3">
+                         <filename>ncurses-devel-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-help" release="3.ule3" version="6.3">
+                         <filename>ncurses-help-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-libs" release="3.ule3" version="6.3">
+                         <filename>ncurses-libs-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-compat-libs" release="3.ule3" version="6.3">
+                         <filename>ncurses-compat-libs-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ncurses-base" release="3.ule3" version="6.3">
+                         <filename>ncurses-base-6.3-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses" release="3.ule3" version="6.3">
+                         <filename>ncurses-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-debuginfo" release="3.ule3" version="6.3">
+                         <filename>ncurses-debuginfo-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-debugsource" release="3.ule3" version="6.3">
+                         <filename>ncurses-debugsource-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-devel" release="3.ule3" version="6.3">
+                         <filename>ncurses-devel-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-help" release="3.ule3" version="6.3">
+                         <filename>ncurses-help-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-libs" release="3.ule3" version="6.3">
+                         <filename>ncurses-libs-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-compat-libs" release="3.ule3" version="6.3">
+                         <filename>ncurses-compat-libs-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1635</id>
+          <title>An update for ncurses is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29458" id="CVE-2022-29458" title="CVE-2022-29458" type="cve"></reference>
+          </references>
+          <description>ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.(CVE-2022-29458)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ncurses" release="3.ule3" version="6.3">
+                         <filename>ncurses-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-debuginfo" release="3.ule3" version="6.3">
+                         <filename>ncurses-debuginfo-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-debugsource" release="3.ule3" version="6.3">
+                         <filename>ncurses-debugsource-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-devel" release="3.ule3" version="6.3">
+                         <filename>ncurses-devel-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-help" release="3.ule3" version="6.3">
+                         <filename>ncurses-help-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-libs" release="3.ule3" version="6.3">
+                         <filename>ncurses-libs-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-compat-libs" release="3.ule3" version="6.3">
+                         <filename>ncurses-compat-libs-6.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ncurses-base" release="3.ule3" version="6.3">
+                         <filename>ncurses-base-6.3-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses" release="3.ule3" version="6.3">
+                         <filename>ncurses-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-debuginfo" release="3.ule3" version="6.3">
+                         <filename>ncurses-debuginfo-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-debugsource" release="3.ule3" version="6.3">
+                         <filename>ncurses-debugsource-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-devel" release="3.ule3" version="6.3">
+                         <filename>ncurses-devel-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-help" release="3.ule3" version="6.3">
+                         <filename>ncurses-help-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-libs" release="3.ule3" version="6.3">
+                         <filename>ncurses-libs-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-compat-libs" release="3.ule3" version="6.3">
+                         <filename>ncurses-compat-libs-6.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1636</id>
+          <title>An update for nekohtml is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24839" id="CVE-2022-24839" title="CVE-2022-24839" type="cve"></reference>
+          </references>
+          <description>org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `&gt;= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.(CVE-2022-24839)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nekohtml" release="9.ule3" version="1.9.22">
+                         <filename>nekohtml-1.9.22-9.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1636</id>
+          <title>An update for nekohtml is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24839" id="CVE-2022-24839" title="CVE-2022-24839" type="cve"></reference>
+          </references>
+          <description>org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `&gt;= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.(CVE-2022-24839)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nekohtml" release="9.ule3" version="1.9.22">
+                         <filename>nekohtml-1.9.22-9.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1637</id>
+          <title>An update for nginx is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3618" id="CVE-2021-3618" title="CVE-2021-3618" type="cve"></reference>
+          </references>
+          <description>ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim&#39;s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.(CVE-2021-3618)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="nginx" release="1.ule3" version="1.21.5">
+                         <filename>nginx-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-debuginfo" release="1.ule3" version="1.21.5">
+                         <filename>nginx-debuginfo-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-debugsource" release="1.ule3" version="1.21.5">
+                         <filename>nginx-debugsource-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-mod-http-image-filter" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-image-filter-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-mod-http-perl" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-perl-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-mod-http-xslt-filter" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-xslt-filter-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-mod-mail" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-mail-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-mod-stream" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-stream-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="nginx-all-modules" release="1.ule3" version="1.21.5">
+                         <filename>nginx-all-modules-1.21.5-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="nginx-filesystem" release="1.ule3" version="1.21.5">
+                         <filename>nginx-filesystem-1.21.5-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="nginx-help" release="1.ule3" version="1.21.5">
+                         <filename>nginx-help-1.21.5-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx" release="1.ule3" version="1.21.5">
+                         <filename>nginx-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-debuginfo" release="1.ule3" version="1.21.5">
+                         <filename>nginx-debuginfo-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-debugsource" release="1.ule3" version="1.21.5">
+                         <filename>nginx-debugsource-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-mod-http-image-filter" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-image-filter-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-mod-http-perl" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-perl-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-mod-http-xslt-filter" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-xslt-filter-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-mod-mail" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-mail-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-mod-stream" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-stream-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1637</id>
+          <title>An update for nginx is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3618" id="CVE-2021-3618" title="CVE-2021-3618" type="cve"></reference>
+          </references>
+          <description>ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim&#39;s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.(CVE-2021-3618)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="nginx" release="1.ule3" version="1.21.5">
+                         <filename>nginx-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-debuginfo" release="1.ule3" version="1.21.5">
+                         <filename>nginx-debuginfo-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-debugsource" release="1.ule3" version="1.21.5">
+                         <filename>nginx-debugsource-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-mod-http-image-filter" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-image-filter-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-mod-http-perl" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-perl-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-mod-http-xslt-filter" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-xslt-filter-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-mod-mail" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-mail-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nginx-mod-stream" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-stream-1.21.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="nginx-all-modules" release="1.ule3" version="1.21.5">
+                         <filename>nginx-all-modules-1.21.5-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="nginx-filesystem" release="1.ule3" version="1.21.5">
+                         <filename>nginx-filesystem-1.21.5-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="nginx-help" release="1.ule3" version="1.21.5">
+                         <filename>nginx-help-1.21.5-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx" release="1.ule3" version="1.21.5">
+                         <filename>nginx-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-debuginfo" release="1.ule3" version="1.21.5">
+                         <filename>nginx-debuginfo-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-debugsource" release="1.ule3" version="1.21.5">
+                         <filename>nginx-debugsource-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-mod-http-image-filter" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-image-filter-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-mod-http-perl" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-perl-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-mod-http-xslt-filter" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-xslt-filter-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-mod-mail" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-mail-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nginx-mod-stream" release="1.ule3" version="1.21.5">
+                         <filename>nginx-mod-stream-1.21.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1638</id>
+          <title>An update for nodejs-grunt is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0436" id="CVE-2022-0436" title="CVE-2022-0436" type="cve"></reference>
+          </references>
+          <description>Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.(CVE-2022-0436)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-grunt" release="4.ule3" version="1.0.1">
+                         <filename>nodejs-grunt-1.0.1-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1638</id>
+          <title>An update for nodejs-grunt is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0436" id="CVE-2022-0436" title="CVE-2022-0436" type="cve"></reference>
+          </references>
+          <description>Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.(CVE-2022-0436)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-grunt" release="4.ule3" version="1.0.1">
+                         <filename>nodejs-grunt-1.0.1-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1639</id>
+          <title>An update for OpenEXR is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45942" id="CVE-2021-45942" title="CVE-2021-45942" type="cve"></reference>
+          </references>
+          <description>OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.(CVE-2021-45942)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="OpenEXR" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-3.1.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-debuginfo" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-debuginfo-3.1.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-debugsource" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-debugsource-3.1.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-devel" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-devel-3.1.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-libs" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-libs-3.1.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-3.1.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-debuginfo" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-debuginfo-3.1.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-debugsource" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-debugsource-3.1.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-devel" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-devel-3.1.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-libs" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-libs-3.1.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1639</id>
+          <title>An update for OpenEXR is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45942" id="CVE-2021-45942" title="CVE-2021-45942" type="cve"></reference>
+          </references>
+          <description>OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.(CVE-2021-45942)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="OpenEXR" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-3.1.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-debuginfo" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-debuginfo-3.1.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-debugsource" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-debugsource-3.1.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-devel" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-devel-3.1.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-libs" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-libs-3.1.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-3.1.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-debuginfo" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-debuginfo-3.1.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-debugsource" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-debugsource-3.1.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-devel" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-devel-3.1.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-libs" release="1.ule3" version="3.1.5">
+                         <filename>OpenEXR-libs-3.1.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1641</id>
+          <title>An update for perl-DBI is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2014-10402" id="CVE-2014-10402" title="CVE-2014-10402" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.(CVE-2014-10402)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="perl-DBI" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-1.643-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perl-DBI-debuginfo" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-debuginfo-1.643-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perl-DBI-debugsource" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-debugsource-1.643-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-DBI-help" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-help-1.643-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-DBI" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-1.643-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-DBI-debuginfo" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-debuginfo-1.643-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-DBI-debugsource" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-debugsource-1.643-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1641</id>
+          <title>An update for perl-DBI is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2014-10402" id="CVE-2014-10402" title="CVE-2014-10402" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.(CVE-2014-10402)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="perl-DBI" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-1.643-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perl-DBI-debuginfo" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-debuginfo-1.643-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perl-DBI-debugsource" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-debugsource-1.643-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-DBI-help" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-help-1.643-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-DBI" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-1.643-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-DBI-debuginfo" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-debuginfo-1.643-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-DBI-debugsource" release="3.ule3" version="1.643">
+                         <filename>perl-DBI-debugsource-1.643-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1642</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28346" id="CVE-2022-28346" title="CVE-2022-28346" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28347" id="CVE-2022-28347" title="CVE-2022-28347" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.(CVE-2022-28346)A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.(CVE-2022-28347)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-django-help" release="2.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-Django" release="2.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1642</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28346" id="CVE-2022-28346" title="CVE-2022-28346" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28347" id="CVE-2022-28347" title="CVE-2022-28347" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.(CVE-2022-28346) A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.(CVE-2022-28347)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-django-help" release="2.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-Django" release="2.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1643</id>
+          <title>An update for python-waitress is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24761" id="CVE-2022-24761" title="CVE-2022-24761" type="cve"></reference>
+          </references>
+          <description>Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python&#39;s `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.(CVE-2022-24761)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-waitress" release="3.ule3" version="2.0.0">
+                         <filename>python3-waitress-2.0.0-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1643</id>
+          <title>An update for python-waitress is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24761" id="CVE-2022-24761" title="CVE-2022-24761" type="cve"></reference>
+          </references>
+          <description>Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python&#39;s `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.(CVE-2022-24761)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-waitress" release="3.ule3" version="2.0.0">
+                         <filename>python3-waitress-2.0.0-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1644</id>
+          <title>An update for rubygem-nokogiri is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24836" id="CVE-2022-24836" title="CVE-2022-24836" type="cve"></reference>
+          </references>
+          <description>Nokogiri is an open source XML and HTML library for Ruby. Nokogiri less than v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri &gt;= 1.13.4. There are no known workarounds for this issue.(CVE-2022-24836)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="rubygem-nokogiri" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-1.13.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-nokogiri-debuginfo" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-debuginfo-1.13.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-nokogiri-debugsource" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-debugsource-1.13.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-nokogiri-doc" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-doc-1.13.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-nokogiri" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-1.13.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-nokogiri-debuginfo" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-debuginfo-1.13.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-nokogiri-debugsource" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-debugsource-1.13.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-nokogiri-doc" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-doc-1.13.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1644</id>
+          <title>An update for rubygem-nokogiri is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24836" id="CVE-2022-24836" title="CVE-2022-24836" type="cve"></reference>
+          </references>
+          <description>Nokogiri is an open source XML and HTML library for Ruby. Nokogiri less than v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri &gt;= 1.13.4. There are no known workarounds for this issue.(CVE-2022-24836)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="rubygem-nokogiri" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-1.13.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-nokogiri-debuginfo" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-debuginfo-1.13.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-nokogiri-debugsource" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-debugsource-1.13.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-nokogiri-doc" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-doc-1.13.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-nokogiri" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-1.13.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-nokogiri-debuginfo" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-debuginfo-1.13.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-nokogiri-debugsource" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-debugsource-1.13.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-nokogiri-doc" release="2.ule3" version="1.13.1">
+                         <filename>rubygem-nokogiri-doc-1.13.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1645</id>
+          <title>An update for SDL2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-14409" id="CVE-2020-14409" title="CVE-2020-14409" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-14410" id="CVE-2020-14410" title="CVE-2020-14410" type="cve"></reference>
+          </references>
+          <description>SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.(CVE-2020-14409)SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.(CVE-2020-14410)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="SDL2" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-2.0.12-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2-debuginfo" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-debuginfo-2.0.12-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2-debugsource" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-debugsource-2.0.12-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2-devel" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-devel-2.0.12-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2-static" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-static-2.0.12-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-2.0.12-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-debuginfo" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-debuginfo-2.0.12-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-debugsource" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-debugsource-2.0.12-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-devel" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-devel-2.0.12-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-static" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-static-2.0.12-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1645</id>
+          <title>An update for SDL2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-14409" id="CVE-2020-14409" title="CVE-2020-14409" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-14410" id="CVE-2020-14410" title="CVE-2020-14410" type="cve"></reference>
+          </references>
+          <description>SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.(CVE-2020-14409) SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.(CVE-2020-14410)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="SDL2" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-2.0.12-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2-debuginfo" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-debuginfo-2.0.12-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2-debugsource" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-debugsource-2.0.12-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2-devel" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-devel-2.0.12-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2-static" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-static-2.0.12-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-2.0.12-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-debuginfo" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-debuginfo-2.0.12-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-debugsource" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-debugsource-2.0.12-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-devel" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-devel-2.0.12-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-static" release="4.ule3" version="2.0.12">
+                         <filename>SDL2-static-2.0.12-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1647</id>
+          <title>An update for subversion is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-28544" id="CVE-2021-28544" title="CVE-2021-28544" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24070" id="CVE-2022-24070" title="CVE-2022-24070" type="cve"></reference>
+          </references>
+          <description>Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal copyfrom paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the copyfrom path of the original. This also reveals the fact that the node was copied. Only the copyfrom path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.(CVE-2021-28544)Subversion s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.(CVE-2022-24070)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="perl-subversion" release="2.ule3" version="1.14.1">
+                         <filename>perl-subversion-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-subversion" release="2.ule3" version="1.14.1">
+                         <filename>python3-subversion-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-subversion" release="2.ule3" version="1.14.1">
+                         <filename>ruby-subversion-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="subversion" release="2.ule3" version="1.14.1">
+                         <filename>subversion-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="subversion-debuginfo" release="2.ule3" version="1.14.1">
+                         <filename>subversion-debuginfo-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="subversion-debugsource" release="2.ule3" version="1.14.1">
+                         <filename>subversion-debugsource-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="subversion-devel" release="2.ule3" version="1.14.1">
+                         <filename>subversion-devel-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="subversion-help" release="2.ule3" version="1.14.1">
+                         <filename>subversion-help-1.14.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-subversion" release="2.ule3" version="1.14.1">
+                         <filename>perl-subversion-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-subversion" release="2.ule3" version="1.14.1">
+                         <filename>python3-subversion-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-subversion" release="2.ule3" version="1.14.1">
+                         <filename>ruby-subversion-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="subversion" release="2.ule3" version="1.14.1">
+                         <filename>subversion-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="subversion-debuginfo" release="2.ule3" version="1.14.1">
+                         <filename>subversion-debuginfo-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="subversion-debugsource" release="2.ule3" version="1.14.1">
+                         <filename>subversion-debugsource-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="subversion-devel" release="2.ule3" version="1.14.1">
+                         <filename>subversion-devel-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1647</id>
+          <title>An update for subversion is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-28544" id="CVE-2021-28544" title="CVE-2021-28544" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24070" id="CVE-2022-24070" title="CVE-2022-24070" type="cve"></reference>
+          </references>
+          <description>Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal copyfrom paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the copyfrom path of the original. This also reveals the fact that the node was copied. Only the copyfrom path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.(CVE-2021-28544) Subversion s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.(CVE-2022-24070)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="perl-subversion" release="2.ule3" version="1.14.1">
+                         <filename>perl-subversion-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-subversion" release="2.ule3" version="1.14.1">
+                         <filename>python3-subversion-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-subversion" release="2.ule3" version="1.14.1">
+                         <filename>ruby-subversion-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="subversion" release="2.ule3" version="1.14.1">
+                         <filename>subversion-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="subversion-debuginfo" release="2.ule3" version="1.14.1">
+                         <filename>subversion-debuginfo-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="subversion-debugsource" release="2.ule3" version="1.14.1">
+                         <filename>subversion-debugsource-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="subversion-devel" release="2.ule3" version="1.14.1">
+                         <filename>subversion-devel-1.14.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="subversion-help" release="2.ule3" version="1.14.1">
+                         <filename>subversion-help-1.14.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-subversion" release="2.ule3" version="1.14.1">
+                         <filename>perl-subversion-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-subversion" release="2.ule3" version="1.14.1">
+                         <filename>python3-subversion-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-subversion" release="2.ule3" version="1.14.1">
+                         <filename>ruby-subversion-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="subversion" release="2.ule3" version="1.14.1">
+                         <filename>subversion-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="subversion-debuginfo" release="2.ule3" version="1.14.1">
+                         <filename>subversion-debuginfo-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="subversion-debugsource" release="2.ule3" version="1.14.1">
+                         <filename>subversion-debugsource-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="subversion-devel" release="2.ule3" version="1.14.1">
+                         <filename>subversion-devel-1.14.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1648</id>
+          <title>An update for vte is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2012-2738" id="CVE-2012-2738" title="CVE-2012-2738" type="cve"></reference>
+          </references>
+          <description>The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.(CVE-2012-2738)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="vte" release="4.ule3" version="0.28.2">
+                         <filename>vte-0.28.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="vte-debuginfo" release="4.ule3" version="0.28.2">
+                         <filename>vte-debuginfo-0.28.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="vte-debugsource" release="4.ule3" version="0.28.2">
+                         <filename>vte-debugsource-0.28.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="vte-devel" release="4.ule3" version="0.28.2">
+                         <filename>vte-devel-0.28.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="vte" release="4.ule3" version="0.28.2">
+                         <filename>vte-0.28.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="vte-debuginfo" release="4.ule3" version="0.28.2">
+                         <filename>vte-debuginfo-0.28.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="vte-debugsource" release="4.ule3" version="0.28.2">
+                         <filename>vte-debugsource-0.28.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="vte-devel" release="4.ule3" version="0.28.2">
+                         <filename>vte-devel-0.28.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1648</id>
+          <title>An update for vte is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2012-2738" id="CVE-2012-2738" title="CVE-2012-2738" type="cve"></reference>
+          </references>
+          <description>The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.(CVE-2012-2738)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="vte" release="4.ule3" version="0.28.2">
+                         <filename>vte-0.28.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="vte-debuginfo" release="4.ule3" version="0.28.2">
+                         <filename>vte-debuginfo-0.28.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="vte-debugsource" release="4.ule3" version="0.28.2">
+                         <filename>vte-debugsource-0.28.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="vte-devel" release="4.ule3" version="0.28.2">
+                         <filename>vte-devel-0.28.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="vte" release="4.ule3" version="0.28.2">
+                         <filename>vte-0.28.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="vte-debuginfo" release="4.ule3" version="0.28.2">
+                         <filename>vte-debuginfo-0.28.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="vte-debugsource" release="4.ule3" version="0.28.2">
+                         <filename>vte-debugsource-0.28.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="vte-devel" release="4.ule3" version="0.28.2">
+                         <filename>vte-devel-0.28.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1649</id>
+          <title>An update for xmlgraphics-commons is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-11988" id="CVE-2020-11988" title="CVE-2020-11988" type="cve"></reference>
+          </references>
+          <description>Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.(CVE-2020-11988)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="xmlgraphics-commons" release="4.ule3" version="2.2">
+                         <filename>xmlgraphics-commons-2.2-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1649</id>
+          <title>An update for xmlgraphics-commons is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-11988" id="CVE-2020-11988" title="CVE-2020-11988" type="cve"></reference>
+          </references>
+          <description>Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.(CVE-2020-11988)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="xmlgraphics-commons" release="4.ule3" version="2.2">
+                         <filename>xmlgraphics-commons-2.2-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1650</id>
+          <title>An update for xz is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1271" id="CVE-2022-1271" title="CVE-2022-1271" type="cve"></reference>
+          </references>
+          <description>The vulnerability exists due to insufficient validation when handling filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system. The vulnerability allows a remote attacker to compromise an affected system.(CVE-2022-1271)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xz" release="2.ule3" version="5.2.5">
+                         <filename>xz-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xz-debuginfo" release="2.ule3" version="5.2.5">
+                         <filename>xz-debuginfo-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xz-debugsource" release="2.ule3" version="5.2.5">
+                         <filename>xz-debugsource-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xz-devel" release="2.ule3" version="5.2.5">
+                         <filename>xz-devel-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xz-libs" release="2.ule3" version="5.2.5">
+                         <filename>xz-libs-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xz-lzma-compat" release="2.ule3" version="5.2.5">
+                         <filename>xz-lzma-compat-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xz-help" release="2.ule3" version="5.2.5">
+                         <filename>xz-help-5.2.5-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz" release="2.ule3" version="5.2.5">
+                         <filename>xz-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz-debuginfo" release="2.ule3" version="5.2.5">
+                         <filename>xz-debuginfo-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz-debugsource" release="2.ule3" version="5.2.5">
+                         <filename>xz-debugsource-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz-devel" release="2.ule3" version="5.2.5">
+                         <filename>xz-devel-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz-libs" release="2.ule3" version="5.2.5">
+                         <filename>xz-libs-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz-lzma-compat" release="2.ule3" version="5.2.5">
+                         <filename>xz-lzma-compat-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1650</id>
+          <title>An update for xz is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1271" id="CVE-2022-1271" title="CVE-2022-1271" type="cve"></reference>
+          </references>
+          <description>The vulnerability exists due to insufficient validation when handling filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system. The vulnerability allows a remote attacker to compromise an affected system.(CVE-2022-1271)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xz" release="2.ule3" version="5.2.5">
+                         <filename>xz-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xz-debuginfo" release="2.ule3" version="5.2.5">
+                         <filename>xz-debuginfo-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xz-debugsource" release="2.ule3" version="5.2.5">
+                         <filename>xz-debugsource-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xz-devel" release="2.ule3" version="5.2.5">
+                         <filename>xz-devel-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xz-libs" release="2.ule3" version="5.2.5">
+                         <filename>xz-libs-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xz-lzma-compat" release="2.ule3" version="5.2.5">
+                         <filename>xz-lzma-compat-5.2.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xz-help" release="2.ule3" version="5.2.5">
+                         <filename>xz-help-5.2.5-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz" release="2.ule3" version="5.2.5">
+                         <filename>xz-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz-debuginfo" release="2.ule3" version="5.2.5">
+                         <filename>xz-debuginfo-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz-debugsource" release="2.ule3" version="5.2.5">
+                         <filename>xz-debugsource-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz-devel" release="2.ule3" version="5.2.5">
+                         <filename>xz-devel-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz-libs" release="2.ule3" version="5.2.5">
+                         <filename>xz-libs-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xz-lzma-compat" release="2.ule3" version="5.2.5">
+                         <filename>xz-lzma-compat-5.2.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1651</id>
+          <title>An update for zlib is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032" id="CVE-2018-25032" title="CVE-2018-25032" type="cve"></reference>
+          </references>
+          <description>zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.(CVE-2018-25032)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="zlib" release="20.ule3" version="1.2.11">
+                         <filename>zlib-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib-debuginfo" release="20.ule3" version="1.2.11">
+                         <filename>zlib-debuginfo-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib-debugsource" release="20.ule3" version="1.2.11">
+                         <filename>zlib-debugsource-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib-devel" release="20.ule3" version="1.2.11">
+                         <filename>zlib-devel-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="minizip" release="20.ule3" version="1.2.11">
+                         <filename>minizip-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="minizip-devel" release="20.ule3" version="1.2.11">
+                         <filename>minizip-devel-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="zlib-help" release="20.ule3" version="1.2.11">
+                         <filename>zlib-help-1.2.11-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib" release="20.ule3" version="1.2.11">
+                         <filename>zlib-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-debuginfo" release="20.ule3" version="1.2.11">
+                         <filename>zlib-debuginfo-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-debugsource" release="20.ule3" version="1.2.11">
+                         <filename>zlib-debugsource-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-devel" release="20.ule3" version="1.2.11">
+                         <filename>zlib-devel-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="minizip" release="20.ule3" version="1.2.11">
+                         <filename>minizip-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="minizip-devel" release="20.ule3" version="1.2.11">
+                         <filename>minizip-devel-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1651</id>
+          <title>An update for zlib is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032" id="CVE-2018-25032" title="CVE-2018-25032" type="cve"></reference>
+          </references>
+          <description>zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.(CVE-2018-25032)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="minizip" release="20.ule3" version="1.2.11">
+                         <filename>minizip-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="minizip-devel" release="20.ule3" version="1.2.11">
+                         <filename>minizip-devel-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib" release="20.ule3" version="1.2.11">
+                         <filename>zlib-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib-debuginfo" release="20.ule3" version="1.2.11">
+                         <filename>zlib-debuginfo-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib-debugsource" release="20.ule3" version="1.2.11">
+                         <filename>zlib-debugsource-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib-devel" release="20.ule3" version="1.2.11">
+                         <filename>zlib-devel-1.2.11-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="zlib-help" release="20.ule3" version="1.2.11">
+                         <filename>zlib-help-1.2.11-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="minizip" release="20.ule3" version="1.2.11">
+                         <filename>minizip-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="minizip-devel" release="20.ule3" version="1.2.11">
+                         <filename>minizip-devel-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib" release="20.ule3" version="1.2.11">
+                         <filename>zlib-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-debuginfo" release="20.ule3" version="1.2.11">
+                         <filename>zlib-debuginfo-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-debugsource" release="20.ule3" version="1.2.11">
+                         <filename>zlib-debugsource-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-devel" release="20.ule3" version="1.2.11">
+                         <filename>zlib-devel-1.2.11-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1653</id>
+          <title>An update for python3 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2015-20107" id="CVE-2015-20107" title="CVE-2015-20107" type="cve"></reference>
+          </references>
+          <description>In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).(CVE-2015-20107)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3" release="8.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debuginfo" release="8.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debugsource" release="8.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-devel" release="8.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debug" release="8.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unversioned-command" release="8.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-help" release="8.ule3" version="3.9.9">
+                         <filename>python3-help-3.9.9-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3" release="8.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debuginfo" release="8.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debugsource" release="8.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-devel" release="8.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debug" release="8.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unversioned-command" release="8.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1653</id>
+          <title>An update for python3 is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2015-20107" id="CVE-2015-20107" title="CVE-2015-20107" type="cve"></reference>
+          </references>
+          <description>In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).(CVE-2015-20107)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-debug" release="8.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debuginfo" release="8.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-devel" release="8.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3" release="8.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debugsource" release="8.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unversioned-command" release="8.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-help" release="8.ule3" version="3.9.9">
+                         <filename>python3-help-3.9.9-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debug" release="8.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debuginfo" release="8.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-devel" release="8.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3" release="8.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debugsource" release="8.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unversioned-command" release="8.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1654</id>
+          <title>An update for openldap is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29155" id="CVE-2022-29155" title="CVE-2022-29155" type="cve"></reference>
+          </references>
+          <description>In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.(CVE-2022-29155)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openldap" release="3.ule3" version="2.6.0">
+                         <filename>openldap-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-debuginfo" release="3.ule3" version="2.6.0">
+                         <filename>openldap-debuginfo-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-debugsource" release="3.ule3" version="2.6.0">
+                         <filename>openldap-debugsource-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-devel" release="3.ule3" version="2.6.0">
+                         <filename>openldap-devel-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-clients" release="3.ule3" version="2.6.0">
+                         <filename>openldap-clients-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-servers" release="3.ule3" version="2.6.0">
+                         <filename>openldap-servers-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="openldap-help" release="3.ule3" version="2.6.0">
+                         <filename>openldap-help-2.6.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap" release="3.ule3" version="2.6.0">
+                         <filename>openldap-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-debuginfo" release="3.ule3" version="2.6.0">
+                         <filename>openldap-debuginfo-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-debugsource" release="3.ule3" version="2.6.0">
+                         <filename>openldap-debugsource-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-devel" release="3.ule3" version="2.6.0">
+                         <filename>openldap-devel-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-clients" release="3.ule3" version="2.6.0">
+                         <filename>openldap-clients-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-servers" release="3.ule3" version="2.6.0">
+                         <filename>openldap-servers-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1654</id>
+          <title>An update for openldap is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29155" id="CVE-2022-29155" title="CVE-2022-29155" type="cve"></reference>
+          </references>
+          <description>In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.(CVE-2022-29155)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openldap" release="3.ule3" version="2.6.0">
+                         <filename>openldap-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-debuginfo" release="3.ule3" version="2.6.0">
+                         <filename>openldap-debuginfo-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-debugsource" release="3.ule3" version="2.6.0">
+                         <filename>openldap-debugsource-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-devel" release="3.ule3" version="2.6.0">
+                         <filename>openldap-devel-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-clients" release="3.ule3" version="2.6.0">
+                         <filename>openldap-clients-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-servers" release="3.ule3" version="2.6.0">
+                         <filename>openldap-servers-2.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="openldap-help" release="3.ule3" version="2.6.0">
+                         <filename>openldap-help-2.6.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap" release="3.ule3" version="2.6.0">
+                         <filename>openldap-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-debuginfo" release="3.ule3" version="2.6.0">
+                         <filename>openldap-debuginfo-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-debugsource" release="3.ule3" version="2.6.0">
+                         <filename>openldap-debugsource-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-devel" release="3.ule3" version="2.6.0">
+                         <filename>openldap-devel-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-clients" release="3.ule3" version="2.6.0">
+                         <filename>openldap-clients-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-servers" release="3.ule3" version="2.6.0">
+                         <filename>openldap-servers-2.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1655</id>
+          <title>An update for freetype is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27404" id="CVE-2022-27404" title="CVE-2022-27404" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27405" id="CVE-2022-27405" title="CVE-2022-27405" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27406" id="CVE-2022-27406" title="CVE-2022-27406" type="cve"></reference>
+          </references>
+          <description>FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.(CVE-2022-27404)FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.(CVE-2022-27405)FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.(CVE-2022-27406)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="freetype" release="2.ule3" version="2.11.0">
+                         <filename>freetype-2.11.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-debuginfo" release="2.ule3" version="2.11.0">
+                         <filename>freetype-debuginfo-2.11.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-debugsource" release="2.ule3" version="2.11.0">
+                         <filename>freetype-debugsource-2.11.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-devel" release="2.ule3" version="2.11.0">
+                         <filename>freetype-devel-2.11.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-demos" release="2.ule3" version="2.11.0">
+                         <filename>freetype-demos-2.11.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="freetype-help" release="2.ule3" version="2.11.0">
+                         <filename>freetype-help-2.11.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype" release="2.ule3" version="2.11.0">
+                         <filename>freetype-2.11.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-debuginfo" release="2.ule3" version="2.11.0">
+                         <filename>freetype-debuginfo-2.11.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-debugsource" release="2.ule3" version="2.11.0">
+                         <filename>freetype-debugsource-2.11.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-devel" release="2.ule3" version="2.11.0">
+                         <filename>freetype-devel-2.11.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-demos" release="2.ule3" version="2.11.0">
+                         <filename>freetype-demos-2.11.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1655</id>
+          <title>An update for freetype is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27404" id="CVE-2022-27404" title="CVE-2022-27404" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27405" id="CVE-2022-27405" title="CVE-2022-27405" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27406" id="CVE-2022-27406" title="CVE-2022-27406" type="cve"></reference>
+          </references>
+          <description>FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.(CVE-2022-27404) FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.(CVE-2022-27405) FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.(CVE-2022-27406)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="freetype" release="2.ule3" version="2.11.0">
+                         <filename>freetype-2.11.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-debuginfo" release="2.ule3" version="2.11.0">
+                         <filename>freetype-debuginfo-2.11.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-debugsource" release="2.ule3" version="2.11.0">
+                         <filename>freetype-debugsource-2.11.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-devel" release="2.ule3" version="2.11.0">
+                         <filename>freetype-devel-2.11.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-demos" release="2.ule3" version="2.11.0">
+                         <filename>freetype-demos-2.11.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="freetype-help" release="2.ule3" version="2.11.0">
+                         <filename>freetype-help-2.11.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype" release="2.ule3" version="2.11.0">
+                         <filename>freetype-2.11.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-debuginfo" release="2.ule3" version="2.11.0">
+                         <filename>freetype-debuginfo-2.11.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-debugsource" release="2.ule3" version="2.11.0">
+                         <filename>freetype-debugsource-2.11.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-devel" release="2.ule3" version="2.11.0">
+                         <filename>freetype-devel-2.11.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-demos" release="2.ule3" version="2.11.0">
+                         <filename>freetype-demos-2.11.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1656</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1154" id="CVE-2022-1154" title="CVE-2022-1154" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1616" id="CVE-2022-1616" title="CVE-2022-1616" type="cve"></reference>
+          </references>
+          <description>Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.(CVE-2022-1154)Use after free in append_command in GitHub repository vim/vim prior to 8.2. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution(CVE-2022-1616)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="33.ule3" version="8.2">
+                         <filename>vim-X11-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="33.ule3" version="8.2">
+                         <filename>vim-common-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="33.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="33.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="33.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="33.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="33.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-33.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="33.ule3" version="8.2">
+                         <filename>vim-X11-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="33.ule3" version="8.2">
+                         <filename>vim-common-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="33.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="33.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="33.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="33.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1656</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1154" id="CVE-2022-1154" title="CVE-2022-1154" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1616" id="CVE-2022-1616" title="CVE-2022-1616" type="cve"></reference>
+          </references>
+          <description>Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.(CVE-2022-1154) Use after free in append_command in GitHub repository vim/vim prior to 8.2. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution(CVE-2022-1616)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="33.ule3" version="8.2">
+                         <filename>vim-X11-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="33.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="33.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="33.ule3" version="8.2">
+                         <filename>vim-common-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="33.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="33.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-33.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="33.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-33.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="33.ule3" version="8.2">
+                         <filename>vim-X11-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="33.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="33.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="33.ule3" version="8.2">
+                         <filename>vim-common-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="33.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="33.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-33.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1657</id>
+          <title>An update for freerdp is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24883" id="CVE-2022-24883" title="CVE-2022-24883" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24882" id="CVE-2022-24882" title="CVE-2022-24882" type="cve"></reference>
+          </references>
+          <description>FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.(CVE-2022-24883)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.(CVE-2022-24882)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="freerdp" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debuginfo" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-debuginfo-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debugsource" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-debugsource-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-devel" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-devel-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-help" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-help-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr" release="1.ule3" version="2.7.0">
+                         <filename>libwinpr-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr-devel" release="1.ule3" version="2.7.0">
+                         <filename>libwinpr-devel-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debuginfo" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-debuginfo-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debugsource" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-debugsource-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-devel" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-devel-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-help" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-help-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr" release="1.ule3" version="2.7.0">
+                         <filename>libwinpr-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr-devel" release="1.ule3" version="2.7.0">
+                         <filename>libwinpr-devel-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1657</id>
+          <title>An update for freerdp is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24883" id="CVE-2022-24883" title="CVE-2022-24883" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24882" id="CVE-2022-24882" title="CVE-2022-24882" type="cve"></reference>
+          </references>
+          <description>FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.(CVE-2022-24883) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.(CVE-2022-24882)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="freerdp" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debuginfo" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-debuginfo-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debugsource" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-debugsource-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-devel" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-devel-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-help" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-help-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr" release="1.ule3" version="2.7.0">
+                         <filename>libwinpr-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr-devel" release="1.ule3" version="2.7.0">
+                         <filename>libwinpr-devel-2.7.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debuginfo" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-debuginfo-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debugsource" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-debugsource-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-devel" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-devel-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-help" release="1.ule3" version="2.7.0">
+                         <filename>freerdp-help-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr" release="1.ule3" version="2.7.0">
+                         <filename>libwinpr-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr-devel" release="1.ule3" version="2.7.0">
+                         <filename>libwinpr-devel-2.7.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1658</id>
+          <title>An update for libxml2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29824" id="CVE-2022-29824" title="CVE-2022-29824" type="cve"></reference>
+          </references>
+          <description>In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don&#39;t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2&#39;s buffer functions, for example libxslt through 1.1.35, is affected as well.(CVE-2022-29824)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libxml2" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-debuginfo" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-debugsource" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-devel" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-libxml2" release="6.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libxml2-help" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-help-2.9.12-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debuginfo" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debugsource" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-devel" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-libxml2" release="6.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1658</id>
+          <title>An update for libxml2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29824" id="CVE-2022-29824" title="CVE-2022-29824" type="cve"></reference>
+          </references>
+          <description>In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don&#39;t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2&#39;s buffer functions, for example libxslt through 1.1.35, is affected as well.(CVE-2022-29824)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libxml2" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-debuginfo" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-debugsource" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-devel" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-libxml2" release="6.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libxml2-help" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-help-2.9.12-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debuginfo" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debugsource" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-devel" release="6.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-libxml2" release="6.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1659</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22576" id="CVE-2022-22576" title="CVE-2022-22576" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27774" id="CVE-2022-27774" title="CVE-2022-27774" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27775" id="CVE-2022-27775" title="CVE-2022-27775" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27776" id="CVE-2022-27776" title="CVE-2022-27776" type="cve"></reference>
+          </references>
+          <description>This security flaw in curl allows to reuse an OAUTH2 authenticated connection without properly ensuring that the connection is authenticated with the same credentials set by this transport, this issue can lead to authentication bypasses, either by mistake or by malicious actors.(CVE-2022-22576) When asked, curl does an HTTP(S) redirect. curl also supports authentication. When providing a user and password for a URL with a given hostname, curl makes an effort not to pass these credentials to other hosts in redirects unless permissions with special options are granted. This &#34;same host check&#34; has been flawed since its introduction. It does not work with cross-protocol redirection, nor does it treat different port numbers as separate hosts. This results in leaking credentials to other servers when curl redirects from authentication protected HTTP(S) URLs to other protocols and port numbers. It could also leak TLS SRP credentials in this way. By default, curl only allows redirects to HTTP(S) and FTP(S), but you can ask to allow redirects to all curl-supported protocols.(CVE-2022-27774) This issue with curl occurs due to a logical bug where the configuration matching function does not take into account the IPv6 address zone id, which can cause curl to reuse the wrong connection when one transfer uses the zone id and subsequent transfers use another.(CVE-2022-27775) This security flaw in curl allows leaking authentication or cookie header data over HTTP to redirect to the same host but a different port number, for applications passing custom Authorization: or Cookie: headers to the same set of headers Sending to servers on different port numbers is a problem, and these headers often contain privacy-sensitive information or data.(CVE-2022-27776)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="curl" release="4.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="4.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="4.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="4.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="4.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="4.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="4.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="4.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="4.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="4.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="4.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1659</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22576" id="CVE-2022-22576" title="CVE-2022-22576" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27774" id="CVE-2022-27774" title="CVE-2022-27774" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27775" id="CVE-2022-27775" title="CVE-2022-27775" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27776" id="CVE-2022-27776" title="CVE-2022-27776" type="cve"></reference>
+          </references>
+          <description>This security flaw in curl allows to reuse an OAUTH2 authenticated connection without properly ensuring that the connection is authenticated with the same credentials set by this transport, this issue can lead to authentication bypasses, either by mistake or by malicious actors.(CVE-2022-22576)When asked, curl does an HTTP(S) redirect. curl also supports authentication. When providing a user and password for a URL with a given hostname, curl makes an effort not to pass these credentials to other hosts in redirects unless permissions with special options are granted. This &#34;same host check&#34; has been flawed since its introduction. It does not work with cross-protocol redirection, nor does it treat different port numbers as separate hosts. This results in leaking credentials to other servers when curl redirects from authentication protected HTTP(S) URLs to other protocols and port numbers. It could also leak TLS SRP credentials in this way. By default, curl only allows redirects to HTTP(S) and FTP(S), but you can ask to allow redirects to all curl-supported protocols.(CVE-2022-27774)This issue with curl occurs due to a logical bug where the configuration matching function does not take into account the IPv6 address zone id, which can cause curl to reuse the wrong connection when one transfer uses the zone id and subsequent transfers use another.(CVE-2022-27775)This security flaw in curl allows leaking authentication or cookie header data over HTTP to redirect to the same host but a different port number, for applications passing custom Authorization: or Cookie: headers to the same set of headers Sending to servers on different port numbers is a problem, and these headers often contain privacy-sensitive information or data.(CVE-2022-27776)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="curl" release="4.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="4.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="4.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="4.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="4.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="4.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="4.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="4.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="4.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="4.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="4.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1660</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33061" id="CVE-2021-33061" title="CVE-2021-33061" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1998" id="CVE-2022-1998" title="CVE-2022-1998" type="cve"></reference>
+          </references>
+          <description>Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.(CVE-2021-33061)A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.(CVE-2022-1998)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1660</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33061" id="CVE-2021-33061" title="CVE-2021-33061" type="cve"></reference>
+          </references>
+          <description>Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.(CVE-2021-33061)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.28.0.58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.28.0.58.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.28.0.58.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1661</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-44717" id="CVE-2021-44717" title="CVE-2021-44717" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24675" id="CVE-2022-24675" title="CVE-2022-24675" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28327" id="CVE-2022-28327" title="CVE-2022-28327" type="cve"></reference>
+          </references>
+          <description>Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.(CVE-2021-44717) encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.(CVE-2022-24675) The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.(CVE-2022-28327)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="3.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="3.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="3.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="3.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1661</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-44717" id="CVE-2021-44717" title="CVE-2021-44717" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24675" id="CVE-2022-24675" title="CVE-2022-24675" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28327" id="CVE-2022-28327" title="CVE-2022-28327" type="cve"></reference>
+          </references>
+          <description>Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.(CVE-2021-44717)encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.(CVE-2022-24675)The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.(CVE-2022-28327)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="3.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="3.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="3.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="3.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1662</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4206" id="CVE-2021-4206" title="CVE-2021-4206" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4207" id="CVE-2021-4207" title="CVE-2021-4207" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26353" id="CVE-2022-26353" title="CVE-2022-26353" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26354" id="CVE-2022-26354" title="CVE-2022-26354" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.(CVE-2021-4206) A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-&gt;header.width and cursor-&gt;header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.(CVE-2021-4207) A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.(CVE-2022-26353) A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions less than 6.2.0.(CVE-2022-26354)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="qemu" release="34.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-curl" release="34.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-iscsi" release="34.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-rbd" release="34.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-ssh" release="34.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debuginfo" release="34.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debugsource" release="34.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-guest-agent" release="34.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-img" release="34.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-hw-usb-host" release="34.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="qemu-help" release="34.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-34.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu" release="34.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-curl" release="34.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-iscsi" release="34.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-rbd" release="34.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-ssh" release="34.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debuginfo" release="34.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debugsource" release="34.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-guest-agent" release="34.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-img" release="34.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-seabios" release="34.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-hw-usb-host" release="34.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1662</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4206" id="CVE-2021-4206" title="CVE-2021-4206" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4207" id="CVE-2021-4207" title="CVE-2021-4207" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-20196" id="CVE-2021-20196" title="CVE-2021-20196" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26353" id="CVE-2022-26353" title="CVE-2022-26353" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26354" id="CVE-2022-26354" title="CVE-2022-26354" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.(CVE-2021-4206)A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-&gt;header.width and cursor-&gt;header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.(CVE-2021-4207)A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2021-20196)A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.(CVE-2022-26353)A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions &lt;= 6.2.0.(CVE-2022-26354)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qemu" release="34.oe1" version="6.2.0">
+                         <filename>qemu-6.2.0-34.oe1.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-curl" release="34.oe1" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-34.oe1.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-iscsi" release="34.oe1" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-34.oe1.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-rbd" release="34.oe1" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-34.oe1.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-ssh" release="34.oe1" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-34.oe1.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-debuginfo" release="34.oe1" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-34.oe1.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-debugsource" release="34.oe1" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-34.oe1.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-guest-agent" release="34.oe1" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-34.oe1.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-img" release="34.oe1" version="6.2.0">
+                         <filename>qemu-img-6.2.0-34.oe1.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-hw-usb-host" release="34.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="qemu-help" release="34.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-34.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu" release="34.oe1" version="6.2.0">
+                         <filename>qemu-6.2.0-34.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-curl" release="34.oe1" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-34.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-iscsi" release="34.oe1" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-34.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-rbd" release="34.oe1" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-34.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-ssh" release="34.oe1" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-34.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-debuginfo" release="34.oe1" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-34.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-debugsource" release="34.oe1" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-34.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-guest-agent" release="34.oe1" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-34.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-img" release="34.oe1" version="6.2.0">
+                         <filename>qemu-img-6.2.0-34.oe1.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-hw-usb-host" release="34.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-seabios" release="34.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1663</id>
+          <title>An update for google-gson is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25647" id="CVE-2022-25647" title="CVE-2022-25647" type="cve"></reference>
+          </references>
+          <description>The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.(CVE-2022-25647)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="google-gson" release="4.ule3" version="2.8.2">
+                         <filename>google-gson-2.8.2-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1663</id>
+          <title>An update for google-gson is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25647" id="CVE-2022-25647" title="CVE-2022-25647" type="cve"></reference>
+          </references>
+          <description>The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.(CVE-2022-25647)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="" name="google-gson" release="4.ule3.noarch" version="2.8.2">
+                         <filename>google-gson-2.8.2-4.ule3.noarch.rpm </filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1664</id>
+          <title>An update for opensc is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-42778" id="CVE-2021-42778" title="CVE-2021-42778" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-42780" id="CVE-2021-42780" title="CVE-2021-42780" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-42782" id="CVE-2021-42782" title="CVE-2021-42782" type="cve"></reference>
+          </references>
+          <description>A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.(CVE-2021-42778) A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.(CVE-2021-42780) Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.(CVE-2021-42782)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="opensc" release="6.ule3" version="0.21.0">
+                         <filename>opensc-0.21.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="opensc-debuginfo" release="6.ule3" version="0.21.0">
+                         <filename>opensc-debuginfo-0.21.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="opensc-debugsource" release="6.ule3" version="0.21.0">
+                         <filename>opensc-debugsource-0.21.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="opensc-help" release="6.ule3" version="0.21.0">
+                         <filename>opensc-help-0.21.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="opensc" release="6.ule3" version="0.21.0">
+                         <filename>opensc-0.21.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="opensc-debuginfo" release="6.ule3" version="0.21.0">
+                         <filename>opensc-debuginfo-0.21.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="opensc-debugsource" release="6.ule3" version="0.21.0">
+                         <filename>opensc-debugsource-0.21.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1664</id>
+          <title>An update for opensc is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-42778" id="CVE-2021-42778" title="CVE-2021-42778" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-42780" id="CVE-2021-42780" title="CVE-2021-42780" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-42782" id="CVE-2021-42782" title="CVE-2021-42782" type="cve"></reference>
+          </references>
+          <description>A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.(CVE-2021-42778)A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.(CVE-2021-42780)Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.(CVE-2021-42782)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="opensc" release="6.ule3" version="0.21.0">
+                         <filename>opensc-0.21.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="opensc-debuginfo" release="6.ule3" version="0.21.0">
+                         <filename>opensc-debuginfo-0.21.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="opensc-debugsource" release="6.ule3" version="0.21.0">
+                         <filename>opensc-debugsource-0.21.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="opensc-help" release="6.ule3" version="0.21.0">
+                         <filename>opensc-help-0.21.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="opensc" release="6.ule3" version="0.21.0">
+                         <filename>opensc-0.21.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="opensc-debuginfo" release="6.ule3" version="0.21.0">
+                         <filename>opensc-debuginfo-0.21.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="opensc-debugsource" release="6.ule3" version="0.21.0">
+                         <filename>opensc-debugsource-0.21.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1665</id>
+          <title>An update for nodejs-minimist is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-44906" id="CVE-2021-44906" title="CVE-2021-44906" type="cve"></reference>
+          </references>
+          <description>Minimist less than 1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).(CVE-2021-44906)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-minimist" release="1.ule3" version="1.2.6">
+                         <filename>nodejs-minimist-1.2.6-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1665</id>
+          <title>An update for nodejs-minimist is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-44906" id="CVE-2021-44906" title="CVE-2021-44906" type="cve"></reference>
+          </references>
+          <description>Minimist &lt;=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).(CVE-2021-44906)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-minimist" release="1.ule3" version="1.2.6">
+                         <filename>nodejs-minimist-1.2.6-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1666</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28388" id="CVE-2022-28388" title="CVE-2022-28388" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28389" id="CVE-2022-28389" title="CVE-2022-28389" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28356" id="CVE-2022-28356" title="CVE-2022-28356" type="cve"></reference>
+          </references>
+          <description>usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.(CVE-2022-28388) mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.(CVE-2022-28389) In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.(CVE-2022-28356)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="kernel-debugsource" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1666</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28388" id="CVE-2022-28388" title="CVE-2022-28388" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28389" id="CVE-2022-28389" title="CVE-2022-28389" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28356" id="CVE-2022-28356" title="CVE-2022-28356" type="cve"></reference>
+          </references>
+          <description>usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.(CVE-2022-28388)mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.(CVE-2022-28389)In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.(CVE-2022-28356)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.31.0.60.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.31.0.60.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.31.0.60.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1667</id>
+          <title>An update for nodejs-hawk is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29167" id="CVE-2022-29167" title="CVE-2022-29167" type="cve"></reference>
+          </references>
+          <description>Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP header (Hawk.utils.parseHost()), which was subject to regular expression DoS attack - meaning each added character in the attacker s input increases the computation time exponentially. parseHost() was patched in 9.0.1 to use built-in URL class to parse hostname instead. Hawk.authenticate() accepts options argument. If that contains host and port, those would be used instead of a call to utils.parseHost().(CVE-2022-29167)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-hawk" release="2.ule3" version="4.1.2">
+                         <filename>nodejs-hawk-4.1.2-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1667</id>
+          <title>An update for nodejs-hawk is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29167" id="CVE-2022-29167" title="CVE-2022-29167" type="cve"></reference>
+          </references>
+          <description>Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP header (Hawk.utils.parseHost()), which was subject to regular expression DoS attack - meaning each added character in the attacker s input increases the computation time exponentially. parseHost() was patched in 9.0.1 to use built-in URL class to parse hostname instead. Hawk.authenticate() accepts options argument. If that contains host and port, those would be used instead of a call to utils.parseHost().(CVE-2022-29167)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-hawk" release="2.ule3" version="4.1.2">
+                         <filename>nodejs-hawk-4.1.2-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1668</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1619" id="CVE-2022-1619" title="CVE-2022-1619" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1620" id="CVE-2022-1620" title="CVE-2022-1620" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1621" id="CVE-2022-1621" title="CVE-2022-1621" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1629" id="CVE-2022-1629" title="CVE-2022-1629" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1674" id="CVE-2022-1674" title="CVE-2022-1674" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution.(CVE-2022-1619) NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.(CVE-2022-1620) Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution.(CVE-2022-1621) Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution.(CVE-2022-1629) NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.(CVE-2022-1674)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="34.ule3" version="8.2">
+                         <filename>vim-X11-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="34.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="34.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="34.ule3" version="8.2">
+                         <filename>vim-common-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="34.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="34.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="34.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-34.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="34.ule3" version="8.2">
+                         <filename>vim-X11-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="34.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="34.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="34.ule3" version="8.2">
+                         <filename>vim-common-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="34.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="34.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1668</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1619" id="CVE-2022-1619" title="CVE-2022-1619" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1620" id="CVE-2022-1620" title="CVE-2022-1620" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1621" id="CVE-2022-1621" title="CVE-2022-1621" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1629" id="CVE-2022-1629" title="CVE-2022-1629" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1674" id="CVE-2022-1674" title="CVE-2022-1674" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution.(CVE-2022-1619)NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.(CVE-2022-1620)Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution.(CVE-2022-1621)Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution.(CVE-2022-1629)NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.(CVE-2022-1674)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="34.ule3" version="8.2">
+                         <filename>vim-X11-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="34.ule3" version="8.2">
+                         <filename>vim-common-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="34.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="34.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="34.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="34.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="34.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-34.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="34.ule3" version="8.2">
+                         <filename>vim-X11-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="34.ule3" version="8.2">
+                         <filename>vim-common-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="34.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="34.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="34.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="34.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-34.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1669</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1355" id="CVE-2022-1355" title="CVE-2022-1355" type="cve"></reference>
+          </references>
+          <description>A stack buffer overflow flaw was found in Libtiffs tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.(CVE-2022-1355)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1669</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1355" id="CVE-2022-1355" title="CVE-2022-1355" type="cve"></reference>
+          </references>
+          <description>A stack buffer overflow flaw was found in Libtiffs tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.(CVE-2022-1355)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="13.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1670</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1114" id="CVE-2022-1114" title="CVE-2022-1114" type="cve"></reference>
+          </references>
+          <description>A heap-use-after-free flaw was found in ImageMagick&#39;s RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.(CVE-2022-1114)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1670</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1114" id="CVE-2022-1114" title="CVE-2022-1114" type="cve"></reference>
+          </references>
+          <description>A heap-use-after-free flaw was found in ImageMagick&#39;s RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.(CVE-2022-1114)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="1.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1671</id>
+          <title>An update for containerd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23648" id="CVE-2022-23648" title="CVE-2022-23648" type="cve"></reference>
+          </references>
+          <description>containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.(CVE-2022-23648)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="containerd" release="301.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-301.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="containerd" release="301.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-301.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1671</id>
+          <title>An update for containerd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23648" id="CVE-2022-23648" title="CVE-2022-23648" type="cve"></reference>
+          </references>
+          <description>containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.(CVE-2022-23648)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="containerd" release="301.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-301.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="containerd" release="301.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-301.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1672</id>
+          <title>An update for rsyslog is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24903" id="CVE-2022-24903" title="CVE-2022-24903" type="cve"></reference>
+          </references>
+          <description>Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules imtcp, imptcp, imgssapi, and imhttp are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module imdiag is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.(CVE-2022-24903)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="rsyslog" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-debuginfo" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-debuginfo-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-debugsource" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-debugsource-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-hiredis" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-hiredis-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-kafka" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-kafka-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mmkubernetes" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmkubernetes-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mmnormalize" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmnormalize-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mongodb" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mongodb-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-omamqp1" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-omamqp1-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-pgsql" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-pgsql-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-rabbitmq" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-rabbitmq-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-relp" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-relp-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-crypto" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-crypto-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-elasticsearch" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-elasticsearch-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-gnutls" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-gnutls-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-gssapi" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-gssapi-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mmsnmptrapd" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmsnmptrapd-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mysql" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mysql-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-snmp" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-snmp-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-udpspoof" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-udpspoof-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mmaudit" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmaudit-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mmjsonparse" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmjsonparse-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rsyslog-help" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-help-8.2110.0-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rsyslog-doc" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-doc-8.2110.0-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-debuginfo" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-debuginfo-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-debugsource" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-debugsource-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-hiredis" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-hiredis-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-kafka" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-kafka-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mmkubernetes" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmkubernetes-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mmnormalize" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmnormalize-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mongodb" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mongodb-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-omamqp1" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-omamqp1-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-pgsql" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-pgsql-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-rabbitmq" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-rabbitmq-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-relp" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-relp-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-crypto" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-crypto-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-elasticsearch" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-elasticsearch-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-gnutls" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-gnutls-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-gssapi" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-gssapi-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mmsnmptrapd" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmsnmptrapd-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mysql" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mysql-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-snmp" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-snmp-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-udpspoof" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-udpspoof-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mmaudit" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmaudit-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mmjsonparse" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmjsonparse-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1672</id>
+          <title>An update for rsyslog is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24903" id="CVE-2022-24903" title="CVE-2022-24903" type="cve"></reference>
+          </references>
+          <description>Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules imtcp, imptcp, imgssapi, and imhttp are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module imdiag is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.(CVE-2022-24903)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="rsyslog" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-crypto" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-crypto-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-debuginfo" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-debuginfo-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-debugsource" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-debugsource-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-elasticsearch" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-elasticsearch-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-gnutls" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-gnutls-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-gssapi" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-gssapi-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-hiredis" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-hiredis-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-kafka" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-kafka-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mmjsonparse" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmjsonparse-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mmaudit" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmaudit-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mmkubernetes" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmkubernetes-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mmnormalize" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmnormalize-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mmsnmptrapd" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmsnmptrapd-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mongodb" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mongodb-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-mysql" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mysql-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-omamqp1" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-omamqp1-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-pgsql" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-pgsql-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-rabbitmq" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-rabbitmq-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-relp" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-relp-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-snmp" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-snmp-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsyslog-udpspoof" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-udpspoof-8.2110.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rsyslog-help" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-help-8.2110.0-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rsyslog-doc" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-doc-8.2110.0-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-crypto" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-crypto-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-debuginfo" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-debuginfo-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-debugsource" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-debugsource-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-elasticsearch" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-elasticsearch-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-gnutls" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-gnutls-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-gssapi" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-gssapi-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-hiredis" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-hiredis-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-kafka" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-kafka-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mmjsonparse" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmjsonparse-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mmaudit" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmaudit-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mmkubernetes" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmkubernetes-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mmnormalize" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmnormalize-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mmsnmptrapd" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mmsnmptrapd-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mongodb" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mongodb-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-mysql" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-mysql-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-omamqp1" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-omamqp1-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-pgsql" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-pgsql-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-rabbitmq" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-rabbitmq-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-relp" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-relp-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-snmp" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-snmp-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsyslog-udpspoof" release="9.ule3" version="8.2110.0">
+                         <filename>rsyslog-udpspoof-8.2110.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1673</id>
+          <title>An update for openssl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1292" id="CVE-2022-1292" title="CVE-2022-1292" type="cve"></reference>
+          </references>
+          <description>The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).(CVE-2022-1292)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="openssl" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debuginfo" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debugsource" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-devel" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-libs" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-perl" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="openssl-help" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-help-1.1.1m-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debuginfo" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debugsource" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-devel" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-libs" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-perl" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1673</id>
+          <title>An update for openssl is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1292" id="CVE-2022-1292" title="CVE-2022-1292" type="cve"></reference>
+          </references>
+          <description>The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).(CVE-2022-1292)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="openssl" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debuginfo" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debugsource" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-devel" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-libs" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-perl" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="openssl-help" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-help-1.1.1m-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debuginfo" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debugsource" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-devel" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-libs" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-perl" release="5.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1675</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27782" id="CVE-2022-27782" title="CVE-2022-27782" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27781" id="CVE-2022-27781" title="CVE-2022-27781" type="cve"></reference>
+          </references>
+          <description>libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several TLS and SSH settings were left out from the configuration match checks, making them match too easily.(CVE-2022-27782) A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services (NSS) get stuck in a never-ending busy loop when trying to retrieve that information. This flaw allows an Infinite Loop, affecting system availability.(CVE-2022-27781)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="curl" release="6.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="6.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="6.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="6.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="6.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="6.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="6.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="6.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="6.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="6.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="6.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1675</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27782" id="CVE-2022-27782" title="CVE-2022-27782" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27781" id="CVE-2022-27781" title="CVE-2022-27781" type="cve"></reference>
+          </references>
+          <description>libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several TLS and SSH settings were left out from the configuration match checks, making them match too easily.(CVE-2022-27782)A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services (NSS) get stuck in a never-ending busy loop when trying to retrieve that information. This flaw allows an Infinite Loop, affecting system availability.(CVE-2022-27781)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="curl" release="6.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="6.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="6.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="6.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="6.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="6.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="6.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="6.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="6.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="6.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="6.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1676</id>
+          <title>An update for git is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24765" id="CVE-2022-24765" title="CVE-2022-24765" type="cve"></reference>
+          </references>
+          <description>Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.(CVE-2022-24765)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="git-daemon" release="2.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debuginfo" release="2.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git" release="2.ule3" version="2.33.0">
+                         <filename>git-2.33.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debugsource" release="2.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git-SVN" release="2.ule3" version="2.33.0">
+                         <filename>perl-Git-SVN-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gitk" release="2.ule3" version="2.33.0">
+                         <filename>gitk-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-gui" release="2.ule3" version="2.33.0">
+                         <filename>git-gui-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-web" release="2.ule3" version="2.33.0">
+                         <filename>git-web-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-email" release="2.ule3" version="2.33.0">
+                         <filename>git-email-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-help" release="2.ule3" version="2.33.0">
+                         <filename>git-help-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git" release="2.ule3" version="2.33.0">
+                         <filename>perl-Git-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-svn" release="2.ule3" version="2.33.0">
+                         <filename>git-svn-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-daemon" release="2.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debuginfo" release="2.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git" release="2.ule3" version="2.33.0">
+                         <filename>git-2.33.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debugsource" release="2.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1676</id>
+          <title>An update for git is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24765" id="CVE-2022-24765" title="CVE-2022-24765" type="cve"></reference>
+          </references>
+          <description>Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.(CVE-2022-24765)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="git-debuginfo" release="2.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debugsource" release="2.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-daemon" release="2.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git" release="2.ule3" version="2.33.0">
+                         <filename>git-2.33.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-help" release="2.ule3" version="2.33.0">
+                         <filename>git-help-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-gui" release="2.ule3" version="2.33.0">
+                         <filename>git-gui-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-web" release="2.ule3" version="2.33.0">
+                         <filename>git-web-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gitk" release="2.ule3" version="2.33.0">
+                         <filename>gitk-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git-SVN" release="2.ule3" version="2.33.0">
+                         <filename>perl-Git-SVN-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git" release="2.ule3" version="2.33.0">
+                         <filename>perl-Git-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-email" release="2.ule3" version="2.33.0">
+                         <filename>git-email-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-svn" release="2.ule3" version="2.33.0">
+                         <filename>git-svn-2.33.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debuginfo" release="2.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debugsource" release="2.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-daemon" release="2.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git" release="2.ule3" version="2.33.0">
+                         <filename>git-2.33.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1677</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1205" id="CVE-2022-1205" title="CVE-2022-1205" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1419" id="CVE-2022-1419" title="CVE-2022-1419" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1652" id="CVE-2022-1652" title="CVE-2022-1652" type="cve"></reference>
+          </references>
+          <description>A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.(CVE-2022-1205)UAF causes the system to crash Exploit conditions: The root user reduces the reference count of drm_vgem_gem_object through ioctl$DRM_IOCTL_MODE_DESTROY_DUMB, and vgem_gem_dumb_create will access the released drm_vgem_gem_object Technical reason: The gpu driver can reduce the reference count of drm_vgem_gem_object through ioctl Concurrency causes uaf judgment method: CONFIG_DRM is not configured No circumvention measures are involved: none(CVE-2022-1419)A concurrency use-after-free issue was discovered between reset_interrupt and floppy_end_request in the latest kernel version (5.17.5 for now).    The root cause is that after deallocating current_req in floppy_end_request, reset_interrupt still holds the freed current_req-&gt;error_count and accesses it concurrently.(cve-2022-1652)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1677</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1205" id="CVE-2022-1205" title="CVE-2022-1205" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1419" id="CVE-2022-1419" title="CVE-2022-1419" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1652" id="CVE-2022-1652" title="CVE-2022-1652" type="cve"></reference>
+          </references>
+          <description>A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.(CVE-2022-1205) UAF causes the system to crash Exploit conditions: The root user reduces the reference count of drm_vgem_gem_object through ioctl$DRM_IOCTL_MODE_DESTROY_DUMB, and vgem_gem_dumb_create will access the released drm_vgem_gem_object Technical reason: The gpu driver can reduce the reference count of drm_vgem_gem_object through ioctl Concurrency causes uaf judgment method: CONFIG_DRM is not configured No circumvention measures are involved: none(CVE-2022-1419) A concurrency use-after-free issue was discovered between reset_interrupt and floppy_end_request in the latest kernel version (5.17.5 for now).    The root cause is that after deallocating current_req in floppy_end_request, reset_interrupt still holds the freed current_req-&gt;error_count and accesses it concurrently.(CVE-2022-1652)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.32.0.61.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.32.0.61.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.32.0.61.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1678</id>
+          <title>An update for openjpeg2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1122" id="CVE-2022-1122" title="CVE-2022-1122" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.(CVE-2022-1122)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openjpeg2" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openjpeg2-debuginfo" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-debuginfo-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openjpeg2-debugsource" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-debugsource-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openjpeg2-devel" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-devel-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openjpeg2-tools" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-tools-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="openjpeg2-help" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-help-2.4.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openjpeg2" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openjpeg2-debuginfo" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-debuginfo-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openjpeg2-debugsource" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-debugsource-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openjpeg2-devel" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-devel-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openjpeg2-tools" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-tools-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1678</id>
+          <title>An update for openjpeg2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1122" id="CVE-2022-1122" title="CVE-2022-1122" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.(CVE-2022-1122)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openjpeg2" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openjpeg2-debuginfo" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-debuginfo-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openjpeg2-debugsource" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-debugsource-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openjpeg2-devel" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-devel-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openjpeg2-tools" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-tools-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="openjpeg2-help" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-help-2.4.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openjpeg2" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openjpeg2-debuginfo" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-debuginfo-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openjpeg2-debugsource" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-debugsource-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openjpeg2-devel" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-devel-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openjpeg2-tools" release="6.ule3" version="2.4.0">
+                         <filename>openjpeg2-tools-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1679</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3750" id="CVE-2021-3750" title="CVE-2021-3750" type="cve"></reference>
+          </references>
+          <description>A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller&#39;s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.(CVE-2021-3750)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="qemu-img" release="35.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-ssh" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu" release="35.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debuginfo" release="35.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-hw-usb-host" release="35.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-iscsi" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-curl" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-guest-agent" release="35.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-rbd" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debugsource" release="35.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="qemu-help" release="35.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-img" release="35.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-ssh" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu" release="35.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debuginfo" release="35.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-hw-usb-host" release="35.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-iscsi" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-curl" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-guest-agent" release="35.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-rbd" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debugsource" release="35.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-seabios" release="35.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1679</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3750" id="CVE-2021-3750" title="CVE-2021-3750" type="cve"></reference>
+          </references>
+          <description>A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller&#39;s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.(CVE-2021-3750)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="qemu" release="35.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-curl" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-iscsi" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-rbd" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-ssh" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debuginfo" release="35.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debugsource" release="35.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-guest-agent" release="35.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-img" release="35.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-hw-usb-host" release="35.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="qemu-help" release="35.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu" release="35.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-curl" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-iscsi" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-rbd" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-ssh" release="35.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debuginfo" release="35.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debugsource" release="35.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-guest-agent" release="35.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-img" release="35.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-seabios" release="35.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-hw-usb-host" release="35.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-35.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1680</id>
+          <title>An update for libsndfile is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4156" id="CVE-2021-4156" title="CVE-2021-4156" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds read flaw was found in libsndfile&#39;s FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.(CVE-2021-4156)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libsndfile-utils" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-utils-1.0.31-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsndfile" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-1.0.31-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsndfile-debugsource" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-debugsource-1.0.31-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsndfile-devel" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-devel-1.0.31-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsndfile-debuginfo" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-debuginfo-1.0.31-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libsndfile-utils-help" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-utils-help-1.0.31-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsndfile-devel" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-devel-1.0.31-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsndfile-debugsource" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-debugsource-1.0.31-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsndfile-utils" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-utils-1.0.31-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsndfile-debuginfo" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-debuginfo-1.0.31-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsndfile" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-1.0.31-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1680</id>
+          <title>An update for libsndfile is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4156" id="CVE-2021-4156" title="CVE-2021-4156" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds read flaw was found in libsndfile&#39;s FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.(CVE-2021-4156)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libsndfile-devel" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-devel-1.0.31-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsndfile-debuginfo" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-debuginfo-1.0.31-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsndfile" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-1.0.31-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsndfile-utils" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-utils-1.0.31-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsndfile-debugsource" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-debugsource-1.0.31-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libsndfile-utils-help" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-utils-help-1.0.31-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsndfile-devel" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-devel-1.0.31-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsndfile-debuginfo" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-debuginfo-1.0.31-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsndfile-debugsource" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-debugsource-1.0.31-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsndfile-utils" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-utils-1.0.31-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsndfile" release="2.ule3" version="1.0.31">
+                         <filename>libsndfile-1.0.31-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1681</id>
+          <title>An update for mariadb is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27379" id="CVE-2022-27379" title="CVE-2022-27379" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27386" id="CVE-2022-27386" title="CVE-2022-27386" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27387" id="CVE-2022-27387" title="CVE-2022-27387" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27384" id="CVE-2022-27384" title="CVE-2022-27384" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27380" id="CVE-2022-27380" title="CVE-2022-27380" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27383" id="CVE-2022-27383" title="CVE-2022-27383" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27381" id="CVE-2022-27381" title="CVE-2022-27381" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27377" id="CVE-2022-27377" title="CVE-2022-27377" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27378" id="CVE-2022-27378" title="CVE-2022-27378" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27376" id="CVE-2022-27376" title="CVE-2022-27376" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27452" id="CVE-2022-27452" title="CVE-2022-27452" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27458" id="CVE-2022-27458" title="CVE-2022-27458" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27456" id="CVE-2022-27456" title="CVE-2022-27456" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27445" id="CVE-2022-27445" title="CVE-2022-27445" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27449" id="CVE-2022-27449" title="CVE-2022-27449" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27448" id="CVE-2022-27448" title="CVE-2022-27448" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27447" id="CVE-2022-27447" title="CVE-2022-27447" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27385" id="CVE-2022-27385" title="CVE-2022-27385" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27382" id="CVE-2022-27382" title="CVE-2022-27382" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27451" id="CVE-2022-27451" title="CVE-2022-27451" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27457" id="CVE-2022-27457" title="CVE-2022-27457" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27446" id="CVE-2022-27446" title="CVE-2022-27446" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27444" id="CVE-2022-27444" title="CVE-2022-27444" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27455" id="CVE-2022-27455" title="CVE-2022-27455" type="cve"></reference>
+          </references>
+          <description>An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27379)MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.(CVE-2022-27386)MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.(CVE-2022-27387)An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27384)An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27380)MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.(CVE-2022-27383)An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27381)MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.(CVE-2022-27377)An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27378)MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.(CVE-2022-27376)MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.(CVE-2022-27452)MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.(CVE-2022-27458)MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.(CVE-2022-27456)MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.(CVE-2022-27445)MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.(CVE-2022-27449)There is an Assertion failure in MariaDB Server v10.9 and below via &#39;node-&gt;pcur-&gt;rel_pos == BTR_PCUR_ON&#39; at /row/row0mysql.cc.(CVE-2022-27448)MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.(CVE-2022-27447)An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27385)MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.(CVE-2022-27382)MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.(CVE-2022-27451)MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.(CVE-2022-27457)MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.(CVE-2022-27446)MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.(CVE-2022-27444)MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.(CVE-2022-27455)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="mariadb-config" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-config-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-test" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-test-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-backup" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-backup-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debugsource" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-debugsource-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded-devel" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-embedded-devel-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-rocksdb-engine" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-rocksdb-engine-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-galera" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-server-galera-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server-utils" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-server-utils-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-pam" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-pam-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-embedded" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-embedded-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-errmsg" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-errmsg-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-server" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-server-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-debuginfo" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-debuginfo-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-devel" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-devel-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-gssapi-server" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-gssapi-server-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-common" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-common-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="mariadb-oqgraph-engine" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-oqgraph-engine-10.5.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-devel" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-devel-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debuginfo" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-debuginfo-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-server-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-oqgraph-engine" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-oqgraph-engine-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-common" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-common-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-gssapi-server" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-gssapi-server-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-test" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-test-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server-galera" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-server-galera-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-debugsource" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-debugsource-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-backup" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-backup-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-config" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-config-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-server-utils" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-server-utils-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded-devel" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-embedded-devel-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-embedded" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-embedded-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-errmsg" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-errmsg-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb-pam" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-pam-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="mariadb" release="1.ule3" version="10.5.16">
+                         <filename>mariadb-10.5.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1682</id>
+          <title>An update for mysql5 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21460" id="CVE-2022-21460" title="CVE-2022-21460" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21451" id="CVE-2022-21451" title="CVE-2022-21451" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21417" id="CVE-2022-21417" title="CVE-2022-21417" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21444" id="CVE-2022-21444" title="CVE-2022-21444" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2226" id="CVE-2021-2226" title="CVE-2021-2226" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21427" id="CVE-2022-21427" title="CVE-2022-21427" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21454" id="CVE-2022-21454" title="CVE-2022-21454" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21245" id="CVE-2022-21245" title="CVE-2022-21245" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2202" id="CVE-2021-2202" title="CVE-2021-2202" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2171" id="CVE-2021-2171" title="CVE-2021-2171" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2022" id="CVE-2021-2022" title="CVE-2021-2022" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2179" id="CVE-2021-2179" title="CVE-2021-2179" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2174" id="CVE-2021-2174" title="CVE-2021-2174" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2194" id="CVE-2021-2194" title="CVE-2021-2194" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2032" id="CVE-2021-2032" title="CVE-2021-2032" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2160" id="CVE-2021-2160" title="CVE-2021-2160" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21451)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21417)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-2226)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21444)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21460)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21427)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21454)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21245)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2202)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2171)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2022)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2179)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2174)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2194)Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-2032)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2160)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mysql5" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-5.7.38-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-common" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-common-5.7.38-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-debuginfo" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-debuginfo-5.7.38-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-debugsource" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-debugsource-5.7.38-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-devel" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-devel-5.7.38-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-embedded" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-embedded-5.7.38-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-embedded-devel" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-embedded-devel-5.7.38-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-errmsg" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-errmsg-5.7.38-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-libs" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-libs-5.7.38-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-server" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-server-5.7.38-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql5-test" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-test-5.7.38-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-5.7.38-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-common" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-common-5.7.38-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-debuginfo" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-debuginfo-5.7.38-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-debugsource" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-debugsource-5.7.38-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-devel" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-devel-5.7.38-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-embedded" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-embedded-5.7.38-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-embedded-devel" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-embedded-devel-5.7.38-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-errmsg" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-errmsg-5.7.38-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-libs" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-libs-5.7.38-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-server" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-server-5.7.38-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql5-test" release="1.ule3" version="5.7.38">
+                         <filename>mysql5-test-5.7.38-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1683</id>
+          <title>An update for clamav is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20770" id="CVE-2022-20770" title="CVE-2022-20770" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20771" id="CVE-2022-20771" title="CVE-2022-20771" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20785" id="CVE-2022-20785" title="CVE-2022-20785" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20792" id="CVE-2022-20792" title="CVE-2022-20792" type="cve"></reference>
+          </references>
+          <description>On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20770)On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20771)On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20785)Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module. The fix was to update the vendored regex library to the latest version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.(CVE-2022-20792)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="clamav" release="3.ule3" version="0.103.6">
+                         <filename>clamav-0.103.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-debuginfo" release="3.ule3" version="0.103.6">
+                         <filename>clamav-debuginfo-0.103.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-debugsource" release="3.ule3" version="0.103.6">
+                         <filename>clamav-debugsource-0.103.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-devel" release="3.ule3" version="0.103.6">
+                         <filename>clamav-devel-0.103.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-help" release="3.ule3" version="0.103.6">
+                         <filename>clamav-help-0.103.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-milter" release="3.ule3" version="0.103.6">
+                         <filename>clamav-milter-0.103.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-update" release="3.ule3" version="0.103.6">
+                         <filename>clamav-update-0.103.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamd" release="3.ule3" version="0.103.6">
+                         <filename>clamd-0.103.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="clamav-data" release="3.ule3" version="0.103.6">
+                         <filename>clamav-data-0.103.6-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="clamav-filesystem" release="3.ule3" version="0.103.6">
+                         <filename>clamav-filesystem-0.103.6-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav" release="3.ule3" version="0.103.6">
+                         <filename>clamav-0.103.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-debuginfo" release="3.ule3" version="0.103.6">
+                         <filename>clamav-debuginfo-0.103.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-debugsource" release="3.ule3" version="0.103.6">
+                         <filename>clamav-debugsource-0.103.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-devel" release="3.ule3" version="0.103.6">
+                         <filename>clamav-devel-0.103.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-help" release="3.ule3" version="0.103.6">
+                         <filename>clamav-help-0.103.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-milter" release="3.ule3" version="0.103.6">
+                         <filename>clamav-milter-0.103.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-update" release="3.ule3" version="0.103.6">
+                         <filename>clamav-update-0.103.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamd" release="3.ule3" version="0.103.6">
+                         <filename>clamd-0.103.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1684</id>
+          <title>An update for maven-shared-utils is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-05-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29599" id="CVE-2022-29599" title="CVE-2022-29599" type="cve"></reference>
+          </references>
+          <description>In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.(CVE-2022-29599)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="maven-shared-utils" release="1.ule3" version="3.3.3">
+                         <filename>maven-shared-utils-3.3.3-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="maven-shared-utils-help" release="1.ule3" version="3.3.3">
+                         <filename>maven-shared-utils-help-3.3.3-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1685</id>
+          <title>An update for ntfs-3g is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46790" id="CVE-2021-46790" title="CVE-2021-46790" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30783" id="CVE-2022-30783" title="CVE-2022-30783" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30785" id="CVE-2022-30785" title="CVE-2022-30785" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30787" id="CVE-2022-30787" title="CVE-2022-30787" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30784" id="CVE-2022-30784" title="CVE-2022-30784" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30786" id="CVE-2022-30786" title="CVE-2022-30786" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30788" id="CVE-2022-30788" title="CVE-2022-30788" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30789" id="CVE-2022-30789" title="CVE-2022-30789" type="cve"></reference>
+          </references>
+          <description>ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.(CVE-2021-46790)An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.(CVE-2022-30783)A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.(CVE-2022-30785)An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.(CVE-2022-30787)A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.(CVE-2022-30784)A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.(CVE-2022-30786)A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.(CVE-2022-30788)A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.(CVE-2022-30789)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="ntfs-3g-help" release="1.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-help-2022.5.17-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ntfs-3g-debugsource" release="1.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-debugsource-2022.5.17-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ntfs-3g-devel" release="1.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-devel-2022.5.17-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ntfs-3g" release="1.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-2022.5.17-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ntfs-3g-debuginfo" release="1.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-debuginfo-2022.5.17-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ntfs-3g-devel" release="1.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-devel-2022.5.17-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ntfs-3g-help" release="1.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-help-2022.5.17-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ntfs-3g-debugsource" release="1.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-debugsource-2022.5.17-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ntfs-3g" release="1.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-2022.5.17-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ntfs-3g-debuginfo" release="1.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-debuginfo-2022.5.17-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1686</id>
+          <title>An update for pcre2 is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1586" id="CVE-2022-1586" title="CVE-2022-1586" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1587" id="CVE-2022-1587" title="CVE-2022-1587" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.(CVE-2022-1586)An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.(CVE-2022-1587)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="pcre2-debuginfo" release="2.ule3" version="10.39">
+                         <filename>pcre2-debuginfo-10.39-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcre2-debugsource" release="2.ule3" version="10.39">
+                         <filename>pcre2-debugsource-10.39-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcre2" release="2.ule3" version="10.39">
+                         <filename>pcre2-10.39-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcre2-devel" release="2.ule3" version="10.39">
+                         <filename>pcre2-devel-10.39-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="pcre2-help" release="2.ule3" version="10.39">
+                         <filename>pcre2-help-10.39-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcre2" release="2.ule3" version="10.39">
+                         <filename>pcre2-10.39-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcre2-devel" release="2.ule3" version="10.39">
+                         <filename>pcre2-devel-10.39-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcre2-debugsource" release="2.ule3" version="10.39">
+                         <filename>pcre2-debugsource-10.39-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcre2-debuginfo" release="2.ule3" version="10.39">
+                         <filename>pcre2-debuginfo-10.39-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1687</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1733" id="CVE-2022-1733" title="CVE-2022-1733" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1735" id="CVE-2022-1735" title="CVE-2022-1735" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.(CVE-2022-1733)Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.(CVE-2022-1735)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="35.ule3" version="8.2">
+                         <filename>vim-X11-8.2-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="35.ule3" version="8.2">
+                         <filename>vim-common-8.2-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="35.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="35.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="35.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="35.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="35.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="35.ule3" version="8.2">
+                         <filename>vim-X11-8.2-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="35.ule3" version="8.2">
+                         <filename>vim-common-8.2-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="35.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="35.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="35.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="35.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-35.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1688</id>
+          <title>An update for grafana is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21703" id="CVE-2022-21703" title="CVE-2022-21703" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21713" id="CVE-2022-21713" title="CVE-2022-21713" type="cve"></reference>
+          </references>
+          <description>Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.(CVE-2022-21703)Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.(CVE-2022-21713)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="grafana-debuginfo" release="1.ule3" version="7.5.15">
+                         <filename>grafana-debuginfo-7.5.15-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="grafana" release="1.ule3" version="7.5.15">
+                         <filename>grafana-7.5.15-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grafana" release="1.ule3" version="7.5.15">
+                         <filename>grafana-7.5.15-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grafana-debuginfo" release="1.ule3" version="7.5.15">
+                         <filename>grafana-debuginfo-7.5.15-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1689</id>
+          <title>An update for fish is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20001" id="CVE-2022-20001" title="CVE-2022-20001" type="cve"></reference>
+          </references>
+          <description>fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker&#39;s control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.(CVE-2022-20001)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="fish" release="4.ule3" version="3.3.1">
+                         <filename>fish-3.3.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fish-debuginfo" release="4.ule3" version="3.3.1">
+                         <filename>fish-debuginfo-3.3.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fish-debugsource" release="4.ule3" version="3.3.1">
+                         <filename>fish-debugsource-3.3.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fish" release="4.ule3" version="3.3.1">
+                         <filename>fish-3.3.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fish-debuginfo" release="4.ule3" version="3.3.1">
+                         <filename>fish-debuginfo-3.3.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fish-debugsource" release="4.ule3" version="3.3.1">
+                         <filename>fish-debugsource-3.3.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1691</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0002" id="CVE-2022-0002" title="CVE-2022-0002" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29582" id="CVE-2022-29582" title="CVE-2022-29582" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1195" id="CVE-2022-1195" title="CVE-2022-1195" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20008" id="CVE-2022-20008" title="CVE-2022-20008" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1012" id="CVE-2022-1012" title="CVE-2022-1012" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1734" id="CVE-2022-1734" title="CVE-2022-1734" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29581" id="CVE-2022-29581" title="CVE-2022-29581" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1516" id="CVE-2022-1516" title="CVE-2022-1516" type="cve"></reference>
+          </references>
+          <description>Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.(CVE-2022-0002)In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.(CVE-2022-29582)A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.(CVE-2022-1195)In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel(CVE-2022-20008)Due to the small table perturb size, a memory leak flaw was found in the Linux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service.(CVE-2022-1012)A flaw was found in the Linux kernel’s nfcmrvl_nci_unregister_dev() function. A race condition leads to a use-after-free issue when simulating the NFC device from the user space.(CVE-2022-1734)Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.(CVE-2022-29581)A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.(CVE-2022-1516)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.35.0.64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.35.0.64.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.35.0.64.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1694</id>
+          <title>An update for protobuf is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-22569" id="CVE-2021-22569" title="CVE-2021-22569" type="cve"></reference>
+          </references>
+          <description>An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.(CVE-2021-22569)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="protobuf-debugsource" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-debugsource-3.14.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-3.14.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-debuginfo" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-debuginfo-3.14.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-lite" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-lite-3.14.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-devel" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-devel-3.14.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-compiler" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-compiler-3.14.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-lite-devel" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-lite-devel-3.14.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-javadoc" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-javadoc-3.14.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-bom" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-bom-3.14.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-javalite" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-javalite-3.14.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-java-util" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-java-util-3.14.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-parent" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-parent-3.14.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-protobuf" release="4.ule3" version="3.14.0">
+                         <filename>python3-protobuf-3.14.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-java" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-java-3.14.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-lite" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-lite-3.14.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-debugsource" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-debugsource-3.14.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-lite-devel" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-lite-devel-3.14.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-devel" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-devel-3.14.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-3.14.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-compiler" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-compiler-3.14.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-debuginfo" release="4.ule3" version="3.14.0">
+                         <filename>protobuf-debuginfo-3.14.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1695</id>
+          <title>An update for libtpms is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3746" id="CVE-2021-3746" title="CVE-2021-3746" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3623" id="CVE-2021-3623" title="CVE-2021-3623" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2&#39;s volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.(CVE-2021-3746)A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.(CVE-2021-3623)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtpms" release="7.ule3" version="0.7.3">
+                         <filename>libtpms-0.7.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtpms-debuginfo" release="7.ule3" version="0.7.3">
+                         <filename>libtpms-debuginfo-0.7.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtpms-devel" release="7.ule3" version="0.7.3">
+                         <filename>libtpms-devel-0.7.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtpms-debugsource" release="7.ule3" version="0.7.3">
+                         <filename>libtpms-debugsource-0.7.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtpms" release="7.ule3" version="0.7.3">
+                         <filename>libtpms-0.7.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtpms-debuginfo" release="7.ule3" version="0.7.3">
+                         <filename>libtpms-debuginfo-0.7.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtpms-debugsource" release="7.ule3" version="0.7.3">
+                         <filename>libtpms-debugsource-0.7.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtpms-devel" release="7.ule3" version="0.7.3">
+                         <filename>libtpms-devel-0.7.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1696</id>
+          <title>An update for openjdk-11 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21296" id="CVE-2022-21296" title="CVE-2022-21296" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21340" id="CVE-2022-21340" title="CVE-2022-21340" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21282" id="CVE-2022-21282" title="CVE-2022-21282" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21283" id="CVE-2022-21283" title="CVE-2022-21283" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21341" id="CVE-2022-21341" title="CVE-2022-21341" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21365" id="CVE-2022-21365" title="CVE-2022-21365" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21291" id="CVE-2022-21291" title="CVE-2022-21291" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21248" id="CVE-2022-21248" title="CVE-2022-21248" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21299" id="CVE-2022-21299" title="CVE-2022-21299" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21305" id="CVE-2022-21305" title="CVE-2022-21305" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21294" id="CVE-2022-21294" title="CVE-2022-21294" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21293" id="CVE-2022-21293" title="CVE-2022-21293" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21277" id="CVE-2022-21277" title="CVE-2022-21277" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21366" id="CVE-2022-21366" title="CVE-2022-21366" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21360" id="CVE-2022-21360" title="CVE-2022-21360" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35565" id="CVE-2021-35565" title="CVE-2021-35565" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35550" id="CVE-2021-35550" title="CVE-2021-35550" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21296)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21340)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21282)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21283)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21341)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21365)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21291)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21248)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21299)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21305)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21294)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21293)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21277)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21366)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21360)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35565)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-35550)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debuginfo" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-debuginfo-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-src-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debugsource" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-debugsource-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-jmods-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-devel-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-demo-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-slowdebug-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-javadoc-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc-zip" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-headless-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.15.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc-zip" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-devel-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-src-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-slowdebug-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-jmods-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debugsource" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-debugsource-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-javadoc-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debuginfo" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-debuginfo-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-headless-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-demo-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo-slowdebug" release="1.ule3" version="11.0.15.10">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.15.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1697</id>
+          <title>An update for flac is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-0499" id="CVE-2020-0499" title="CVE-2020-0499" type="cve"></reference>
+          </references>
+          <description>In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070(CVE-2020-0499)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="flac-help" release="6.ule3" version="1.3.3">
+                         <filename>flac-help-1.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flac-devel" release="6.ule3" version="1.3.3">
+                         <filename>flac-devel-1.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flac-debugsource" release="6.ule3" version="1.3.3">
+                         <filename>flac-debugsource-1.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flac-debuginfo" release="6.ule3" version="1.3.3">
+                         <filename>flac-debuginfo-1.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flac" release="6.ule3" version="1.3.3">
+                         <filename>flac-1.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xmms-flac" release="6.ule3" version="1.3.3">
+                         <filename>xmms-flac-1.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flac-devel" release="6.ule3" version="1.3.3">
+                         <filename>flac-devel-1.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flac" release="6.ule3" version="1.3.3">
+                         <filename>flac-1.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flac-help" release="6.ule3" version="1.3.3">
+                         <filename>flac-help-1.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xmms-flac" release="6.ule3" version="1.3.3">
+                         <filename>xmms-flac-1.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flac-debugsource" release="6.ule3" version="1.3.3">
+                         <filename>flac-debugsource-1.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flac-debuginfo" release="6.ule3" version="1.3.3">
+                         <filename>flac-debuginfo-1.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1698</id>
+          <title>An update for webkit2gtk3 is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30294" id="CVE-2022-30294" title="CVE-2022-30294" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30293" id="CVE-2022-30293" title="CVE-2022-30293" type="cve"></reference>
+          </references>
+          <description>In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-free in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.(CVE-2022-30294)In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.(CVE-2022-30293)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="webkit2gtk3" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-2.32.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="webkit2gtk3-devel" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-devel-2.32.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="webkit2gtk3-jsc" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-jsc-2.32.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="webkit2gtk3-debuginfo" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-debuginfo-2.32.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="webkit2gtk3-debugsource" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-debugsource-2.32.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="webkit2gtk3-jsc-devel" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-jsc-devel-2.32.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="webkit2gtk3-help" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-help-2.32.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3-jsc-devel" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-jsc-devel-2.32.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3-debugsource" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-debugsource-2.32.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-2.32.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3-jsc" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-jsc-2.32.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3-devel" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-devel-2.32.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3-debuginfo" release="3.ule3" version="2.32.1">
+                         <filename>webkit2gtk3-debuginfo-2.32.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1699</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1796" id="CVE-2022-1796" title="CVE-2022-1796" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1785" id="CVE-2022-1785" title="CVE-2022-1785" type="cve"></reference>
+          </references>
+          <description>Use After Free in GitHub repository vim/vim prior to 8.2.4979.(CVE-2022-1796)Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.(CVE-2022-1785)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="37.ule3" version="8.2">
+                         <filename>vim-X11-8.2-37.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="37.ule3" version="8.2">
+                         <filename>vim-common-8.2-37.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="37.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-37.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="37.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-37.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="37.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-37.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="37.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-37.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="37.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-37.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="37.ule3" version="8.2">
+                         <filename>vim-X11-8.2-37.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="37.ule3" version="8.2">
+                         <filename>vim-common-8.2-37.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="37.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-37.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="37.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-37.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="37.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-37.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="37.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-37.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1700</id>
+          <title>An update for ruby is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28739" id="CVE-2022-28739" title="CVE-2022-28739" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28738" id="CVE-2022-28738" title="CVE-2022-28738" type="cve"></reference>
+          </references>
+          <description>There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.(CVE-2022-28739)A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.(CVE-2022-28738)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ruby-debugsource" release="124.ule3" version="3.0.3">
+                         <filename>ruby-debugsource-3.0.3-124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-io-console" release="124.ule3" version="0.5.7">
+                         <filename>rubygem-io-console-0.5.7-124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby" release="124.ule3" version="3.0.3">
+                         <filename>ruby-3.0.3-124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-openssl" release="124.ule3" version="2.2.1">
+                         <filename>rubygem-openssl-2.2.1-124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-bigdecimal" release="124.ule3" version="3.0.0">
+                         <filename>rubygem-bigdecimal-3.0.0-124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-psych" release="124.ule3" version="3.3.2">
+                         <filename>rubygem-psych-3.3.2-124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-json" release="124.ule3" version="2.5.1">
+                         <filename>rubygem-json-2.5.1-124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-devel" release="124.ule3" version="3.0.3">
+                         <filename>ruby-devel-3.0.3-124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-debuginfo" release="124.ule3" version="3.0.3">
+                         <filename>ruby-debuginfo-3.0.3-124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rexml" release="124.ule3" version="3.2.5">
+                         <filename>rubygem-rexml-3.2.5-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-test-unit" release="124.ule3" version="3.3.7">
+                         <filename>rubygem-test-unit-3.3.7-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ruby-irb" release="124.ule3" version="3.0.3">
+                         <filename>ruby-irb-3.0.3-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-minitest" release="124.ule3" version="5.14.2">
+                         <filename>rubygem-minitest-5.14.2-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rdoc" release="124.ule3" version="6.3.3">
+                         <filename>rubygem-rdoc-6.3.3-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-bundler" release="124.ule3" version="2.2.32">
+                         <filename>rubygem-bundler-2.2.32-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-typeprof" release="124.ule3" version="0.15.2">
+                         <filename>rubygem-typeprof-0.15.2-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ruby-help" release="124.ule3" version="3.0.3">
+                         <filename>ruby-help-3.0.3-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rss" release="124.ule3" version="0.2.9">
+                         <filename>rubygem-rss-0.2.9-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-power_assert" release="124.ule3" version="1.2.0">
+                         <filename>rubygem-power_assert-1.2.0-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-did_you_mean" release="124.ule3" version="1.5.0">
+                         <filename>rubygem-did_you_mean-1.5.0-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygems-devel" release="124.ule3" version="3.2.32">
+                         <filename>rubygems-devel-3.2.32-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygems" release="124.ule3" version="3.2.32">
+                         <filename>rubygems-3.2.32-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rake" release="124.ule3" version="13.0.3">
+                         <filename>rubygem-rake-13.0.3-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rbs" release="124.ule3" version="1.4.0">
+                         <filename>rubygem-rbs-1.4.0-124.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-debugsource" release="124.ule3" version="3.0.3">
+                         <filename>ruby-debugsource-3.0.3-124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby" release="124.ule3" version="3.0.3">
+                         <filename>ruby-3.0.3-124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-devel" release="124.ule3" version="3.0.3">
+                         <filename>ruby-devel-3.0.3-124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-io-console" release="124.ule3" version="0.5.7">
+                         <filename>rubygem-io-console-0.5.7-124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-openssl" release="124.ule3" version="2.2.1">
+                         <filename>rubygem-openssl-2.2.1-124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-json" release="124.ule3" version="2.5.1">
+                         <filename>rubygem-json-2.5.1-124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-bigdecimal" release="124.ule3" version="3.0.0">
+                         <filename>rubygem-bigdecimal-3.0.0-124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-psych" release="124.ule3" version="3.3.2">
+                         <filename>rubygem-psych-3.3.2-124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-debuginfo" release="124.ule3" version="3.0.3">
+                         <filename>ruby-debuginfo-3.0.3-124.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1701</id>
+          <title>An update for speex is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-23903" id="CVE-2020-23903" title="CVE-2020-23903" type="cve"></reference>
+          </references>
+          <description>A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.(CVE-2020-23903)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="speex-debuginfo" release="6.ule3" version="1.2.0">
+                         <filename>speex-debuginfo-1.2.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="speex-devel" release="6.ule3" version="1.2.0">
+                         <filename>speex-devel-1.2.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="speex" release="6.ule3" version="1.2.0">
+                         <filename>speex-1.2.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="speex-debugsource" release="6.ule3" version="1.2.0">
+                         <filename>speex-debugsource-1.2.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="speex-help" release="6.ule3" version="1.2.0">
+                         <filename>speex-help-1.2.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="speex-debugsource" release="6.ule3" version="1.2.0">
+                         <filename>speex-debugsource-1.2.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="speex-debuginfo" release="6.ule3" version="1.2.0">
+                         <filename>speex-debuginfo-1.2.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="speex" release="6.ule3" version="1.2.0">
+                         <filename>speex-1.2.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="speex-devel" release="6.ule3" version="1.2.0">
+                         <filename>speex-devel-1.2.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1702</id>
+          <title>An update for openjdk-latest is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21449" id="CVE-2022-21449" title="CVE-2022-21449" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21476" id="CVE-2022-21476" title="CVE-2022-21476" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21443" id="CVE-2022-21443" title="CVE-2022-21443" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21426" id="CVE-2022-21426" title="CVE-2022-21426" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21496" id="CVE-2022-21496" title="CVE-2022-21496" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21434" id="CVE-2022-21434" title="CVE-2022-21434" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35567" id="CVE-2021-35567" title="CVE-2021-35567" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35586" id="CVE-2021-35586" title="CVE-2021-35586" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35559" id="CVE-2021-35559" title="CVE-2021-35559" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35564" id="CVE-2021-35564" title="CVE-2021-35564" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35603" id="CVE-2021-35603" title="CVE-2021-35603" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35561" id="CVE-2021-35561" title="CVE-2021-35561" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35578" id="CVE-2021-35578" title="CVE-2021-35578" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35556" id="CVE-2021-35556" title="CVE-2021-35556" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21299" id="CVE-2022-21299" title="CVE-2022-21299" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21365" id="CVE-2022-21365" title="CVE-2022-21365" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21341" id="CVE-2022-21341" title="CVE-2022-21341" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21366" id="CVE-2022-21366" title="CVE-2022-21366" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21360" id="CVE-2022-21360" title="CVE-2022-21360" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21340" id="CVE-2022-21340" title="CVE-2022-21340" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21305" id="CVE-2022-21305" title="CVE-2022-21305" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21296" id="CVE-2022-21296" title="CVE-2022-21296" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21294" id="CVE-2022-21294" title="CVE-2022-21294" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21293" id="CVE-2022-21293" title="CVE-2022-21293" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21291" id="CVE-2022-21291" title="CVE-2022-21291" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21283" id="CVE-2022-21283" title="CVE-2022-21283" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21282" id="CVE-2022-21282" title="CVE-2022-21282" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21277" id="CVE-2022-21277" title="CVE-2022-21277" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21248" id="CVE-2022-21248" title="CVE-2022-21248" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2163" id="CVE-2021-2163" title="CVE-2021-2163" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2161" id="CVE-2021-2161" title="CVE-2021-2161" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21449)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2022-21476)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21443)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21426)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21496)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21434)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).(CVE-2021-35567)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35586)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35559)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2021-35564)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-35603)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35561)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35578)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35556)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21299)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21365)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21341)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21366)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21360)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21340)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21305)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21296)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21294)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21293)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21291)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21283)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21282)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21277)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21248)Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).(CVE-2021-2163)Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2021-2161)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-javadoc-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-debugsource" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-debugsource-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-src" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-src-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-headless" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-headless-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-debuginfo" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-debuginfo-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-demo" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-demo-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-jmods" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-jmods-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-devel" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-devel-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc-zip" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-javadoc-zip-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-jmods" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-jmods-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-javadoc-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-src" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-src-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-demo" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-demo-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-debugsource" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-debugsource-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-devel" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-devel-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-headless" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-headless-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc-zip" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-javadoc-zip-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-debuginfo" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-debuginfo-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1703</id>
+          <title>An update for dpkg is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1664" id="CVE-2022-1664" title="CVE-2022-1664" type="cve"></reference>
+          </references>
+          <description>Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.(CVE-2022-1664)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="dpkg-debugsource" release="11.ule3" version="1.18.25">
+                         <filename>dpkg-debugsource-1.18.25-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpkg-help" release="11.ule3" version="1.18.25">
+                         <filename>dpkg-help-1.18.25-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpkg-debuginfo" release="11.ule3" version="1.18.25">
+                         <filename>dpkg-debuginfo-1.18.25-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpkg-devel" release="11.ule3" version="1.18.25">
+                         <filename>dpkg-devel-1.18.25-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpkg" release="11.ule3" version="1.18.25">
+                         <filename>dpkg-1.18.25-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="dpkg-perl" release="11.ule3" version="1.18.25">
+                         <filename>dpkg-perl-1.18.25-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpkg-help" release="11.ule3" version="1.18.25">
+                         <filename>dpkg-help-1.18.25-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpkg-debuginfo" release="11.ule3" version="1.18.25">
+                         <filename>dpkg-debuginfo-1.18.25-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpkg-devel" release="11.ule3" version="1.18.25">
+                         <filename>dpkg-devel-1.18.25-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpkg-debugsource" release="11.ule3" version="1.18.25">
+                         <filename>dpkg-debugsource-1.18.25-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpkg" release="11.ule3" version="1.18.25">
+                         <filename>dpkg-1.18.25-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1704</id>
+          <title>An update for runc is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29162" id="CVE-2022-29162" title="CVE-2022-29162" type="cve"></reference>
+          </references>
+          <description>runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container&#39;s bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.(CVE-2022-29162)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="docker-runc" release="301.ule3" version="1.0.0.rc3">
+                         <filename>docker-runc-1.0.0.rc3-301.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-runc" release="301.ule3" version="1.0.0.rc3">
+                         <filename>docker-runc-1.0.0.rc3-301.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1705</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1204" id="CVE-2022-1204" title="CVE-2022-1204" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30594" id="CVE-2022-30594" title="CVE-2022-30594" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1836" id="CVE-2022-1836" title="CVE-2022-1836" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1789" id="CVE-2022-1789" title="CVE-2022-1789" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33135" id="CVE-2021-33135" title="CVE-2021-33135" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1729" id="CVE-2022-1729" title="CVE-2022-1729" type="cve"></reference>
+          </references>
+          <description>There are use-after-free vulnerabilities in net/ax25/af_ax25.c of linux that allow attacker to crash linux kernel by simulating ax25 device from user space.(CVE-2022-1204)The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.(CVE-2022-30594)** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.(CVE-2022-1836)With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.(CVE-2022-1789)Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.(CVE-2021-33135)perf: Fix sys_perf_event_open() race against self(CVE-2022-1729)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="504" arch="aarch64" name="python3-perf-debuginfo" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.37.0.66.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.37.0.66.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.37.0.66.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1706</id>
+          <title>An update for libpq is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3677" id="CVE-2021-3677" title="CVE-2021-3677" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23222" id="CVE-2021-23222" title="CVE-2021-23222" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-32028" id="CVE-2021-32028" title="CVE-2021-32028" type="cve"></reference>
+          </references>
+          <description>A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.(CVE-2021-3677)A man-in-the-middle attacker can inject false responses to the client s first few queries, despite the use of SSL certificate verification and encryption.(CVE-2021-23222)A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.(CVE-2021-32028)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libpq" release="1.ule3" version="11.16">
+                         <filename>libpq-11.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libpq-debuginfo" release="1.ule3" version="11.16">
+                         <filename>libpq-debuginfo-11.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libpq-devel" release="1.ule3" version="11.16">
+                         <filename>libpq-devel-11.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libpq-debugsource" release="1.ule3" version="11.16">
+                         <filename>libpq-debugsource-11.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq" release="1.ule3" version="11.16">
+                         <filename>libpq-11.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq-debuginfo" release="1.ule3" version="11.16">
+                         <filename>libpq-debuginfo-11.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq-debugsource" release="1.ule3" version="11.16">
+                         <filename>libpq-debugsource-11.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq-devel" release="1.ule3" version="11.16">
+                         <filename>libpq-devel-11.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1707</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1886" id="CVE-2022-1886" title="CVE-2022-1886" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1927" id="CVE-2022-1927" title="CVE-2022-1927" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.(CVE-2022-1886)Buffer Over-read in GitHub repository vim/vim prior to 8.2.(CVE-2022-1927)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="40.ule3" version="8.2">
+                         <filename>vim-X11-8.2-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="40.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="40.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="40.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="40.ule3" version="8.2">
+                         <filename>vim-common-8.2-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="40.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="40.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-40.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="40.ule3" version="8.2">
+                         <filename>vim-common-8.2-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="40.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="40.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="40.ule3" version="8.2">
+                         <filename>vim-X11-8.2-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="40.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="40.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-40.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1708</id>
+          <title>An update for cups is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26691" id="CVE-2022-26691" title="CVE-2022-26691" type="cve"></reference>
+          </references>
+          <description>A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.(CVE-2022-26691)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="cups-client" release="3.ule3" version="2.4.0">
+                         <filename>cups-client-2.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-lpd" release="3.ule3" version="2.4.0">
+                         <filename>cups-lpd-2.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-printerapp" release="3.ule3" version="2.4.0">
+                         <filename>cups-printerapp-2.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-debuginfo" release="3.ule3" version="2.4.0">
+                         <filename>cups-debuginfo-2.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-debugsource" release="3.ule3" version="2.4.0">
+                         <filename>cups-debugsource-2.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-devel" release="3.ule3" version="2.4.0">
+                         <filename>cups-devel-2.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-libs" release="3.ule3" version="2.4.0">
+                         <filename>cups-libs-2.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups" release="3.ule3" version="2.4.0">
+                         <filename>cups-2.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-ipptool" release="3.ule3" version="2.4.0">
+                         <filename>cups-ipptool-2.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="cups-filesystem" release="3.ule3" version="2.4.0">
+                         <filename>cups-filesystem-2.4.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="cups-help" release="3.ule3" version="2.4.0">
+                         <filename>cups-help-2.4.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-devel" release="3.ule3" version="2.4.0">
+                         <filename>cups-devel-2.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-debugsource" release="3.ule3" version="2.4.0">
+                         <filename>cups-debugsource-2.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-lpd" release="3.ule3" version="2.4.0">
+                         <filename>cups-lpd-2.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-libs" release="3.ule3" version="2.4.0">
+                         <filename>cups-libs-2.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-client" release="3.ule3" version="2.4.0">
+                         <filename>cups-client-2.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups" release="3.ule3" version="2.4.0">
+                         <filename>cups-2.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-debuginfo" release="3.ule3" version="2.4.0">
+                         <filename>cups-debuginfo-2.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-ipptool" release="3.ule3" version="2.4.0">
+                         <filename>cups-ipptool-2.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-printerapp" release="3.ule3" version="2.4.0">
+                         <filename>cups-printerapp-2.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1709</id>
+          <title>An update for libinput is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1215" id="CVE-2022-1215" title="CVE-2022-1215" type="cve"></reference>
+          </references>
+          <description>A format string vulnerability was found in libinput(CVE-2022-1215)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libinput-utils" release="2.ule3" version="1.19.2">
+                         <filename>libinput-utils-1.19.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libinput-debuginfo" release="2.ule3" version="1.19.2">
+                         <filename>libinput-debuginfo-1.19.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libinput-devel" release="2.ule3" version="1.19.2">
+                         <filename>libinput-devel-1.19.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libinput" release="2.ule3" version="1.19.2">
+                         <filename>libinput-1.19.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libinput-debugsource" release="2.ule3" version="1.19.2">
+                         <filename>libinput-debugsource-1.19.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libinput-help" release="2.ule3" version="1.19.2">
+                         <filename>libinput-help-1.19.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libinput-utils" release="2.ule3" version="1.19.2">
+                         <filename>libinput-utils-1.19.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libinput-debuginfo" release="2.ule3" version="1.19.2">
+                         <filename>libinput-debuginfo-1.19.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libinput-devel" release="2.ule3" version="1.19.2">
+                         <filename>libinput-devel-1.19.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libinput" release="2.ule3" version="1.19.2">
+                         <filename>libinput-1.19.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libinput-debugsource" release="2.ule3" version="1.19.2">
+                         <filename>libinput-debugsource-1.19.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libinput-help" release="2.ule3" version="1.19.2">
+                         <filename>libinput-help-1.19.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1710</id>
+          <title>An update for python-jwt is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29217" id="CVE-2022-29217" title="CVE-2022-29217" type="cve"></reference>
+          </references>
+          <description>PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.(CVE-2022-29217)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-jwt" release="3.ule3" version="2.3.0">
+                         <filename>python3-jwt-2.3.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-jwt-help" release="3.ule3" version="2.3.0">
+                         <filename>python-jwt-help-2.3.0-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1711</id>
+          <title>An update for grafana is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29170" id="CVE-2022-29170" title="CVE-2022-29170" type="cve"></reference>
+          </references>
+          <description>Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known workarounds.(CVE-2022-29170)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="grafana-debuginfo" release="2.ule3" version="7.5.15">
+                         <filename>grafana-debuginfo-7.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="grafana" release="2.ule3" version="7.5.15">
+                         <filename>grafana-7.5.15-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grafana" release="2.ule3" version="7.5.15">
+                         <filename>grafana-7.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grafana-debuginfo" release="2.ule3" version="7.5.15">
+                         <filename>grafana-debuginfo-7.5.15-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1712</id>
+          <title>An update for python-bottle is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31799" id="CVE-2022-31799" title="CVE-2022-31799" type="cve"></reference>
+          </references>
+          <description>Bottle before 0.12.20 mishandles errors during early request binding.(CVE-2022-31799)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-bottle" release="10.ule3" version="0.12.13">
+                         <filename>python3-bottle-0.12.13-10.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1713</id>
+          <title>An update for dpdk is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0669" id="CVE-2022-0669" title="CVE-2022-0669" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3839" id="CVE-2021-3839" title="CVE-2021-3839" type="cve"></reference>
+          </references>
+          <description>It’s an issue in the handling of vhost-user inflight type messages. A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS.(CVE-2022-0669)In DPDK Vhost communication, we didn’t test if msg-&gt;payload.inflight.num_queues is out of bounds in function ‘vhost_user_set_inflight_fd()’, and could cause the program to write OOB.(CVE-2021-3839)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="dpdk" release="11.ule3" version="21.11">
+                         <filename>dpdk-21.11-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk-tools" release="11.ule3" version="21.11">
+                         <filename>dpdk-tools-21.11-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk-devel" release="11.ule3" version="21.11">
+                         <filename>dpdk-devel-21.11-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk-debuginfo" release="11.ule3" version="21.11">
+                         <filename>dpdk-debuginfo-21.11-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk-debugsource" release="11.ule3" version="21.11">
+                         <filename>dpdk-debugsource-21.11-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="dpdk-doc" release="11.ule3" version="21.11">
+                         <filename>dpdk-doc-21.11-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-tools" release="11.ule3" version="21.11">
+                         <filename>dpdk-tools-21.11-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-devel" release="11.ule3" version="21.11">
+                         <filename>dpdk-devel-21.11-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-debugsource" release="11.ule3" version="21.11">
+                         <filename>dpdk-debugsource-21.11-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-debuginfo" release="11.ule3" version="21.11">
+                         <filename>dpdk-debuginfo-21.11-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk" release="11.ule3" version="21.11">
+                         <filename>dpdk-21.11-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1714</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1972" id="CVE-2022-1972" title="CVE-2022-1972" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1974" id="CVE-2022-1974" title="CVE-2022-1974" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1786" id="CVE-2022-1786" title="CVE-2022-1786" type="cve"></reference>
+          </references>
+          <description>An out-of-bound write vulnerability was identified within the netfilter subsystem which can be exploited to achieve privilege escalation to root.(CVE-2022-1972)A use-after-free flaw was found in the Linux kernel&#39;s NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.(CVE-2022-1974)A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.(CVE-2022-1786)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="perf" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.38.0.67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.38.0.67.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.38.0.67.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1716</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3507" id="CVE-2021-3507" title="CVE-2021-3507" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3611" id="CVE-2021-3611" title="CVE-2021-3611" type="cve"></reference>
+          </references>
+          <description>A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.(CVE-2021-3507)A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.(CVE-2021-3611)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="qemu-system-x86_64" release="39.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-curl" release="39.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-img" release="39.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-guest-agent" release="39.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debugsource" release="39.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu" release="39.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debuginfo" release="39.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-hw-usb-host" release="39.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-ssh" release="39.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-rbd" release="39.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-iscsi" release="39.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-aarch64" release="39.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-arm" release="39.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-39.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="qemu-help" release="39.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-39.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-aarch64" release="39.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-hw-usb-host" release="39.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-rbd" release="39.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debugsource" release="39.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-curl" release="39.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-seabios" release="39.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-ssh" release="39.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-x86_64" release="39.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-iscsi" release="39.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu" release="39.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-img" release="39.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-arm" release="39.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-guest-agent" release="39.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debuginfo" release="39.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-39.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1717</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1851" id="CVE-2022-1851" title="CVE-2022-1851" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1898" id="CVE-2022-1898" title="CVE-2022-1898" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1942" id="CVE-2022-1942" title="CVE-2022-1942" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1897" id="CVE-2022-1897" title="CVE-2022-1897" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1968" id="CVE-2022-1968" title="CVE-2022-1968" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1771" id="CVE-2022-1771" title="CVE-2022-1771" type="cve"></reference>
+          </references>
+          <description>Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.(CVE-2022-1851)Use After Free in GitHub repository vim/vim prior to 8.2.(CVE-2022-1898)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.(CVE-2022-1942)Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.(CVE-2022-1897)Use After Free in GitHub repository vim/vim prior to 8.2.(CVE-2022-1968)Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.(CVE-2022-1771)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="43.ule3" version="8.2">
+                         <filename>vim-common-8.2-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="43.ule3" version="8.2">
+                         <filename>vim-X11-8.2-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="43.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="43.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="43.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="43.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="43.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-43.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="43.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="43.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="43.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="43.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="43.ule3" version="8.2">
+                         <filename>vim-X11-8.2-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="43.ule3" version="8.2">
+                         <filename>vim-common-8.2-43.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1718</id>
+          <title>An update for httpd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26377" id="CVE-2022-26377" title="CVE-2022-26377" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28614" id="CVE-2022-28614" title="CVE-2022-28614" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28615" id="CVE-2022-28615" title="CVE-2022-28615" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29404" id="CVE-2022-29404" title="CVE-2022-29404" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30556" id="CVE-2022-30556" title="CVE-2022-30556" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31813" id="CVE-2022-31813" title="CVE-2022-31813" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30522" id="CVE-2022-30522" title="CVE-2022-30522" type="cve"></reference>
+          </references>
+          <description>Inconsistent Interpretation of HTTP Requests (&#39;HTTP Request Smuggling&#39;) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.(CVE-2022-26377)The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the &#39;ap_rputs&#39; function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.(CVE-2022-28614)Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.(CVE-2022-28615)In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.(CVE-2022-29404)Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.(CVE-2022-30556)Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.(CVE-2022-31813)If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.(CVE-2022-30522)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="httpd-debuginfo" release="8.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_ldap" release="8.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-devel" release="8.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-debugsource" release="8.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mod_ssl" release="8.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_session" release="8.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mod_proxy_html" release="8.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_md" release="8.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-tools" release="8.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd" release="8.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-filesystem" release="8.ule3" version="2.4.51">
+                         <filename>httpd-filesystem-2.4.51-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-help" release="8.ule3" version="2.4.51">
+                         <filename>httpd-help-2.4.51-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_md" release="8.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_ldap" release="8.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_session" release="8.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_ssl" release="8.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_proxy_html" release="8.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debuginfo" release="8.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-tools" release="8.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-devel" release="8.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debugsource" release="8.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd" release="8.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1719</id>
+          <title>An update for e2fsprogs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1304" id="CVE-2022-1304" title="CVE-2022-1304" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.(CVE-2022-1304)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="e2fsprogs-debugsource" release="10.ule3" version="1.46.4">
+                         <filename>e2fsprogs-debugsource-1.46.4-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="e2fsprogs-debuginfo" release="10.ule3" version="1.46.4">
+                         <filename>e2fsprogs-debuginfo-1.46.4-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="e2fsprogs" release="10.ule3" version="1.46.4">
+                         <filename>e2fsprogs-1.46.4-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="e2fsprogs-devel" release="10.ule3" version="1.46.4">
+                         <filename>e2fsprogs-devel-1.46.4-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="e2fsprogs-help" release="10.ule3" version="1.46.4">
+                         <filename>e2fsprogs-help-1.46.4-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="e2fsprogs" release="10.ule3" version="1.46.4">
+                         <filename>e2fsprogs-1.46.4-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="e2fsprogs-debuginfo" release="10.ule3" version="1.46.4">
+                         <filename>e2fsprogs-debuginfo-1.46.4-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="e2fsprogs-devel" release="10.ule3" version="1.46.4">
+                         <filename>e2fsprogs-devel-1.46.4-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="e2fsprogs-debugsource" release="10.ule3" version="1.46.4">
+                         <filename>e2fsprogs-debugsource-1.46.4-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1720</id>
+          <title>An update for tcl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35331" id="CVE-2021-35331" title="CVE-2021-35331" type="cve"></reference>
+          </references>
+          <description>** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.(CVE-2021-35331)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="tcl-debugsource" release="4.ule3" version="8.6.10">
+                         <filename>tcl-debugsource-8.6.10-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="tcl" release="4.ule3" version="8.6.10">
+                         <filename>tcl-8.6.10-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="tcl-devel" release="4.ule3" version="8.6.10">
+                         <filename>tcl-devel-8.6.10-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="tcl-debuginfo" release="4.ule3" version="8.6.10">
+                         <filename>tcl-debuginfo-8.6.10-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tcl-help" release="4.ule3" version="8.6.10">
+                         <filename>tcl-help-8.6.10-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="tcl-debugsource" release="4.ule3" version="8.6.10">
+                         <filename>tcl-debugsource-8.6.10-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="tcl" release="4.ule3" version="8.6.10">
+                         <filename>tcl-8.6.10-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="tcl-devel" release="4.ule3" version="8.6.10">
+                         <filename>tcl-devel-8.6.10-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="tcl-debuginfo" release="4.ule3" version="8.6.10">
+                         <filename>tcl-debuginfo-8.6.10-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1721</id>
+          <title>An update for php is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31626" id="CVE-2022-31626" title="CVE-2022-31626" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31625" id="CVE-2022-31625" title="CVE-2022-31625" type="cve"></reference>
+          </references>
+          <description>In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.(CVE-2022-31626)In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.(CVE-2022-31625)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="php-soap" release="10.ule3" version="8.0.0">
+                         <filename>php-soap-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-pdo" release="10.ule3" version="8.0.0">
+                         <filename>php-pdo-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-dbg" release="10.ule3" version="8.0.0">
+                         <filename>php-dbg-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-intl" release="10.ule3" version="8.0.0">
+                         <filename>php-intl-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-bcmath" release="10.ule3" version="8.0.0">
+                         <filename>php-bcmath-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-devel" release="10.ule3" version="8.0.0">
+                         <filename>php-devel-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-common" release="10.ule3" version="8.0.0">
+                         <filename>php-common-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-enchant" release="10.ule3" version="8.0.0">
+                         <filename>php-enchant-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-dba" release="10.ule3" version="8.0.0">
+                         <filename>php-dba-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php" release="10.ule3" version="8.0.0">
+                         <filename>php-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-debuginfo" release="10.ule3" version="8.0.0">
+                         <filename>php-debuginfo-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-gmp" release="10.ule3" version="8.0.0">
+                         <filename>php-gmp-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-process" release="10.ule3" version="8.0.0">
+                         <filename>php-process-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-embedded" release="10.ule3" version="8.0.0">
+                         <filename>php-embedded-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-opcache" release="10.ule3" version="8.0.0">
+                         <filename>php-opcache-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-mysqlnd" release="10.ule3" version="8.0.0">
+                         <filename>php-mysqlnd-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-mbstring" release="10.ule3" version="8.0.0">
+                         <filename>php-mbstring-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-help" release="10.ule3" version="8.0.0">
+                         <filename>php-help-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-xml" release="10.ule3" version="8.0.0">
+                         <filename>php-xml-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-cli" release="10.ule3" version="8.0.0">
+                         <filename>php-cli-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-tidy" release="10.ule3" version="8.0.0">
+                         <filename>php-tidy-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-pgsql" release="10.ule3" version="8.0.0">
+                         <filename>php-pgsql-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-fpm" release="10.ule3" version="8.0.0">
+                         <filename>php-fpm-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-ffi" release="10.ule3" version="8.0.0">
+                         <filename>php-ffi-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-gd" release="10.ule3" version="8.0.0">
+                         <filename>php-gd-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-snmp" release="10.ule3" version="8.0.0">
+                         <filename>php-snmp-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-debugsource" release="10.ule3" version="8.0.0">
+                         <filename>php-debugsource-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-odbc" release="10.ule3" version="8.0.0">
+                         <filename>php-odbc-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-ldap" release="10.ule3" version="8.0.0">
+                         <filename>php-ldap-8.0.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-dbg" release="10.ule3" version="8.0.0">
+                         <filename>php-dbg-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-debuginfo" release="10.ule3" version="8.0.0">
+                         <filename>php-debuginfo-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-snmp" release="10.ule3" version="8.0.0">
+                         <filename>php-snmp-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-gd" release="10.ule3" version="8.0.0">
+                         <filename>php-gd-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php" release="10.ule3" version="8.0.0">
+                         <filename>php-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-fpm" release="10.ule3" version="8.0.0">
+                         <filename>php-fpm-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-intl" release="10.ule3" version="8.0.0">
+                         <filename>php-intl-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-ldap" release="10.ule3" version="8.0.0">
+                         <filename>php-ldap-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-xml" release="10.ule3" version="8.0.0">
+                         <filename>php-xml-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-ffi" release="10.ule3" version="8.0.0">
+                         <filename>php-ffi-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-odbc" release="10.ule3" version="8.0.0">
+                         <filename>php-odbc-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-dba" release="10.ule3" version="8.0.0">
+                         <filename>php-dba-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-debugsource" release="10.ule3" version="8.0.0">
+                         <filename>php-debugsource-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-mysqlnd" release="10.ule3" version="8.0.0">
+                         <filename>php-mysqlnd-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-tidy" release="10.ule3" version="8.0.0">
+                         <filename>php-tidy-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-mbstring" release="10.ule3" version="8.0.0">
+                         <filename>php-mbstring-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-process" release="10.ule3" version="8.0.0">
+                         <filename>php-process-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-common" release="10.ule3" version="8.0.0">
+                         <filename>php-common-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-help" release="10.ule3" version="8.0.0">
+                         <filename>php-help-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-soap" release="10.ule3" version="8.0.0">
+                         <filename>php-soap-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-embedded" release="10.ule3" version="8.0.0">
+                         <filename>php-embedded-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-cli" release="10.ule3" version="8.0.0">
+                         <filename>php-cli-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-gmp" release="10.ule3" version="8.0.0">
+                         <filename>php-gmp-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-pdo" release="10.ule3" version="8.0.0">
+                         <filename>php-pdo-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-bcmath" release="10.ule3" version="8.0.0">
+                         <filename>php-bcmath-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-enchant" release="10.ule3" version="8.0.0">
+                         <filename>php-enchant-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-opcache" release="10.ule3" version="8.0.0">
+                         <filename>php-opcache-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-pgsql" release="10.ule3" version="8.0.0">
+                         <filename>php-pgsql-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-devel" release="10.ule3" version="8.0.0">
+                         <filename>php-devel-8.0.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1722</id>
+          <title>An update for libvirt is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0897" id="CVE-2022-0897" title="CVE-2022-0897" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver-&gt;nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver-&gt;nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).(CVE-2022-0897)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-gluster" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-gluster-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-wireshark" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-wireshark-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-iscsi" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-disk" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-disk-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-bash-completion" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-bash-completion-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-nwfilter" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nwfilter-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-debuginfo" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-debuginfo-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-nodedev" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nodedev-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-kvm" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-kvm-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-iscsi-direct" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-direct-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-libs" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-libs-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-client" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-client-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-core" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-core-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-rbd" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-rbd-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-nss" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-nss-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-debugsource" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-debugsource-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-admin" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-admin-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-config-nwfilter" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-nwfilter-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-docs" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-docs-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-lock-sanlock" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-lock-sanlock-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-secret" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-secret-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-config-network" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-network-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-interface" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-interface-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-qemu" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-qemu-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-qemu" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-qemu-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-logical" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-logical-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-scsi" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-scsi-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-devel" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-devel-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-network" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-network-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-mpath" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-mpath-6.2.0-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-nss" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-nss-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-qemu" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-qemu-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-bash-completion" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-bash-completion-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-mpath" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-mpath-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-libs" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-libs-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-admin" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-admin-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-devel" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-devel-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-config-nwfilter" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-nwfilter-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-disk" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-disk-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-lock-sanlock" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-lock-sanlock-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-iscsi" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-secret" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-secret-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-config-network" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-network-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-core" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-core-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-docs" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-docs-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-network" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-network-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-scsi" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-scsi-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-logical" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-logical-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-iscsi-direct" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-direct-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-debugsource" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-debugsource-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-client" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-client-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-wireshark" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-wireshark-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-gluster" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-gluster-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-nodedev" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nodedev-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-debuginfo" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-debuginfo-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-qemu" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-qemu-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-interface" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-interface-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-kvm" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-kvm-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-rbd" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-rbd-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-nwfilter" release="40.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nwfilter-6.2.0-40.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1723</id>
+          <title>An update for giflib is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28506" id="CVE-2022-28506" title="CVE-2022-28506" type="cve"></reference>
+          </references>
+          <description>There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.(CVE-2022-28506)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="giflib-devel" release="4.ule3" version="5.2.1">
+                         <filename>giflib-devel-5.2.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="giflib-utils" release="4.ule3" version="5.2.1">
+                         <filename>giflib-utils-5.2.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="giflib" release="4.ule3" version="5.2.1">
+                         <filename>giflib-5.2.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="giflib-help" release="4.ule3" version="5.2.1">
+                         <filename>giflib-help-5.2.1-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="giflib-devel" release="4.ule3" version="5.2.1">
+                         <filename>giflib-devel-5.2.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="giflib-utils" release="4.ule3" version="5.2.1">
+                         <filename>giflib-utils-5.2.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="giflib" release="4.ule3" version="5.2.1">
+                         <filename>giflib-5.2.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1724</id>
+          <title>An update for logrotate is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1348" id="CVE-2022-1348" title="CVE-2022-1348" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.(CVE-2022-1348)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="logrotate-debuginfo" release="1.ule3" version="3.20.1">
+                         <filename>logrotate-debuginfo-3.20.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="logrotate" release="1.ule3" version="3.20.1">
+                         <filename>logrotate-3.20.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="logrotate-debugsource" release="1.ule3" version="3.20.1">
+                         <filename>logrotate-debugsource-3.20.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="logrotate-help" release="1.ule3" version="3.20.1">
+                         <filename>logrotate-help-3.20.1-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="logrotate-debugsource" release="1.ule3" version="3.20.1">
+                         <filename>logrotate-debugsource-3.20.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="logrotate-debuginfo" release="1.ule3" version="3.20.1">
+                         <filename>logrotate-debuginfo-3.20.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="logrotate" release="1.ule3" version="3.20.1">
+                         <filename>logrotate-3.20.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1725</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20132" id="CVE-2022-20132" title="CVE-2022-20132" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20154" id="CVE-2022-20154" title="CVE-2022-20154" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1966" id="CVE-2022-1966" title="CVE-2022-1966" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32296" id="CVE-2022-32296" title="CVE-2022-32296" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32981" id="CVE-2022-32981" title="CVE-2022-32981" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32250" id="CVE-2022-32250" title="CVE-2022-32250" type="cve"></reference>
+          </references>
+          <description>In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel(CVE-2022-20132)In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel(CVE-2022-20154)A use-after-free vulnerability was found in the Linux kernel s Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.(CVE-2022-1966)The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.(CVE-2022-32296)An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.(CVE-2022-32250)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1726</id>
+          <title>An update for docker is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24769" id="CVE-2022-24769" title="CVE-2022-24769" type="cve"></reference>
+          </references>
+          <description>Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container&#39;s bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container&#39;s bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.(CVE-2022-24769)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="docker-engine" release="301.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-301.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="docker-engine-debuginfo" release="301.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-301.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="docker-engine-debugsource" release="301.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-301.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-engine-debuginfo" release="301.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-301.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-engine-debugsource" release="301.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-301.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-engine" release="301.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-301.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1727</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1048" id="CVE-2022-1048" title="CVE-2022-1048" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1158" id="CVE-2022-1158" title="CVE-2022-1158" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21499" id="CVE-2022-21499" title="CVE-2022-21499" type="cve"></reference>
+          </references>
+          <description>A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-1048)The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various    security and bugfixes.(CVE-2022-1158)KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21499)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-source" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.40.0.69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.40.0.69.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.40.0.69.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1728</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1623" id="CVE-2022-1623" title="CVE-2022-1623" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1622" id="CVE-2022-1622" title="CVE-2022-1622" type="cve"></reference>
+          </references>
+          <description>LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.(CVE-2022-1623)LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.(CVE-2022-1622)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-static" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="15.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1729</id>
+          <title>An update for rubygem-rack is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30122" id="CVE-2022-30122" title="CVE-2022-30122" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30123" id="CVE-2022-30123" title="CVE-2022-30123" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-8184" id="CVE-2020-8184" title="CVE-2020-8184" type="cve"></reference>
+          </references>
+          <description>Denial of Service Vulnerability in Rack Multipart Parsing(CVE-2022-30122)Possible shell escape sequence injection vulnerability in Rack(CVE-2022-30123)A reliance on cookies without validation/integrity check security vulnerability exists in rack &lt; 2.2.3, rack &lt; 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.(CVE-2020-8184)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="rubygem-rack-help" release="1.ule3" version="2.2.3.1">
+                         <filename>rubygem-rack-help-2.2.3.1-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="rubygem-rack" release="1.ule3" version="2.2.3.1">
+                         <filename>rubygem-rack-2.2.3.1-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1730</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-06-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1975" id="CVE-2022-1975" title="CVE-2022-1975" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20166" id="CVE-2022-20166" title="CVE-2022-20166" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1852" id="CVE-2022-1852" title="CVE-2022-1852" type="cve"></reference>
+          </references>
+          <description>NFC: netlink: fix sleep in atomic bug when firmware download timeout(CVE-2022-1975)In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel(CVE-2022-20166)A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.(CVE-2022-1852)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-source" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="perf" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.41.0.70.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.41.0.70.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.41.0.70.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1731</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2124" id="CVE-2022-2124" title="CVE-2022-2124" type="cve"></reference>
+          </references>
+          <description>Buffer Over-read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2124)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="45.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-45.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="45.ule3" version="8.2">
+                         <filename>vim-common-8.2-45.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="45.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-45.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="45.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-45.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="45.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-45.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="45.ule3" version="8.2">
+                         <filename>vim-X11-8.2-45.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="45.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-45.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="45.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-45.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="45.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-45.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="45.ule3" version="8.2">
+                         <filename>vim-X11-8.2-45.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="45.ule3" version="8.2">
+                         <filename>vim-common-8.2-45.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="45.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-45.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="45.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-45.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1732</id>
+          <title>An update for squid is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46784" id="CVE-2021-46784" title="CVE-2021-46784" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in squid. Due to improper buffer management Squid is vulnerable to a Denial of Service attack when processing Gopher server responses.(CVE-2021-46784)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="7" arch="aarch64" name="squid-debuginfo" release="14.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid" release="14.ule3" version="4.9">
+                         <filename>squid-4.9-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debugsource" release="14.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debuginfo" release="14.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid" release="14.ule3" version="4.9">
+                         <filename>squid-4.9-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debugsource" release="14.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1733</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3929" id="CVE-2021-3929" title="CVE-2021-3929" type="cve"></reference>
+          </references>
+          <description>A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.(CVE-2021-3929)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="qemu-system-x86_64" release="41.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-ssh" release="41.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu" release="41.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-aarch64" release="41.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debuginfo" release="41.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debugsource" release="41.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-arm" release="41.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-hw-usb-host" release="41.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-img" release="41.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-iscsi" release="41.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-riscv" release="41.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-curl" release="41.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-rbd" release="41.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-guest-agent" release="41.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="qemu-help" release="41.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-41.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-iscsi" release="41.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-curl" release="41.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-riscv" release="41.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-img" release="41.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-aarch64" release="41.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-ssh" release="41.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-hw-usb-host" release="41.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-guest-agent" release="41.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debuginfo" release="41.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-arm" release="41.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-rbd" release="41.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debugsource" release="41.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-seabios" release="41.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu" release="41.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-x86_64" release="41.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-41.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1734</id>
+          <title>An update for grub2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28734" id="CVE-2022-28734" title="CVE-2022-28734" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28736" id="CVE-2022-28736" title="CVE-2022-28736" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3697" id="CVE-2021-3697" title="CVE-2021-3697" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3696" id="CVE-2021-3696" title="CVE-2021-3696" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28733" id="CVE-2022-28733" title="CVE-2022-28733" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3695" id="CVE-2021-3695" title="CVE-2021-3695" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28735" id="CVE-2022-28735" title="CVE-2022-28735" type="cve"></reference>
+          </references>
+          <description>A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a malicious set of HTTP packages making grub2 corrupt its internal memory metadata structure. This leads to data integrity and confidentiality issues or forces grub to crash, resulting in a denial of service attack.(CVE-2022-28734)A use-after-free vulnerability was found on grub2&#39;s chainloader command. This flaw allows an attacker to gain access to restricted data or cause arbitrary code execution if they can establish control from grub&#39;s memory allocation pattern.(CVE-2022-28736)A flaw was found in grub2 when handling JPEG images. This flaw allows an attacker to craft a malicious JPEG image, which leads to an underflow on a grub2&#39;s internal pointer, leading to a heap-based out-of-bounds write. Secure-boot mechanisms circumvention and arbitrary code execution may also be achievable.(CVE-2021-3697)A flaw was found in grub2 when handling a PNG image header. When decoding the data contained in the Huffman table at the PNG file header, an out-of-bounds write may happen on grub&#39;s heap.(CVE-2021-3696)A flaw was found in grub2 when handling IPv4 packets. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution.(CVE-2022-28733)A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows an attacker to corrupt the data on the heap portion of the grub2&#39;s memory, leading to possible code execution and the circumvention of the secure boot mechanism.(CVE-2021-3695)A flaw was found in grub2. The shim_lock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed.(CVE-2022-28735)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="grub2-tools" release="10.ule3" version="2.06">
+                         <filename>grub2-tools-2.06-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-debugsource" release="10.ule3" version="2.06">
+                         <filename>grub2-debugsource-2.06-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-efi-aa64-cdboot" release="10.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-cdboot-2.06-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-efi-aa64" release="10.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-2.06-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-tools-minimal" release="10.ule3" version="2.06">
+                         <filename>grub2-tools-minimal-2.06-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-tools-extra" release="10.ule3" version="2.06">
+                         <filename>grub2-tools-extra-2.06-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-debuginfo" release="10.ule3" version="2.06">
+                         <filename>grub2-debuginfo-2.06-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-ia32-modules" release="10.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-modules-2.06-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-aa64-modules" release="10.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-modules-2.06-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-pc-modules" release="10.ule3" version="2.06">
+                         <filename>grub2-pc-modules-2.06-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-x64-modules" release="10.ule3" version="2.06">
+                         <filename>grub2-efi-x64-modules-2.06-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-help" release="10.ule3" version="2.06">
+                         <filename>grub2-help-2.06-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-common" release="10.ule3" version="2.06">
+                         <filename>grub2-common-2.06-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-pc" release="10.ule3" version="2.06">
+                         <filename>grub2-pc-2.06-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-efi" release="10.ule3" version="2.06">
+                         <filename>grub2-tools-efi-2.06-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-x64" release="10.ule3" version="2.06">
+                         <filename>grub2-efi-x64-2.06-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-ia32" release="10.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-2.06-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-x64-cdboot" release="10.ule3" version="2.06">
+                         <filename>grub2-efi-x64-cdboot-2.06-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-minimal" release="10.ule3" version="2.06">
+                         <filename>grub2-tools-minimal-2.06-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-ia32-cdboot" release="10.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-cdboot-2.06-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-extra" release="10.ule3" version="2.06">
+                         <filename>grub2-tools-extra-2.06-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-debugsource" release="10.ule3" version="2.06">
+                         <filename>grub2-debugsource-2.06-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools" release="10.ule3" version="2.06">
+                         <filename>grub2-tools-2.06-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-debuginfo" release="10.ule3" version="2.06">
+                         <filename>grub2-debuginfo-2.06-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1736</id>
+          <title>An update for gstreamer1-plugins-good is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1920" id="CVE-2022-1920" title="CVE-2022-1920" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2122" id="CVE-2022-2122" title="CVE-2022-2122" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1921" id="CVE-2022-1921" title="CVE-2022-1921" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1922" id="CVE-2022-1922" title="CVE-2022-1922" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1923" id="CVE-2022-1923" title="CVE-2022-1923" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1924" id="CVE-2022-1924" title="CVE-2022-1924" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1925" id="CVE-2022-1925" title="CVE-2022-1925" type="cve"></reference>
+          </references>
+          <description>Potential heap overwrite in the mkv demuxer when handling certain Matroska files in GStreamer versions before 1.20.3.(CVE-2022-1920)Potential heap overwrite in the qt demuxer when handling certain QuickTime/MP4 files in GStreamer versions before 1.20.3.(CVE-2022-2122)Heap-based buffer overflow in the avi demuxer when handling certain AVI files in GStreamer versions before 1.20.3.(CVE-2022-1921)Potential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3.(CVE-2022-1922)Potential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3.(CVE-2022-1923)Potential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3.(CVE-2022-1924)Potential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3.(CVE-2022-1925)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gstreamer1-plugins-good-debugsource" release="5.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-debugsource-1.16.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-good-debuginfo" release="5.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-debuginfo-1.16.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-good-gtk" release="5.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-gtk-1.16.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-good" release="5.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-1.16.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gstreamer1-plugins-good-help" release="5.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-help-1.16.2-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-good-debuginfo" release="5.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-debuginfo-1.16.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-good-debugsource" release="5.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-debugsource-1.16.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-good" release="5.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-1.16.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-good-gtk" release="5.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-gtk-1.16.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1737</id>
+          <title>An update for openssl is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2068" id="CVE-2022-2068" title="CVE-2022-2068" type="cve"></reference>
+          </references>
+          <description>In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).(CVE-2022-2068)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="openssl-libs" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debuginfo" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debugsource" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-devel" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-perl" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="openssl-help" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-help-1.1.1m-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-libs" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-devel" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-perl" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debuginfo" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debugsource" release="6.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1738</id>
+          <title>An update for libreswan is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23094" id="CVE-2022-23094" title="CVE-2022-23094" type="cve"></reference>
+          </references>
+          <description>Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.(CVE-2022-23094)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libreswan" release="2.ule3" version="4.5">
+                         <filename>libreswan-4.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan-debugsource" release="2.ule3" version="4.5">
+                         <filename>libreswan-debugsource-4.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan-help" release="2.ule3" version="4.5">
+                         <filename>libreswan-help-4.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan-debuginfo" release="2.ule3" version="4.5">
+                         <filename>libreswan-debuginfo-4.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-debugsource" release="2.ule3" version="4.5">
+                         <filename>libreswan-debugsource-4.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan" release="2.ule3" version="4.5">
+                         <filename>libreswan-4.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-debuginfo" release="2.ule3" version="4.5">
+                         <filename>libreswan-debuginfo-4.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-help" release="2.ule3" version="4.5">
+                         <filename>libreswan-help-4.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1739</id>
+          <title>An update for docker is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-41091" id="CVE-2021-41091" title="CVE-2021-41091" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-41089" id="CVE-2021-41089" title="CVE-2021-41089" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-41092" id="CVE-2021-41092" title="CVE-2021-41092" type="cve"></reference>
+          </references>
+          <description>Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.(CVE-2021-41091)Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.(CVE-2021-41089)Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.(CVE-2021-41092)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="docker-engine-debugsource" release="306.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-306.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="docker-engine" release="306.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-306.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="docker-engine-debuginfo" release="306.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-306.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-engine-debuginfo" release="306.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-306.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-engine" release="306.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-306.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-engine-debugsource" release="306.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-306.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1740</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2126" id="CVE-2022-2126" title="CVE-2022-2126" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2175" id="CVE-2022-2175" title="CVE-2022-2175" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2206" id="CVE-2022-2206" title="CVE-2022-2206" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2125" id="CVE-2022-2125" title="CVE-2022-2125" type="cve"></reference>
+          </references>
+          <description>Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2126)Buffer Over-read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2175)Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2206)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.(CVE-2022-2125)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="48.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="48.ule3" version="8.2">
+                         <filename>vim-X11-8.2-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="48.ule3" version="8.2">
+                         <filename>vim-common-8.2-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="48.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="48.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="48.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="48.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-48.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="48.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="48.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="48.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="48.ule3" version="8.2">
+                         <filename>vim-X11-8.2-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="48.ule3" version="8.2">
+                         <filename>vim-common-8.2-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="48.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-48.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1741</id>
+          <title>An update for swtpm is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-28407" id="CVE-2020-28407" title="CVE-2020-28407" type="cve"></reference>
+          </references>
+          <description>** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2020-28407)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="swtpm-tools" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-tools-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="swtpm-debugsource" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-debugsource-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="swtpm-devel" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-devel-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="swtpm" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="swtpm-libs" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-libs-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="swtpm-debuginfo" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-debuginfo-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm-devel" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-devel-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm-debugsource" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-debugsource-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm-debuginfo" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-debuginfo-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm-tools" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-tools-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm-libs" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-libs-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1742</id>
+          <title>An update for libarchive is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26280" id="CVE-2022-26280" title="CVE-2022-26280" type="cve"></reference>
+          </references>
+          <description>Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.(CVE-2022-26280)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bsdcat" release="4.ule3" version="3.5.2">
+                         <filename>bsdcat-3.5.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libarchive-debugsource" release="4.ule3" version="3.5.2">
+                         <filename>libarchive-debugsource-3.5.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bsdcpio" release="4.ule3" version="3.5.2">
+                         <filename>bsdcpio-3.5.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libarchive-devel" release="4.ule3" version="3.5.2">
+                         <filename>libarchive-devel-3.5.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libarchive" release="4.ule3" version="3.5.2">
+                         <filename>libarchive-3.5.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bsdtar" release="4.ule3" version="3.5.2">
+                         <filename>bsdtar-3.5.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libarchive-debuginfo" release="4.ule3" version="3.5.2">
+                         <filename>libarchive-debuginfo-3.5.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libarchive-help" release="4.ule3" version="3.5.2">
+                         <filename>libarchive-help-3.5.2-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libarchive-debugsource" release="4.ule3" version="3.5.2">
+                         <filename>libarchive-debugsource-3.5.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libarchive-debuginfo" release="4.ule3" version="3.5.2">
+                         <filename>libarchive-debuginfo-3.5.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bsdcpio" release="4.ule3" version="3.5.2">
+                         <filename>bsdcpio-3.5.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libarchive" release="4.ule3" version="3.5.2">
+                         <filename>libarchive-3.5.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bsdtar" release="4.ule3" version="3.5.2">
+                         <filename>bsdtar-3.5.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libarchive-devel" release="4.ule3" version="3.5.2">
+                         <filename>libarchive-devel-3.5.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bsdcat" release="4.ule3" version="3.5.2">
+                         <filename>bsdcat-3.5.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1743</id>
+          <title>An update for containerd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31030" id="CVE-2022-31030" title="CVE-2022-31030" type="cve"></reference>
+          </references>
+          <description>containerd is an open source container runtime. A bug was found in the containerd&#39;s CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd&#39;s CRI implementation; `ExecSync` may be used when running probes or when executing processes via an &#34;exec&#34; facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.(CVE-2022-31030)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="containerd" release="303.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-303.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="containerd" release="303.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-303.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1744</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32208" id="CVE-2022-32208" title="CVE-2022-32208" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32206" id="CVE-2022-32206" title="CVE-2022-32206" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32207" id="CVE-2022-32207" title="CVE-2022-32207" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32205" id="CVE-2022-32205" title="CVE-2022-32205" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client.(CVE-2022-32208)A vulnerability was found in curl. This issue occurs because the number of acceptable &#34;links&#34; in the &#34;decompression chain&#34; was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a malicious actor.(CVE-2022-32206)A vulnerability was found in curl. This issue occurs because when curl saves cookies, alt-svc, and HSTS data to local files, it makes the operation atomic by finalizing the process with a rename from a temporary name to the final target file name. This flaw leads to unpreserved file permissions, either by mistake or by a malicious actor.(CVE-2022-32207)A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of `Set-Cookie:` headers in an HTTP response to curl, which stores all of them. This flaw leads to a denial of service, either by mistake or by a malicious actor.(CVE-2022-32205)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="curl" release="7.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="7.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="7.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="7.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="7.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="7.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="7.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="7.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="7.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="7.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="7.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1746</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33981" id="CVE-2022-33981" title="CVE-2022-33981" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2078" id="CVE-2022-2078" title="CVE-2022-2078" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2153" id="CVE-2022-2153" title="CVE-2022-2153" type="cve"></reference>
+          </references>
+          <description>drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.(CVE-2022-33981)A vulnerability was found in the Linux kernel&#39;s nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.(CVE-2022-2078)No description is available for this CVE.(CVE-2022-2153)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.42.0.71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="504" arch="x86_64" name="kernel-devel" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.42.0.71.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.42.0.71.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1747</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1354" id="CVE-2022-1354" title="CVE-2022-1354" type="cve"></reference>
+          </references>
+          <description>No description is available for this CVE.(CVE-2022-1354)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="16.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1748</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33656" id="CVE-2021-33656" title="CVE-2021-33656" type="cve"></reference>
+          </references>
+          <description>Using the ioctl function to modify the vc_font.height value through PIO_FONT can cause the KASAN: vmalloc-out-of-bounds in sys_imageblit problem. Requires tty group permissions to access the device file /dev/tty1.(CVE-2021-33656)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-debugsource" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-tools-devel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1749</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1720" id="CVE-2022-1720" title="CVE-2022-1720" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2208" id="CVE-2022-2208" title="CVE-2022-2208" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2207" id="CVE-2022-2207" title="CVE-2022-2207" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2183" id="CVE-2022-2183" title="CVE-2022-2183" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2284" id="CVE-2022-2284" title="CVE-2022-2284" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2285" id="CVE-2022-2285" title="CVE-2022-2285" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2304" id="CVE-2022-2304" title="CVE-2022-2304" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2345" id="CVE-2022-2345" title="CVE-2022-2345" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2344" id="CVE-2022-2344" title="CVE-2022-2344" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2042" id="CVE-2022-2042" title="CVE-2022-2042" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2000" id="CVE-2022-2000" title="CVE-2022-2000" type="cve"></reference>
+          </references>
+          <description>Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.(CVE-2022-1720)NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.(CVE-2022-2208)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.(CVE-2022-2207)Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2183)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.(CVE-2022-2284)Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.(CVE-2022-2285)Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.(CVE-2022-2304)Use After Free in GitHub repository vim/vim prior to 9.0.0046.(CVE-2022-2345)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.(CVE-2022-2344)Use After Free in GitHub repository vim/vim prior to 8.2.(CVE-2022-2042)Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.(CVE-2022-2000)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="50.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-50.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="50.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-50.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="50.ule3" version="8.2">
+                         <filename>vim-X11-8.2-50.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="50.ule3" version="8.2">
+                         <filename>vim-common-8.2-50.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="50.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-50.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="50.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-50.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="50.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-50.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="50.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-50.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="50.ule3" version="8.2">
+                         <filename>vim-common-8.2-50.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="50.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-50.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="50.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-50.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="50.ule3" version="8.2">
+                         <filename>vim-X11-8.2-50.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="50.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-50.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1750</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21123" id="CVE-2022-21123" title="CVE-2022-21123" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21125" id="CVE-2022-21125" title="CVE-2022-21125" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21166" id="CVE-2022-21166" title="CVE-2022-21166" type="cve"></reference>
+          </references>
+          <description>Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2022-21123)Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2022-21125)Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2022-21166)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.43.0.72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="perf" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.43.0.72.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.43.0.72.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1751</id>
+          <title>An update for uboot-tools is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34835" id="CVE-2022-34835" title="CVE-2022-34835" type="cve"></reference>
+          </references>
+          <description>In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the &#34;i2c md&#34; command enables the corruption of the return address pointer of the do_i2c_md function.(CVE-2022-34835)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="uboot-tools" release="3.ule3" version="2021.10">
+                         <filename>uboot-tools-2021.10-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="uboot-images-elf" release="3.ule3" version="2021.10">
+                         <filename>uboot-images-elf-2021.10-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="uboot-tools-debugsource" release="3.ule3" version="2021.10">
+                         <filename>uboot-tools-debugsource-2021.10-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="uboot-tools-debuginfo" release="3.ule3" version="2021.10">
+                         <filename>uboot-tools-debuginfo-2021.10-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="uboot-images-armv8" release="3.ule3" version="2021.10">
+                         <filename>uboot-images-armv8-2021.10-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="uboot-tools-help" release="3.ule3" version="2021.10">
+                         <filename>uboot-tools-help-2021.10-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="uboot-tools-debuginfo" release="3.ule3" version="2021.10">
+                         <filename>uboot-tools-debuginfo-2021.10-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="uboot-tools" release="3.ule3" version="2021.10">
+                         <filename>uboot-tools-2021.10-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="uboot-tools-debugsource" release="3.ule3" version="2021.10">
+                         <filename>uboot-tools-debugsource-2021.10-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1752</id>
+          <title>An update for rubygem-yajl-ruby is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24795" id="CVE-2022-24795" title="CVE-2022-24795" type="cve"></reference>
+          </references>
+          <description>yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf-&gt;alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.(CVE-2022-24795)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="rubygem-yajl-ruby" release="1.ule3" version="1.4.3">
+                         <filename>rubygem-yajl-ruby-1.4.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-yajl-ruby-debuginfo" release="1.ule3" version="1.4.3">
+                         <filename>rubygem-yajl-ruby-debuginfo-1.4.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-yajl-ruby-debugsource" release="1.ule3" version="1.4.3">
+                         <filename>rubygem-yajl-ruby-debugsource-1.4.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-yajl-ruby-help" release="1.ule3" version="1.4.3">
+                         <filename>rubygem-yajl-ruby-help-1.4.3-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-yajl-ruby-debugsource" release="1.ule3" version="1.4.3">
+                         <filename>rubygem-yajl-ruby-debugsource-1.4.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-yajl-ruby" release="1.ule3" version="1.4.3">
+                         <filename>rubygem-yajl-ruby-1.4.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-yajl-ruby-debuginfo" release="1.ule3" version="1.4.3">
+                         <filename>rubygem-yajl-ruby-debuginfo-1.4.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1754</id>
+          <title>An update for ghostscript is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2085" id="CVE-2022-2085" title="CVE-2022-2085" type="cve"></reference>
+          </references>
+          <description>A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp &gt; 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.(CVE-2022-2085)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ghostscript" release="2.ule3" version="9.55.0">
+                         <filename>ghostscript-9.55.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript-tools-dvipdf" release="2.ule3" version="9.55.0">
+                         <filename>ghostscript-tools-dvipdf-9.55.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript-devel" release="2.ule3" version="9.55.0">
+                         <filename>ghostscript-devel-9.55.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript-debugsource" release="2.ule3" version="9.55.0">
+                         <filename>ghostscript-debugsource-9.55.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript-debuginfo" release="2.ule3" version="9.55.0">
+                         <filename>ghostscript-debuginfo-9.55.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ghostscript-help" release="2.ule3" version="9.55.0">
+                         <filename>ghostscript-help-9.55.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-tools-dvipdf" release="2.ule3" version="9.55.0">
+                         <filename>ghostscript-tools-dvipdf-9.55.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-devel" release="2.ule3" version="9.55.0">
+                         <filename>ghostscript-devel-9.55.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-debugsource" release="2.ule3" version="9.55.0">
+                         <filename>ghostscript-debugsource-9.55.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript" release="2.ule3" version="9.55.0">
+                         <filename>ghostscript-9.55.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-debuginfo" release="2.ule3" version="9.55.0">
+                         <filename>ghostscript-debuginfo-9.55.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1755</id>
+          <title>An update for nodejs-jsonpointer is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23807" id="CVE-2021-23807" title="CVE-2021-23807" type="cve"></reference>
+          </references>
+          <description>This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.(CVE-2021-23807)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-jsonpointer" release="1.ule3" version="5.0.0">
+                         <filename>nodejs-jsonpointer-5.0.0-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1758</id>
+          <title>An update for mod_fcgid is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2016-1000104" id="CVE-2016-1000104" title="CVE-2016-1000104" type="cve"></reference>
+          </references>
+          <description>A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.(CVE-2016-1000104)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mod_fcgid-debuginfo" release="21.ule3" version="2.3.9">
+                         <filename>mod_fcgid-debuginfo-2.3.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_fcgid-debugsource" release="21.ule3" version="2.3.9">
+                         <filename>mod_fcgid-debugsource-2.3.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_fcgid-help" release="21.ule3" version="2.3.9">
+                         <filename>mod_fcgid-help-2.3.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_fcgid" release="21.ule3" version="2.3.9">
+                         <filename>mod_fcgid-2.3.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_fcgid-debuginfo" release="21.ule3" version="2.3.9">
+                         <filename>mod_fcgid-debuginfo-2.3.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_fcgid-help" release="21.ule3" version="2.3.9">
+                         <filename>mod_fcgid-help-2.3.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_fcgid" release="21.ule3" version="2.3.9">
+                         <filename>mod_fcgid-2.3.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_fcgid-debugsource" release="21.ule3" version="2.3.9">
+                         <filename>mod_fcgid-debugsource-2.3.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1759</id>
+          <title>An update for eclipse is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-27225" id="CVE-2020-27225" title="CVE-2020-27225" type="cve"></reference>
+          </references>
+          <description>In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.(CVE-2020-27225)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="eclipse-debugsource" release="5.ule3" version="4.11">
+                         <filename>eclipse-debugsource-4.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="eclipse-platform" release="5.ule3" version="4.11">
+                         <filename>eclipse-platform-4.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="eclipse-equinox-osgi" release="5.ule3" version="4.11">
+                         <filename>eclipse-equinox-osgi-4.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="eclipse-swt" release="5.ule3" version="4.11">
+                         <filename>eclipse-swt-4.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="eclipse-tests" release="5.ule3" version="4.11">
+                         <filename>eclipse-tests-4.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="eclipse-debuginfo" release="5.ule3" version="4.11">
+                         <filename>eclipse-debuginfo-4.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="eclipse-pde" release="5.ule3" version="4.11">
+                         <filename>eclipse-pde-4.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="eclipse-contributor-tools" release="5.ule3" version="4.11">
+                         <filename>eclipse-contributor-tools-4.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="eclipse-p2-discovery" release="5.ule3" version="4.11">
+                         <filename>eclipse-p2-discovery-4.11-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="eclipse-jdt" release="5.ule3" version="4.11">
+                         <filename>eclipse-jdt-4.11-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="eclipse-swt" release="5.ule3" version="4.11">
+                         <filename>eclipse-swt-4.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="eclipse-debugsource" release="5.ule3" version="4.11">
+                         <filename>eclipse-debugsource-4.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="eclipse-pde" release="5.ule3" version="4.11">
+                         <filename>eclipse-pde-4.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="eclipse-debuginfo" release="5.ule3" version="4.11">
+                         <filename>eclipse-debuginfo-4.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="eclipse-contributor-tools" release="5.ule3" version="4.11">
+                         <filename>eclipse-contributor-tools-4.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="eclipse-equinox-osgi" release="5.ule3" version="4.11">
+                         <filename>eclipse-equinox-osgi-4.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="eclipse-platform" release="5.ule3" version="4.11">
+                         <filename>eclipse-platform-4.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="eclipse-tests" release="5.ule3" version="4.11">
+                         <filename>eclipse-tests-4.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1760</id>
+          <title>An update for GraphicsMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1270" id="CVE-2022-1270" title="CVE-2022-1270" type="cve"></reference>
+          </references>
+          <description>In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="GraphicsMagick-c++" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-c++-1.3.30-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick-debuginfo" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-debuginfo-1.3.30-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick-c++-devel" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-c++-devel-1.3.30-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-1.3.30-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick-devel" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-devel-1.3.30-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick-debugsource" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-debugsource-1.3.30-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick-perl" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-perl-1.3.30-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="GraphicsMagick-help" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-help-1.3.30-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-perl" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-perl-1.3.30-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-c++" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-c++-1.3.30-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-devel" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-devel-1.3.30-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-debuginfo" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-debuginfo-1.3.30-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-1.3.30-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-debugsource" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-debugsource-1.3.30-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-c++-devel" release="9.ule3" version="1.3.30">
+                         <filename>GraphicsMagick-c++-devel-1.3.30-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1761</id>
+          <title>An update for dnsmasq is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0934" id="CVE-2022-0934" title="CVE-2022-0934" type="cve"></reference>
+          </references>
+          <description>No description is available for this CVE.(CVE-2022-0934)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="dnsmasq-debuginfo" release="2.ule3" version="2.86">
+                         <filename>dnsmasq-debuginfo-2.86-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dnsmasq-debugsource" release="2.ule3" version="2.86">
+                         <filename>dnsmasq-debugsource-2.86-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dnsmasq-help" release="2.ule3" version="2.86">
+                         <filename>dnsmasq-help-2.86-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dnsmasq" release="2.ule3" version="2.86">
+                         <filename>dnsmasq-2.86-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dnsmasq-debuginfo" release="2.ule3" version="2.86">
+                         <filename>dnsmasq-debuginfo-2.86-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dnsmasq-debugsource" release="2.ule3" version="2.86">
+                         <filename>dnsmasq-debugsource-2.86-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dnsmasq-help" release="2.ule3" version="2.86">
+                         <filename>dnsmasq-help-2.86-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dnsmasq" release="2.ule3" version="2.86">
+                         <filename>dnsmasq-2.86-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1763</id>
+          <title>An update for bluez is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-41229" id="CVE-2021-41229" title="CVE-2021-41229" type="cve"></reference>
+          </references>
+          <description>BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.(CVE-2021-41229)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bluez-libs" release="14.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-cups" release="14.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez" release="14.ule3" version="5.54">
+                         <filename>bluez-5.54-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-devel" release="14.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debuginfo" release="14.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debugsource" release="14.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bluez-help" release="14.ule3" version="5.54">
+                         <filename>bluez-help-5.54-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-devel" release="14.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debugsource" release="14.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-cups" release="14.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez" release="14.ule3" version="5.54">
+                         <filename>bluez-5.54-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-libs" release="14.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debuginfo" release="14.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1764</id>
+          <title>An update for lua is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33099" id="CVE-2022-33099" title="CVE-2022-33099" type="cve"></reference>
+          </references>
+          <description>An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.(CVE-2022-33099)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="lua-devel" release="7.ule3" version="5.4.3">
+                         <filename>lua-devel-5.4.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-debugsource" release="7.ule3" version="5.4.3">
+                         <filename>lua-debugsource-5.4.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-debuginfo" release="7.ule3" version="5.4.3">
+                         <filename>lua-debuginfo-5.4.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua" release="7.ule3" version="5.4.3">
+                         <filename>lua-5.4.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="lua-help" release="7.ule3" version="5.4.3">
+                         <filename>lua-help-5.4.3-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua" release="7.ule3" version="5.4.3">
+                         <filename>lua-5.4.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-devel" release="7.ule3" version="5.4.3">
+                         <filename>lua-devel-5.4.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-debugsource" release="7.ule3" version="5.4.3">
+                         <filename>lua-debugsource-5.4.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-debuginfo" release="7.ule3" version="5.4.3">
+                         <filename>lua-debuginfo-5.4.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1765</id>
+          <title>An update for git is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29187" id="CVE-2022-29187" title="CVE-2022-29187" type="cve"></reference>
+          </references>
+          <description>Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.(CVE-2022-29187)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="git-debugsource" release="3.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-daemon" release="3.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git" release="3.ule3" version="2.33.0">
+                         <filename>git-2.33.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debuginfo" release="3.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gitk" release="3.ule3" version="2.33.0">
+                         <filename>gitk-2.33.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-email" release="3.ule3" version="2.33.0">
+                         <filename>git-email-2.33.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-svn" release="3.ule3" version="2.33.0">
+                         <filename>git-svn-2.33.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-gui" release="3.ule3" version="2.33.0">
+                         <filename>git-gui-2.33.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git-SVN" release="3.ule3" version="2.33.0">
+                         <filename>perl-Git-SVN-2.33.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-web" release="3.ule3" version="2.33.0">
+                         <filename>git-web-2.33.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git" release="3.ule3" version="2.33.0">
+                         <filename>perl-Git-2.33.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-help" release="3.ule3" version="2.33.0">
+                         <filename>git-help-2.33.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debugsource" release="3.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git" release="3.ule3" version="2.33.0">
+                         <filename>git-2.33.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debuginfo" release="3.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-daemon" release="3.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1766</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2210" id="CVE-2022-2210" title="CVE-2022-2210" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2257" id="CVE-2022-2257" title="CVE-2022-2257" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2264" id="CVE-2022-2264" title="CVE-2022-2264" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2286" id="CVE-2022-2286" title="CVE-2022-2286" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2287" id="CVE-2022-2287" title="CVE-2022-2287" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2289" id="CVE-2022-2289" title="CVE-2022-2289" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2343" id="CVE-2022-2343" title="CVE-2022-2343" type="cve"></reference>
+          </references>
+          <description>Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.(CVE-2022-2210)Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.(CVE-2022-2257)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.(CVE-2022-2264)Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.(CVE-2022-2286)Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.(CVE-2022-2287)Use After Free in GitHub repository vim/vim prior to 9.0.(CVE-2022-2289)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.(CVE-2022-2343)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="54.ule3" version="8.2">
+                         <filename>vim-X11-8.2-54.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="54.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-54.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="54.ule3" version="8.2">
+                         <filename>vim-common-8.2-54.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="54.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-54.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="54.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-54.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="54.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-54.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="54.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-54.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="54.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-54.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="54.ule3" version="8.2">
+                         <filename>vim-common-8.2-54.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="54.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-54.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="54.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-54.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="54.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-54.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="54.ule3" version="8.2">
+                         <filename>vim-X11-8.2-54.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1770</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-44141" id="CVE-2021-44141" title="CVE-2021-44141" type="cve"></reference>
+          </references>
+          <description>All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.(CVE-2021-44141)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="samba-debugsource" release="6.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="6.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="6.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient-devel" release="6.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="6.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="6.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="6.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="6.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="6.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="6.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="6.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="6.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind" release="6.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ctdb-tests" release="6.ule3" version="4.15.3">
+                         <filename>ctdb-tests-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-libs" release="6.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="6.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common-tools" release="6.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="6.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="6.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="6.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="6.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="6.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-clients" release="6.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="6.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common" release="6.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ctdb" release="6.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient" release="6.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="6.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="6.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="6.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="6.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="6.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="6.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="6.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="6.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="6.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="6.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="6.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb-tests" release="6.ule3" version="4.15.3">
+                         <filename>ctdb-tests-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="6.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="6.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="6.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="6.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="6.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="6.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="6.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="6.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="6.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="6.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="6.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="6.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="6.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="6.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="6.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="6.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="6.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1771</id>
+          <title>An update for mc is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-36370" id="CVE-2021-36370" title="CVE-2021-36370" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.(CVE-2021-36370)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="mc-debugsource" release="1.ule3" version="4.8.28">
+                         <filename>mc-debugsource-4.8.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mc-debuginfo" release="1.ule3" version="4.8.28">
+                         <filename>mc-debuginfo-4.8.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mc" release="1.ule3" version="4.8.28">
+                         <filename>mc-4.8.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="mc-python" release="1.ule3" version="4.8.28">
+                         <filename>mc-python-4.8.28-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="mc-help" release="1.ule3" version="4.8.28">
+                         <filename>mc-help-4.8.28-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mc-debuginfo" release="1.ule3" version="4.8.28">
+                         <filename>mc-debuginfo-4.8.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mc" release="1.ule3" version="4.8.28">
+                         <filename>mc-4.8.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mc-debugsource" release="1.ule3" version="4.8.28">
+                         <filename>mc-debugsource-4.8.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1772</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4158" id="CVE-2021-4158" title="CVE-2021-4158" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0358" id="CVE-2022-0358" title="CVE-2022-0358" type="cve"></reference>
+          </references>
+          <description>A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.(CVE-2021-4158)A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This issue allows a malicious user to trigger CVE-2018-13405 to obtain sensitive information or potentially escalate their privileges on the system.(CVE-2022-0358)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="qemu-block-iscsi" release="43.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-curl" release="43.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-rbd" release="43.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-aarch64" release="43.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-img" release="43.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-x86_64" release="43.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-ssh" release="43.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu" release="43.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debugsource" release="43.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-arm" release="43.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-guest-agent" release="43.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-hw-usb-host" release="43.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debuginfo" release="43.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-riscv" release="43.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-43.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="qemu-help" release="43.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-43.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debugsource" release="43.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-img" release="43.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debuginfo" release="43.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu" release="43.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-hw-usb-host" release="43.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-aarch64" release="43.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-seabios" release="43.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-x86_64" release="43.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-curl" release="43.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-rbd" release="43.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-arm" release="43.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-ssh" release="43.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-iscsi" release="43.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-riscv" release="43.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-guest-agent" release="43.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-43.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1773</id>
+          <title>An update for microcode_ctl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-24489" id="CVE-2020-24489" title="CVE-2020-24489" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-24513" id="CVE-2020-24513" title="CVE-2020-24513" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-0146" id="CVE-2021-0146" title="CVE-2021-0146" type="cve"></reference>
+          </references>
+          <description>Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2020-24489)Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-24513)Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.(CVE-2021-0146)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="x86_64" name="microcode_ctl" release="36.ule3" version="2.1">
+                         <filename>microcode_ctl-2.1-36.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1774</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2318" id="CVE-2022-2318" title="CVE-2022-2318" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34918" id="CVE-2022-34918" title="CVE-2022-34918" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33744" id="CVE-2022-33744" title="CVE-2022-33744" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26365" id="CVE-2022-26365" title="CVE-2022-26365" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33740" id="CVE-2022-33740" title="CVE-2022-33740" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33741" id="CVE-2022-33741" title="CVE-2022-33741" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33742" id="CVE-2022-33742" title="CVE-2022-33742" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33743" id="CVE-2022-33743" title="CVE-2022-33743" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33656" id="CVE-2021-33656" title="CVE-2021-33656" type="cve"></reference>
+          </references>
+          <description>There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.(CVE-2022-2318)An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.(CVE-2022-34918)Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests&#39; memory pages.(CVE-2022-33744)Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don&#39;t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn&#39;t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-26365)Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don&#39;t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn&#39;t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-33740)Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don&#39;t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn&#39;t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-33741)Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don&#39;t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn&#39;t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-33742)network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.(CVE-2022-33743)When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.(CVE-2021-33656)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.46.0.74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.46.0.74.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.46.0.74.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1776</id>
+          <title>An update for virglrenderer is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0175" id="CVE-2022-0175" title="CVE-2022-0175" type="cve"></reference>
+          </references>
+          <description>No description is available for this CVE.(CVE-2022-0175)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="virglrenderer" release="2.ule3" version="0.8.2">
+                         <filename>virglrenderer-0.8.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="virglrenderer-devel" release="2.ule3" version="0.8.2">
+                         <filename>virglrenderer-devel-0.8.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="virglrenderer-debuginfo" release="2.ule3" version="0.8.2">
+                         <filename>virglrenderer-debuginfo-0.8.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="virglrenderer-debugsource" release="2.ule3" version="0.8.2">
+                         <filename>virglrenderer-debugsource-0.8.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="virglrenderer-debugsource" release="2.ule3" version="0.8.2">
+                         <filename>virglrenderer-debugsource-0.8.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="virglrenderer" release="2.ule3" version="0.8.2">
+                         <filename>virglrenderer-0.8.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="virglrenderer-debuginfo" release="2.ule3" version="0.8.2">
+                         <filename>virglrenderer-debuginfo-0.8.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="virglrenderer-devel" release="2.ule3" version="0.8.2">
+                         <filename>virglrenderer-devel-0.8.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1777</id>
+          <title>An update for harfbuzz is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33068" id="CVE-2022-33068" title="CVE-2022-33068" type="cve"></reference>
+          </references>
+          <description>An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.(CVE-2022-33068)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="harfbuzz-debuginfo" release="3.ule3" version="2.8.2">
+                         <filename>harfbuzz-debuginfo-2.8.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="harfbuzz" release="3.ule3" version="2.8.2">
+                         <filename>harfbuzz-2.8.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="harfbuzz-debugsource" release="3.ule3" version="2.8.2">
+                         <filename>harfbuzz-debugsource-2.8.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="harfbuzz-devel" release="3.ule3" version="2.8.2">
+                         <filename>harfbuzz-devel-2.8.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="harfbuzz-help" release="3.ule3" version="2.8.2">
+                         <filename>harfbuzz-help-2.8.2-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="harfbuzz" release="3.ule3" version="2.8.2">
+                         <filename>harfbuzz-2.8.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="harfbuzz-debugsource" release="3.ule3" version="2.8.2">
+                         <filename>harfbuzz-debugsource-2.8.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="harfbuzz-devel" release="3.ule3" version="2.8.2">
+                         <filename>harfbuzz-devel-2.8.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="harfbuzz-debuginfo" release="3.ule3" version="2.8.2">
+                         <filename>harfbuzz-debuginfo-2.8.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1778</id>
+          <title>An update for openvswitch is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3905" id="CVE-2021-3905" title="CVE-2021-3905" type="cve"></reference>
+          </references>
+          <description>A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.(CVE-2021-3905)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openvswitch-ovn-central" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-ovn-central-2.12.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-devel" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-devel-2.12.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-debugsource" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-debugsource-2.12.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-2.12.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-debuginfo" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-debuginfo-2.12.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-help" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-help-2.12.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-ovn-common" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-ovn-common-2.12.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-ovn-host" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-ovn-host-2.12.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-openvswitch" release="22.ule3" version="2.12.0">
+                         <filename>python3-openvswitch-2.12.0-22.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debuginfo" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-debuginfo-2.12.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-2.12.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-devel" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-devel-2.12.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-ovn-common" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-ovn-common-2.12.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-help" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-help-2.12.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debugsource" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-debugsource-2.12.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-ovn-host" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-ovn-host-2.12.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-ovn-central" release="22.ule3" version="2.12.0">
+                         <filename>openvswitch-ovn-central-2.12.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1779</id>
+          <title>An update for linux-firmware is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-12321" id="CVE-2020-12321" title="CVE-2020-12321" type="cve"></reference>
+          </references>
+          <description>Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.(CVE-2020-12321)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="linux-firmware" release="2.ule3" version="20211027">
+                         <filename>linux-firmware-20211027-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="linux-firmware-ath" release="2.ule3" version="20211027">
+                         <filename>linux-firmware-ath-20211027-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="linux-firmware-cypress" release="2.ule3" version="20211027">
+                         <filename>linux-firmware-cypress-20211027-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="linux-firmware-iwlwifi" release="2.ule3" version="20211027">
+                         <filename>linux-firmware-iwlwifi-20211027-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="linux-firmware-libertas" release="2.ule3" version="20211027">
+                         <filename>linux-firmware-libertas-20211027-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="linux-firmware-mediatek" release="2.ule3" version="20211027">
+                         <filename>linux-firmware-mediatek-20211027-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="linux-firmware-mrvl" release="2.ule3" version="20211027">
+                         <filename>linux-firmware-mrvl-20211027-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="linux-firmware-netronome" release="2.ule3" version="20211027">
+                         <filename>linux-firmware-netronome-20211027-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="linux-firmware-ti-connectivity" release="2.ule3" version="20211027">
+                         <filename>linux-firmware-ti-connectivity-20211027-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1783</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32148" id="CVE-2022-32148" title="CVE-2022-32148" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30635" id="CVE-2022-30635" title="CVE-2022-30635" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30634" id="CVE-2022-30634" title="CVE-2022-30634" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30633" id="CVE-2022-30633" title="CVE-2022-30633" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30632" id="CVE-2022-30632" title="CVE-2022-30632" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30631" id="CVE-2022-30631" title="CVE-2022-30631" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30629" id="CVE-2022-30629" title="CVE-2022-30629" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28131" id="CVE-2022-28131" title="CVE-2022-28131" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1962" id="CVE-2022-1962" title="CVE-2022-1962" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1705" id="CVE-2022-1705" title="CVE-2022-1705" type="cve"></reference>
+          </references>
+          <description>When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation. In the more usual case where a Director function set the X-Forwarded-For header value to nil, ReverseProxy would leave the header unmodified as expected.(CVE-2022-32148)Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.(CVE-2022-30635)Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 &lt;&lt; 32 - 1 bytes. (CVE-2022-30634)Calling Unmarshal on a XML document into a Go struct which has a nested field that uses the any field tag can cause a panic due to stack exhaustion.(CVE-2022-30633)Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.(CVE-2022-30632)Calling Reader.Read on an archive containing a large number of concatenated 0-length compressed files can cause a panic due to stack exhaustion.(CVE-2022-30631)As required by RFC 8446, section 4.6.1, ticket_age_add now holds arandom 32-bit value. Before this change, this value was always setto 0.(CVE-2022-30629)Calling Decoder.Skip when parsing a deeply nested XML document can cause a panic due to stack exhaustion.(CVE-2022-28131)Calling any of the Parse functions on Go source code which contains deeply nested types or declarations can cause a panic due to stack exhaustion.(CVE-2022-1962)The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a chunked encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also improperly failed to reject the header as invalid.(CVE-2022-1705)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="5.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="5.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="5.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="5.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1784</id>
+          <title>An update for httpd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28330" id="CVE-2022-28330" title="CVE-2022-28330" type="cve"></reference>
+          </references>
+          <description>Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.(CVE-2022-28330)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="mod_proxy_html" release="9.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-tools" release="9.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mod_ssl" release="9.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_session" release="9.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd" release="9.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-debugsource" release="9.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-devel" release="9.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_md" release="9.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_ldap" release="9.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-debuginfo" release="9.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-filesystem" release="9.ule3" version="2.4.51">
+                         <filename>httpd-filesystem-2.4.51-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-help" release="9.ule3" version="2.4.51">
+                         <filename>httpd-help-2.4.51-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-tools" release="9.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debugsource" release="9.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-devel" release="9.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_proxy_html" release="9.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debuginfo" release="9.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_ldap" release="9.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_session" release="9.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_ssl" release="9.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd" release="9.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_md" release="9.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1786</id>
+          <title>An update for openjdk-1.8.0 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21349" id="CVE-2022-21349" title="CVE-2022-21349" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21540" id="CVE-2022-21540" title="CVE-2022-21540" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21541" id="CVE-2022-21541" title="CVE-2022-21541" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34169" id="CVE-2022-34169" title="CVE-2022-34169" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21349)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21540)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21541)The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debuginfo" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debugsource" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc-zip" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debugsource" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debuginfo" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1788</id>
+          <title>An update for flatpak-builder is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21682" id="CVE-2022-21682" title="CVE-2022-21682" type="cve"></reference>
+          </references>
+          <description>Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `--nofilesystem=home` and `--nofilesystem=host`.(CVE-2022-21682)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="flatpak-builder-debugsource" release="2.ule3" version="1.0.14">
+                         <filename>flatpak-builder-debugsource-1.0.14-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flatpak-builder-debuginfo" release="2.ule3" version="1.0.14">
+                         <filename>flatpak-builder-debuginfo-1.0.14-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flatpak-builder" release="2.ule3" version="1.0.14">
+                         <filename>flatpak-builder-1.0.14-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flatpak-builder-debuginfo" release="2.ule3" version="1.0.14">
+                         <filename>flatpak-builder-debuginfo-1.0.14-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flatpak-builder" release="2.ule3" version="1.0.14">
+                         <filename>flatpak-builder-1.0.14-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flatpak-builder-debugsource" release="2.ule3" version="1.0.14">
+                         <filename>flatpak-builder-debugsource-1.0.14-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1789</id>
+          <title>An update for protobuf-c is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33070" id="CVE-2022-33070" title="CVE-2022-33070" type="cve"></reference>
+          </references>
+          <description>Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.(CVE-2022-33070)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="protobuf-c" release="2.ule3" version="1.4.0">
+                         <filename>protobuf-c-1.4.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-c-debuginfo" release="2.ule3" version="1.4.0">
+                         <filename>protobuf-c-debuginfo-1.4.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-c-debugsource" release="2.ule3" version="1.4.0">
+                         <filename>protobuf-c-debugsource-1.4.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-c-devel" release="2.ule3" version="1.4.0">
+                         <filename>protobuf-c-devel-1.4.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-c" release="2.ule3" version="1.4.0">
+                         <filename>protobuf-c-1.4.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-c-devel" release="2.ule3" version="1.4.0">
+                         <filename>protobuf-c-devel-1.4.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-c-debuginfo" release="2.ule3" version="1.4.0">
+                         <filename>protobuf-c-debuginfo-1.4.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-c-debugsource" release="2.ule3" version="1.4.0">
+                         <filename>protobuf-c-debugsource-1.4.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1790</id>
+          <title>An update for python-lxml is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2309" id="CVE-2022-2309" title="CVE-2022-2309" type="cve"></reference>
+          </references>
+          <description>NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn&#39;t be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.(CVE-2022-2309)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-lxml-debugsource" release="4.ule3" version="4.7.1">
+                         <filename>python-lxml-debugsource-4.7.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-lxml" release="4.ule3" version="4.7.1">
+                         <filename>python3-lxml-4.7.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-lxml-debuginfo" release="4.ule3" version="4.7.1">
+                         <filename>python-lxml-debuginfo-4.7.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-lxml-help" release="4.ule3" version="4.7.1">
+                         <filename>python-lxml-help-4.7.1-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-lxml-debuginfo" release="4.ule3" version="4.7.1">
+                         <filename>python-lxml-debuginfo-4.7.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-lxml" release="4.ule3" version="4.7.1">
+                         <filename>python3-lxml-4.7.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-lxml-debugsource" release="4.ule3" version="4.7.1">
+                         <filename>python-lxml-debugsource-4.7.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1791</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-35414" id="CVE-2022-35414" title="CVE-2022-35414" type="cve"></reference>
+          </references>
+          <description>softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.(CVE-2022-35414)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="qemu-debugsource" release="44.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu" release="44.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-ssh" release="44.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-debuginfo" release="44.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-aarch64" release="44.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-riscv" release="44.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-hw-usb-host" release="44.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-x86_64" release="44.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-system-arm" release="44.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-img" release="44.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-curl" release="44.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-iscsi" release="44.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-block-rbd" release="44.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="qemu-guest-agent" release="44.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="qemu-help" release="44.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-44.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu" release="44.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-iscsi" release="44.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-rbd" release="44.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-ssh" release="44.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debuginfo" release="44.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-x86_64" release="44.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-arm" release="44.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-seabios" release="44.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-debugsource" release="44.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-block-curl" release="44.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-hw-usb-host" release="44.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-guest-agent" release="44.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-aarch64" release="44.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-system-riscv" release="44.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="qemu-img" release="44.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-44.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1792</id>
+          <title>An update for python-ldap is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46823" id="CVE-2021-46823" title="CVE-2021-46823" type="cve"></reference>
+          </references>
+          <description>python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.(CVE-2021-46823)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-ldap-debuginfo" release="4.ule3" version="3.3.1">
+                         <filename>python-ldap-debuginfo-3.3.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-ldap-debugsource" release="4.ule3" version="3.3.1">
+                         <filename>python-ldap-debugsource-3.3.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-ldap" release="4.ule3" version="3.3.1">
+                         <filename>python3-ldap-3.3.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-ldap-help" release="4.ule3" version="3.3.1">
+                         <filename>python-ldap-help-3.3.1-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-ldap" release="4.ule3" version="3.3.1">
+                         <filename>python3-ldap-3.3.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-ldap-debuginfo" release="4.ule3" version="3.3.1">
+                         <filename>python-ldap-debuginfo-3.3.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-ldap-debugsource" release="4.ule3" version="3.3.1">
+                         <filename>python-ldap-debugsource-3.3.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1794</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2380" id="CVE-2022-2380" title="CVE-2022-2380" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20227" id="CVE-2022-20227" title="CVE-2022-20227" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21505 " id="CVE-2022-21505 " title="CVE-2022-21505 " type="cve"></reference>
+          </references>
+          <description>The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel.(CVE-2022-2380)In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216825460References: Upstream kernel(CVE-2022-20227)Kernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled.(CVE-2022-21505)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.47.0.75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.47.0.75.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.47.0.75.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1795</id>
+          <title>An update for libtirpc is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-07-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46828" id="CVE-2021-46828" title="CVE-2021-46828" type="cve"></reference>
+          </references>
+          <description>In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.(CVE-2021-46828)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtirpc-debugsource" release="2.ule3" version="1.3.2">
+                         <filename>libtirpc-debugsource-1.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtirpc" release="2.ule3" version="1.3.2">
+                         <filename>libtirpc-1.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtirpc-debuginfo" release="2.ule3" version="1.3.2">
+                         <filename>libtirpc-debuginfo-1.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtirpc-devel" release="2.ule3" version="1.3.2">
+                         <filename>libtirpc-devel-1.3.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtirpc-help" release="2.ule3" version="1.3.2">
+                         <filename>libtirpc-help-1.3.2-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtirpc-devel" release="2.ule3" version="1.3.2">
+                         <filename>libtirpc-devel-1.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtirpc-debugsource" release="2.ule3" version="1.3.2">
+                         <filename>libtirpc-debugsource-1.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtirpc" release="2.ule3" version="1.3.2">
+                         <filename>libtirpc-1.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtirpc-debuginfo" release="2.ule3" version="1.3.2">
+                         <filename>libtirpc-debuginfo-1.3.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1796</id>
+          <title>An update for raptor2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-25713" id="CVE-2020-25713" title="CVE-2020-25713" type="cve"></reference>
+          </references>
+          <description>A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.(CVE-2020-25713)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="raptor2-help" release="18.ule3" version="2.0.15">
+                         <filename>raptor2-help-2.0.15-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="raptor2-devel" release="18.ule3" version="2.0.15">
+                         <filename>raptor2-devel-2.0.15-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="raptor2" release="18.ule3" version="2.0.15">
+                         <filename>raptor2-2.0.15-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="raptor2-debuginfo" release="18.ule3" version="2.0.15">
+                         <filename>raptor2-debuginfo-2.0.15-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="raptor2-debugsource" release="18.ule3" version="2.0.15">
+                         <filename>raptor2-debugsource-2.0.15-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="raptor2-devel" release="18.ule3" version="2.0.15">
+                         <filename>raptor2-devel-2.0.15-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="raptor2-help" release="18.ule3" version="2.0.15">
+                         <filename>raptor2-help-2.0.15-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="raptor2-debuginfo" release="18.ule3" version="2.0.15">
+                         <filename>raptor2-debuginfo-2.0.15-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="raptor2" release="18.ule3" version="2.0.15">
+                         <filename>raptor2-2.0.15-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="raptor2-debugsource" release="18.ule3" version="2.0.15">
+                         <filename>raptor2-debugsource-2.0.15-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1797</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30630" id="CVE-2022-30630" title="CVE-2022-30630" type="cve"></reference>
+          </references>
+          <description>Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.(CVE-2022-30630)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="5.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="5.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="5.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="5.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1798</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32745" id="CVE-2022-32745" title="CVE-2022-32745" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32746" id="CVE-2022-32746" title="CVE-2022-32746" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32742" id="CVE-2022-32742" title="CVE-2022-32742" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32744" id="CVE-2022-32744" title="CVE-2022-32744" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2031" id="CVE-2022-2031" title="CVE-2022-2031" type="cve"></reference>
+          </references>
+          <description> A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.(CVE-2022-32745)A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.(CVE-2022-32746)A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).(CVE-2022-32742)A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users passwords, enabling full domain takeover.(CVE-2022-32744)As per samba upstream advisory:All versions of Samba prior to 4.16.x built with Heimdal Kerberos are vulnerable to an Elevation of Privilege attack. If the password of a user expires and need to be changed, a user could get a krbtgt using kpasswd with canonicalization turned on. The KDC should only provide a ticket for kadmin/changepw but returns a krbtgt. So a user could skip the password change and just use the krbtgt to get service tickets and use services in the forest.(CVE-2022-2031)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="samba-libs" release="7.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient-devel" release="7.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="7.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="7.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="7.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="7.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ctdb" release="7.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="7.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-clients" release="7.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="7.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="7.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="7.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="7.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="7.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind" release="7.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient" release="7.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debugsource" release="7.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="7.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="7.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common-tools" release="7.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="7.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="7.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="7.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common" release="7.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="7.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="7.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="7.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="7.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="7.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="7.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="7.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="7.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="7.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="7.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="7.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="7.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="7.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="7.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="7.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="7.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="7.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="7.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="7.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="7.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="7.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="7.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="7.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="7.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="7.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="7.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="7.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="7.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="7.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="7.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1799</id>
+          <title>An update for shim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28737" id="CVE-2022-28737" title="CVE-2022-28737" type="cve"></reference>
+          </references>
+          <description>No description is available for this CVE.(CVE-2022-28737)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="shim" release="4.ule3" version="15.4">
+                         <filename>shim-15.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debuginfo" release="4.ule3" version="15.4">
+                         <filename>shim-debuginfo-15.4-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debugsource" release="4.ule3" version="15.4">
+                         <filename>shim-debugsource-15.4-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shim" release="4.ule3" version="15.4">
+                         <filename>shim-15.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1800</id>
+          <title>An update for uboot-tools is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33967" id="CVE-2022-33967" title="CVE-2022-33967" type="cve"></reference>
+          </references>
+          <description>squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.(CVE-2022-33967)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="uboot-tools-debugsource" release="6.ule3" version="2021.10">
+                         <filename>uboot-tools-debugsource-2021.10-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="uboot-tools-debuginfo" release="6.ule3" version="2021.10">
+                         <filename>uboot-tools-debuginfo-2021.10-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="uboot-images-elf" release="6.ule3" version="2021.10">
+                         <filename>uboot-images-elf-2021.10-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="uboot-tools" release="6.ule3" version="2021.10">
+                         <filename>uboot-tools-2021.10-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="uboot-tools-help" release="6.ule3" version="2021.10">
+                         <filename>uboot-tools-help-2021.10-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="uboot-images-armv8" release="6.ule3" version="2021.10">
+                         <filename>uboot-images-armv8-2021.10-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="uboot-tools-debugsource" release="6.ule3" version="2021.10">
+                         <filename>uboot-tools-debugsource-2021.10-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="uboot-tools-debuginfo" release="6.ule3" version="2021.10">
+                         <filename>uboot-tools-debuginfo-2021.10-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="uboot-tools" release="6.ule3" version="2021.10">
+                         <filename>uboot-tools-2021.10-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1801</id>
+          <title>An update for fwupd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-10759" id="CVE-2020-10759" title="CVE-2020-10759" type="cve"></reference>
+          </references>
+          <description>A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.(CVE-2020-10759)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="fwupd-devel" release="5.ule3" version="1.2.9">
+                         <filename>fwupd-devel-1.2.9-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fwupd" release="5.ule3" version="1.2.9">
+                         <filename>fwupd-1.2.9-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fwupd-debugsource" release="5.ule3" version="1.2.9">
+                         <filename>fwupd-debugsource-1.2.9-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fwupd-debuginfo" release="5.ule3" version="1.2.9">
+                         <filename>fwupd-debuginfo-1.2.9-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="fwupd-help" release="5.ule3" version="1.2.9">
+                         <filename>fwupd-help-1.2.9-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fwupd-debugsource" release="5.ule3" version="1.2.9">
+                         <filename>fwupd-debugsource-1.2.9-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fwupd-devel" release="5.ule3" version="1.2.9">
+                         <filename>fwupd-devel-1.2.9-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fwupd" release="5.ule3" version="1.2.9">
+                         <filename>fwupd-1.2.9-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fwupd-debuginfo" release="5.ule3" version="1.2.9">
+                         <filename>fwupd-debuginfo-1.2.9-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1802</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1508" id="CVE-2022-1508" title="CVE-2022-1508" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33655" id="CVE-2021-33655" title="CVE-2021-33655" type="cve"></reference>
+          </references>
+          <description>No description is available for this CVE.(CVE-2022-1508)When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(CVE-2021-33655)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1803</id>
+          <title>An update for qt5-qtbase is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25255" id="CVE-2022-25255" title="CVE-2022-25255" type="cve"></reference>
+          </references>
+          <description>In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.(CVE-2022-25255)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qt5-qtbase-private-devel" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-static" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-examples" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-postgresql" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-odbc" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debuginfo" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-devel" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-mysql" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debugsource" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-gui" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="qt5-qtbase-common" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-common-5.15.2-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-private-devel" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-static" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-examples" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debugsource" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-odbc" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-mysql" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debuginfo" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-postgresql" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-gui" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-devel" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1806</id>
+          <title>An update for libldb is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32746" id="CVE-2022-32746" title="CVE-2022-32746" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.(CVE-2022-32746)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libldb" release="2.ule3" version="2.4.1">
+                         <filename>libldb-2.4.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libldb-devel" release="2.ule3" version="2.4.1">
+                         <filename>libldb-devel-2.4.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-ldb-devel" release="2.ule3" version="2.4.1">
+                         <filename>python3-ldb-devel-2.4.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libldb-debugsource" release="2.ule3" version="2.4.1">
+                         <filename>libldb-debugsource-2.4.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-ldb" release="2.ule3" version="2.4.1">
+                         <filename>python3-ldb-2.4.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libldb-debuginfo" release="2.ule3" version="2.4.1">
+                         <filename>libldb-debuginfo-2.4.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-ldb-devel-common" release="2.ule3" version="2.4.1">
+                         <filename>python-ldb-devel-common-2.4.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libldb-help" release="2.ule3" version="2.4.1">
+                         <filename>libldb-help-2.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libldb-debugsource" release="2.ule3" version="2.4.1">
+                         <filename>libldb-debugsource-2.4.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libldb-devel" release="2.ule3" version="2.4.1">
+                         <filename>libldb-devel-2.4.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-ldb" release="2.ule3" version="2.4.1">
+                         <filename>python3-ldb-2.4.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-ldb-devel-common" release="2.ule3" version="2.4.1">
+                         <filename>python-ldb-devel-common-2.4.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-ldb-devel" release="2.ule3" version="2.4.1">
+                         <filename>python3-ldb-devel-2.4.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libldb" release="2.ule3" version="2.4.1">
+                         <filename>libldb-2.4.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libldb-debuginfo" release="2.ule3" version="2.4.1">
+                         <filename>libldb-debuginfo-2.4.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1807</id>
+          <title>An update for libtar is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33643" id="CVE-2021-33643" title="CVE-2021-33643" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33644" id="CVE-2021-33644" title="CVE-2021-33644" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33645" id="CVE-2021-33645" title="CVE-2021-33645" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33646" id="CVE-2021-33646" title="CVE-2021-33646" type="cve"></reference>
+          </references>
+          <description>An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.(CVE-2021-33643)An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.(CVE-2021-33644)The th_read() function doesn’t free a variable t-&gt;th_buf.gnu_longlink after allocating memory, which may cause a memory leak.(CVE-2021-33645)The th_read() function doesn’t free a variable t-&gt;th_buf.gnu_longname after allocating memory, which may cause a memory leak.(CVE-2021-33646)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtar-debugsource" release="21.ule3" version="1.2.20">
+                         <filename>libtar-debugsource-1.2.20-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtar-help" release="21.ule3" version="1.2.20">
+                         <filename>libtar-help-1.2.20-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtar-devel" release="21.ule3" version="1.2.20">
+                         <filename>libtar-devel-1.2.20-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtar-debuginfo" release="21.ule3" version="1.2.20">
+                         <filename>libtar-debuginfo-1.2.20-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtar" release="21.ule3" version="1.2.20">
+                         <filename>libtar-1.2.20-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtar-debugsource" release="21.ule3" version="1.2.20">
+                         <filename>libtar-debugsource-1.2.20-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtar-devel" release="21.ule3" version="1.2.20">
+                         <filename>libtar-devel-1.2.20-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtar" release="21.ule3" version="1.2.20">
+                         <filename>libtar-1.2.20-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtar-debuginfo" release="21.ule3" version="1.2.20">
+                         <filename>libtar-debuginfo-1.2.20-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtar-help" release="21.ule3" version="1.2.20">
+                         <filename>libtar-help-1.2.20-21.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1808</id>
+          <title>An update for ffmpeg is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-35964" id="CVE-2020-35964" title="CVE-2020-35964" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38114" id="CVE-2021-38114" title="CVE-2021-38114" type="cve"></reference>
+          </references>
+          <description>track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.(CVE-2020-35964)libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.(CVE-2021-38114)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libavdevice" release="4.ule3" version="4.2.4">
+                         <filename>libavdevice-4.2.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ffmpeg-devel" release="4.ule3" version="4.2.4">
+                         <filename>ffmpeg-devel-4.2.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ffmpeg" release="4.ule3" version="4.2.4">
+                         <filename>ffmpeg-4.2.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ffmpeg-debuginfo" release="4.ule3" version="4.2.4">
+                         <filename>ffmpeg-debuginfo-4.2.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ffmpeg-debugsource" release="4.ule3" version="4.2.4">
+                         <filename>ffmpeg-debugsource-4.2.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ffmpeg-libs" release="4.ule3" version="4.2.4">
+                         <filename>ffmpeg-libs-4.2.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ffmpeg" release="4.ule3" version="4.2.4">
+                         <filename>ffmpeg-4.2.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ffmpeg-debugsource" release="4.ule3" version="4.2.4">
+                         <filename>ffmpeg-debugsource-4.2.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libavdevice" release="4.ule3" version="4.2.4">
+                         <filename>libavdevice-4.2.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ffmpeg-devel" release="4.ule3" version="4.2.4">
+                         <filename>ffmpeg-devel-4.2.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ffmpeg-debuginfo" release="4.ule3" version="4.2.4">
+                         <filename>ffmpeg-debuginfo-4.2.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ffmpeg-libs" release="4.ule3" version="4.2.4">
+                         <filename>ffmpeg-libs-4.2.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1810</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2522" id="CVE-2022-2522" title="CVE-2022-2522" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2571" id="CVE-2022-2571" title="CVE-2022-2571" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2598" id="CVE-2022-2598" title="CVE-2022-2598" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060.(CVE-2022-2522)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.(CVE-2022-2571)Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100.(CVE-2022-2598)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="57.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="57.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="57.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="57.ule3" version="8.2">
+                         <filename>vim-X11-8.2-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="57.ule3" version="8.2">
+                         <filename>vim-common-8.2-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="57.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="57.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-57.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="57.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="57.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="57.ule3" version="8.2">
+                         <filename>vim-X11-8.2-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="57.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="57.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="57.ule3" version="8.2">
+                         <filename>vim-common-8.2-57.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1813</id>
+          <title>An update for openjdk-1.8.0 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35588" id="CVE-2021-35588" title="CVE-2021-35588" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35603" id="CVE-2021-35603" title="CVE-2021-35603" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35556" id="CVE-2021-35556" title="CVE-2021-35556" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35578" id="CVE-2021-35578" title="CVE-2021-35578" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35559" id="CVE-2021-35559" title="CVE-2021-35559" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35561" id="CVE-2021-35561" title="CVE-2021-35561" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35564" id="CVE-2021-35564" title="CVE-2021-35564" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35586" id="CVE-2021-35586" title="CVE-2021-35586" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35567" id="CVE-2021-35567" title="CVE-2021-35567" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21476" id="CVE-2022-21476" title="CVE-2022-21476" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35565" id="CVE-2021-35565" title="CVE-2021-35565" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35550" id="CVE-2021-35550" title="CVE-2021-35550" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21291" id="CVE-2022-21291" title="CVE-2022-21291" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21248" id="CVE-2022-21248" title="CVE-2022-21248" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21340" id="CVE-2022-21340" title="CVE-2022-21340" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21360" id="CVE-2022-21360" title="CVE-2022-21360" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21294" id="CVE-2022-21294" title="CVE-2022-21294" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21293" id="CVE-2022-21293" title="CVE-2022-21293" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21296" id="CVE-2022-21296" title="CVE-2022-21296" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21299" id="CVE-2022-21299" title="CVE-2022-21299" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21305" id="CVE-2022-21305" title="CVE-2022-21305" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21282" id="CVE-2022-21282" title="CVE-2022-21282" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21365" id="CVE-2022-21365" title="CVE-2022-21365" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21341" id="CVE-2022-21341" title="CVE-2022-21341" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). (CVE-2021-35588)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-35603)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35556)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35578)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35559)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35561)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2021-35564)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35586)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).(CVE-2021-35567)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2022-21476)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35565)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-35550)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21291)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21248)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21340)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21360)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21294)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21293)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21296)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21299)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21305)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21282)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21365)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21341)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debuginfo" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debugsource" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.342.b07-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc-zip" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debugsource" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debuginfo" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-slowdebug" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel" release="0.ule3" version="1.8.0.342.b07">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.342.b07-0.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1814</id>
+          <title>An update for openjdk-latest is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2388" id="CVE-2021-2388" title="CVE-2021-2388" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2369" id="CVE-2021-2369" title="CVE-2021-2369" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35550" id="CVE-2021-35550" title="CVE-2021-35550" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35565" id="CVE-2021-35565" title="CVE-2021-35565" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2341" id="CVE-2021-2341" title="CVE-2021-2341" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).(CVE-2021-2388)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).(CVE-2021-2369)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-35550)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35565)Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).(CVE-2021-2341)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-javadoc-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-debugsource" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-debugsource-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-src" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-src-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-headless" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-headless-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-debuginfo" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-debuginfo-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-demo" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-demo-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-jmods" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-jmods-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-devel" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-devel-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc-zip" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-javadoc-zip-18.0.1.10-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-jmods" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-jmods-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-javadoc-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-src" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-src-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-demo" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-demo-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-debugsource" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-debugsource-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-devel" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-devel-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-headless" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-headless-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc-zip" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-javadoc-zip-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-debuginfo" release="0.rolling.ule3" version="18.0.1.10">
+                         <filename>java-latest-openjdk-debuginfo-18.0.1.10-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1818</id>
+          <title>An update for libdwarf is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-28163" id="CVE-2020-28163" title="CVE-2020-28163" type="cve"></reference>
+          </references>
+          <description>A flaw was found in libdwarf. A possible null pointer dereference vulnerability allows an attacker to input a specially crafted file, leading to a crash. The highest threat from this vulnerability is to system availability.(CVE-2020-28163)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libdwarf-devel" release="1.ule3" version="20210528">
+                         <filename>libdwarf-devel-20210528-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libdwarf" release="1.ule3" version="20210528">
+                         <filename>libdwarf-20210528-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libdwarf-tools" release="1.ule3" version="20210528">
+                         <filename>libdwarf-tools-20210528-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libdwarf-debuginfo" release="1.ule3" version="20210528">
+                         <filename>libdwarf-debuginfo-20210528-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libdwarf-debugsource" release="1.ule3" version="20210528">
+                         <filename>libdwarf-debugsource-20210528-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libdwarf-help" release="1.ule3" version="20210528">
+                         <filename>libdwarf-help-20210528-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libdwarf-tools" release="1.ule3" version="20210528">
+                         <filename>libdwarf-tools-20210528-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libdwarf-devel" release="1.ule3" version="20210528">
+                         <filename>libdwarf-devel-20210528-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libdwarf-debuginfo" release="1.ule3" version="20210528">
+                         <filename>libdwarf-debuginfo-20210528-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libdwarf-debugsource" release="1.ule3" version="20210528">
+                         <filename>libdwarf-debugsource-20210528-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libdwarf" release="1.ule3" version="20210528">
+                         <filename>libdwarf-20210528-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1822</id>
+          <title>An update for gnutls is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2509" id="CVE-2022-2509" title="CVE-2022-2509" type="cve"></reference>
+          </references>
+          <description>A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.(CVE-2022-2509)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gnutls-utils" release="3.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debuginfo" release="3.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls" release="3.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debugsource" release="3.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-devel" release="3.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gnutls-help" release="3.ule3" version="3.7.2">
+                         <filename>gnutls-help-3.7.2-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debugsource" release="3.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-utils" release="3.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls" release="3.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debuginfo" release="3.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-devel" release="3.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1823</id>
+          <title>An update for redis6 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24735" id="CVE-2022-24735" title="CVE-2022-24735" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24736" id="CVE-2022-24736" title="CVE-2022-24736" type="cve"></reference>
+          </references>
+          <description>Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.(CVE-2022-24735)Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.(CVE-2022-24736)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="redis6" release="1.ule3" version="6.2.7">
+                         <filename>redis6-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis6-debugsource" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debugsource-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis6-devel" release="1.ule3" version="6.2.7">
+                         <filename>redis6-devel-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis6-debuginfo" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debuginfo-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="redis6-doc" release="1.ule3" version="6.2.7">
+                         <filename>redis6-doc-6.2.7-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6-debugsource" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debugsource-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6-devel" release="1.ule3" version="6.2.7">
+                         <filename>redis6-devel-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6" release="1.ule3" version="6.2.7">
+                         <filename>redis6-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6-debuginfo" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debuginfo-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1824</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36946" id="CVE-2022-36946" title="CVE-2022-36946" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1679" id="CVE-2022-1679" title="CVE-2022-1679" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2327" id="CVE-2022-2327" title="CVE-2022-2327" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2639" id="CVE-2022-2639" title="CVE-2022-2639" type="cve"></reference>
+          </references>
+          <description>nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb-&gt;len.(CVE-2022-36946)A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-1679)io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859(CVE-2022-2327)An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-2639)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-devel" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.50.0.78.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.50.0.78.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.50.0.78.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1825</id>
+          <title>An update for kexec-tools is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-20269" id="CVE-2021-20269" title="CVE-2021-20269" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.(CVE-2021-20269)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kexec-tools-debugsource" release="5.ule3" version="2.0.23">
+                         <filename>kexec-tools-debugsource-2.0.23-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kexec-tools" release="5.ule3" version="2.0.23">
+                         <filename>kexec-tools-2.0.23-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kexec-tools-debuginfo" release="5.ule3" version="2.0.23">
+                         <filename>kexec-tools-debuginfo-2.0.23-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="kexec-tools-help" release="5.ule3" version="2.0.23">
+                         <filename>kexec-tools-help-2.0.23-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kexec-tools-debugsource" release="5.ule3" version="2.0.23">
+                         <filename>kexec-tools-debugsource-2.0.23-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kexec-tools-debuginfo" release="5.ule3" version="2.0.23">
+                         <filename>kexec-tools-debuginfo-2.0.23-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kexec-tools" release="5.ule3" version="2.0.23">
+                         <filename>kexec-tools-2.0.23-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1826</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1725" id="CVE-2022-1725" title="CVE-2022-1725" type="cve"></reference>
+          </references>
+          <description>NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495.(CVE-2022-1725)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="58.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="58.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="58.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="58.ule3" version="8.2">
+                         <filename>vim-common-8.2-58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="58.ule3" version="8.2">
+                         <filename>vim-X11-8.2-58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="58.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="58.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-58.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="58.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="58.ule3" version="8.2">
+                         <filename>vim-X11-8.2-58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="58.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="58.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="58.ule3" version="8.2">
+                         <filename>vim-common-8.2-58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="58.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-58.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1827</id>
+          <title>An update for mod_wsgi is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2255" id="CVE-2022-2255" title="CVE-2022-2255" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy (trusted proxies are configured via the WSGITrustedProxies directive) allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.References:https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L13940-L13941https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L14046-L14082(CVE-2022-2255)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-mod_wsgi" release="3.ule3" version="4.6.4">
+                         <filename>python3-mod_wsgi-4.6.4-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_wsgi-debuginfo" release="3.ule3" version="4.6.4">
+                         <filename>mod_wsgi-debuginfo-4.6.4-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_wsgi-debugsource" release="3.ule3" version="4.6.4">
+                         <filename>mod_wsgi-debugsource-4.6.4-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_wsgi-debugsource" release="3.ule3" version="4.6.4">
+                         <filename>mod_wsgi-debugsource-4.6.4-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-mod_wsgi" release="3.ule3" version="4.6.4">
+                         <filename>python3-mod_wsgi-4.6.4-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_wsgi-debuginfo" release="3.ule3" version="4.6.4">
+                         <filename>mod_wsgi-debuginfo-4.6.4-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1830</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32189" id="CVE-2022-32189" title="CVE-2022-32189" type="cve"></reference>
+          </references>
+          <description>A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.References:https://go.dev/issue/53871https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wUUpstream Commits:Master : https://github.com/golang/go/commit/055113ef364337607e3e72ed7d48df67fde6fc66Branch.go1.17 : https://github.com/golang/go/commit/703c8ab7e5ba75c95553d4e249309297abad7102Branch.go1.18 : https://github.com/golang/go/commit/9240558e4f342fc6e98fec22de17c04b45089349(CVE-2022-32189)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="6.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="6.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="6.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="6.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1831</id>
+          <title>An update for game-music-emu is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2017-17446" id="CVE-2017-17446" title="CVE-2017-17446" type="cve"></reference>
+          </references>
+          <description>The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.(CVE-2017-17446)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="game-music-emu" release="1.ule3" version="0.6.2">
+                         <filename>game-music-emu-0.6.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="game-music-emu-debuginfo" release="1.ule3" version="0.6.2">
+                         <filename>game-music-emu-debuginfo-0.6.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="game-music-emu-debugsource" release="1.ule3" version="0.6.2">
+                         <filename>game-music-emu-debugsource-0.6.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="game-music-emu-devel" release="1.ule3" version="0.6.2">
+                         <filename>game-music-emu-devel-0.6.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="game-music-emu" release="1.ule3" version="0.6.2">
+                         <filename>game-music-emu-0.6.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="game-music-emu-debugsource" release="1.ule3" version="0.6.2">
+                         <filename>game-music-emu-debugsource-0.6.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="game-music-emu-debuginfo" release="1.ule3" version="0.6.2">
+                         <filename>game-music-emu-debuginfo-0.6.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="game-music-emu-devel" release="1.ule3" version="0.6.2">
+                         <filename>game-music-emu-devel-0.6.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1832</id>
+          <title>An update for openjdk-latest is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34169" id="CVE-2022-34169" title="CVE-2022-34169" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21541" id="CVE-2022-21541" title="CVE-2022-21541" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21540" id="CVE-2022-21540" title="CVE-2022-21540" type="cve"></reference>
+          </references>
+          <description>The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21541)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21540)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-javadoc-18.0.2.9-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-debugsource" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-debugsource-18.0.2.9-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-src" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-src-18.0.2.9-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-headless" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-headless-18.0.2.9-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-debuginfo" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-debuginfo-18.0.2.9-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-demo" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-demo-18.0.2.9-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-jmods" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-jmods-18.0.2.9-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-devel" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-devel-18.0.2.9-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-18.0.2.9-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc-zip" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-javadoc-zip-18.0.2.9-0.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-jmods" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-jmods-18.0.2.9-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-javadoc-18.0.2.9-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-src" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-src-18.0.2.9-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-demo" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-demo-18.0.2.9-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-debugsource" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-debugsource-18.0.2.9-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-devel" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-devel-18.0.2.9-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-headless" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-headless-18.0.2.9-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-18.0.2.9-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc-zip" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-javadoc-zip-18.0.2.9-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-debuginfo" release="0.rolling.ule3" version="18.0.2.9">
+                         <filename>java-latest-openjdk-debuginfo-18.0.2.9-0.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1833</id>
+          <title>An update for openssl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2097" id="CVE-2022-2097" title="CVE-2022-2097" type="cve"></reference>
+          </references>
+          <description>AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn t written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="openssl-libs" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debuginfo" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debugsource" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-devel" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-perl" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="openssl-help" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-help-1.1.1m-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-libs" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-devel" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-perl" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debuginfo" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debugsource" release="8.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1834</id>
+          <title>An update for xorg-x11-server is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2320" id="CVE-2022-2320" title="CVE-2022-2320" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2319" id="CVE-2022-2319" title="CVE-2022-2319" type="cve"></reference>
+          </references>
+          <description>CVE-2022-2320/ZDI-CAN-16070: xorg-x11-server: out-of-bounds write in ProcXkbSetDeviceInfo request handler of the Xkb extensionIntroduced In:https://github.com/freedesktop/xorg-xserver/commit/c06e27b2f6fd9f7b9f827623a48876a225264132Fixed In:https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc(CVE-2022-2320)CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Accesshttps://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939(CVE-2022-2319)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xorg-x11-server-debuginfo" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xvfb" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xnest" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xephyr" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xdmx" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-common" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debugsource" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-devel" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-source" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-source-1.20.11-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-help" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-help-1.20.11-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-devel" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xdmx" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-common" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xnest" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debuginfo" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debugsource" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xephyr" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xvfb" release="7.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1835</id>
+          <title>An update for postgresql-jdbc is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31197" id="CVE-2022-31197" title="CVE-2022-31197" type="cve"></reference>
+          </references>
+          <description>PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application&#39;s JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who&#39;s column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application&#39;s JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2022-31197)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="postgresql-jdbc" release="1.ule3" version="42.4.1">
+                         <filename>postgresql-jdbc-42.4.1-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="postgresql-jdbc-javadoc" release="1.ule3" version="42.4.1">
+                         <filename>postgresql-jdbc-javadoc-42.4.1-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="postgresql-jdbc-help" release="1.ule3" version="42.4.1">
+                         <filename>postgresql-jdbc-help-42.4.1-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1836</id>
+          <title>An update for unbound is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30698" id="CVE-2022-30698" title="CVE-2022-30698" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30699" id="CVE-2022-30699" title="CVE-2022-30699" type="cve"></reference>
+          </references>
+          <description>NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the &#34;ghost domain names&#34; attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound&#39;s delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.(CVE-2022-30698)NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the &#34;ghost domain names&#34; attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.(CVE-2022-30699)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="unbound-debuginfo" release="5.ule3" version="1.13.2">
+                         <filename>unbound-debuginfo-1.13.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-help" release="5.ule3" version="1.13.2">
+                         <filename>unbound-help-1.13.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound" release="5.ule3" version="1.13.2">
+                         <filename>unbound-1.13.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-devel" release="5.ule3" version="1.13.2">
+                         <filename>unbound-devel-1.13.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unbound" release="5.ule3" version="1.13.2">
+                         <filename>python3-unbound-1.13.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-debugsource" release="5.ule3" version="1.13.2">
+                         <filename>unbound-debugsource-1.13.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-libs" release="5.ule3" version="1.13.2">
+                         <filename>unbound-libs-1.13.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-debugsource" release="5.ule3" version="1.13.2">
+                         <filename>unbound-debugsource-1.13.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-help" release="5.ule3" version="1.13.2">
+                         <filename>unbound-help-1.13.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-debuginfo" release="5.ule3" version="1.13.2">
+                         <filename>unbound-debuginfo-1.13.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-devel" release="5.ule3" version="1.13.2">
+                         <filename>unbound-devel-1.13.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unbound" release="5.ule3" version="1.13.2">
+                         <filename>python3-unbound-1.13.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-libs" release="5.ule3" version="1.13.2">
+                         <filename>unbound-libs-1.13.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound" release="5.ule3" version="1.13.2">
+                         <filename>unbound-1.13.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1841</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20368" id="CVE-2022-20368" title="CVE-2022-20368" type="cve"></reference>
+          </references>
+          <description>Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel.(CVE-2022-20368)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="3" arch="aarch64" name="python3-perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.39.0.68.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.39.0.68.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.39.0.68.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1842</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36879" id="CVE-2022-36879" title="CVE-2022-36879" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.(CVE-2022-36879)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.48.0.76.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.48.0.76.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.48.0.76.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1843</id>
+          <title>An update for zlib is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37434" id="CVE-2022-37434" title="CVE-2022-37434" type="cve"></reference>
+          </references>
+          <description>zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="zlib-devel" release="22.ule3" version="1.2.11">
+                         <filename>zlib-devel-1.2.11-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="minizip" release="22.ule3" version="1.2.11">
+                         <filename>minizip-1.2.11-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib-debuginfo" release="22.ule3" version="1.2.11">
+                         <filename>zlib-debuginfo-1.2.11-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib" release="22.ule3" version="1.2.11">
+                         <filename>zlib-1.2.11-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="minizip-devel" release="22.ule3" version="1.2.11">
+                         <filename>minizip-devel-1.2.11-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib-debugsource" release="22.ule3" version="1.2.11">
+                         <filename>zlib-debugsource-1.2.11-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="zlib-help" release="22.ule3" version="1.2.11">
+                         <filename>zlib-help-1.2.11-22.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-debugsource" release="22.ule3" version="1.2.11">
+                         <filename>zlib-debugsource-1.2.11-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib" release="22.ule3" version="1.2.11">
+                         <filename>zlib-1.2.11-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-debuginfo" release="22.ule3" version="1.2.11">
+                         <filename>zlib-debuginfo-1.2.11-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="minizip-devel" release="22.ule3" version="1.2.11">
+                         <filename>minizip-devel-1.2.11-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-devel" release="22.ule3" version="1.2.11">
+                         <filename>zlib-devel-1.2.11-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="minizip" release="22.ule3" version="1.2.11">
+                         <filename>minizip-1.2.11-22.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1845</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26490" id="CVE-2022-26490" title="CVE-2022-26490" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36123" id="CVE-2022-36123" title="CVE-2022-36123" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2588" id="CVE-2022-2588" title="CVE-2022-2588" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2585" id="CVE-2022-2585" title="CVE-2022-2585" type="cve"></reference>
+          </references>
+          <description>st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.(CVE-2022-26490)The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.(CVE-2022-36123)A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local, privileged attacker to crash the system, possibly leading to a local privilege escalation issue.(CVE-2022-2588)It was discovered that when exec ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.(CVE-2022-2585)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.51.0.79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.51.0.79.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.51.0.79.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1847</id>
+          <title>An update for gnupg2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34903" id="CVE-2022-34903" title="CVE-2022-34903" type="cve"></reference>
+          </references>
+          <description>GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim&#39;s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.(CVE-2022-34903)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gnupg2-debuginfo" release="3.ule3" version="2.2.32">
+                         <filename>gnupg2-debuginfo-2.2.32-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnupg2" release="3.ule3" version="2.2.32">
+                         <filename>gnupg2-2.2.32-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnupg2-debugsource" release="3.ule3" version="2.2.32">
+                         <filename>gnupg2-debugsource-2.2.32-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gnupg2-help" release="3.ule3" version="2.2.32">
+                         <filename>gnupg2-help-2.2.32-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnupg2-debuginfo" release="3.ule3" version="2.2.32">
+                         <filename>gnupg2-debuginfo-2.2.32-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnupg2" release="3.ule3" version="2.2.32">
+                         <filename>gnupg2-2.2.32-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnupg2-debugsource" release="3.ule3" version="2.2.32">
+                         <filename>gnupg2-debugsource-2.2.32-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1848</id>
+          <title>An update for cfitsio is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-3849" id="CVE-2018-3849" title="CVE-2018-3849" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-3848" id="CVE-2018-3848" title="CVE-2018-3848" type="cve"></reference>
+          </references>
+          <description>In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.(CVE-2018-3849)In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.(CVE-2018-3848)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="cfitsio-debugsource" release="1.ule3" version="3.490">
+                         <filename>cfitsio-debugsource-3.490-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cfitsio-devel" release="1.ule3" version="3.490">
+                         <filename>cfitsio-devel-3.490-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fpack" release="1.ule3" version="3.490">
+                         <filename>fpack-3.490-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cfitsio" release="1.ule3" version="3.490">
+                         <filename>cfitsio-3.490-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cfitsio-debuginfo" release="1.ule3" version="3.490">
+                         <filename>cfitsio-debuginfo-3.490-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="cfitsio-help" release="1.ule3" version="3.490">
+                         <filename>cfitsio-help-3.490-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cfitsio-devel" release="1.ule3" version="3.490">
+                         <filename>cfitsio-devel-3.490-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cfitsio-debuginfo" release="1.ule3" version="3.490">
+                         <filename>cfitsio-debuginfo-3.490-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cfitsio" release="1.ule3" version="3.490">
+                         <filename>cfitsio-3.490-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cfitsio-debugsource" release="1.ule3" version="3.490">
+                         <filename>cfitsio-debugsource-3.490-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fpack" release="1.ule3" version="3.490">
+                         <filename>fpack-3.490-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1849</id>
+          <title>An update for openjdk-11 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34169" id="CVE-2022-34169" title="CVE-2022-34169" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21541" id="CVE-2022-21541" title="CVE-2022-21541" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21540" id="CVE-2022-21540" title="CVE-2022-21540" type="cve"></reference>
+          </references>
+          <description>The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21541)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21540)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debuginfo" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-debuginfo-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-src-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debugsource" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-debugsource-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-jmods-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-devel-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-demo-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-slowdebug-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-javadoc-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc-zip" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-headless-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.16.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc-zip" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-devel-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-src-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-slowdebug-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-jmods-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debugsource" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-debugsource-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-javadoc-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debuginfo" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-debuginfo-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-headless-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-demo-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo-slowdebug" release="0.ule3" version="11.0.16.8">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.16.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1852</id>
+          <title>An update for m2crypto is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-25657" id="CVE-2020-25657" title="CVE-2020-25657" type="cve"></reference>
+          </references>
+          <description>A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.(CVE-2020-25657)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="m2crypto-debugsource" release="2.ule3" version="0.38.0">
+                         <filename>m2crypto-debugsource-0.38.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="m2crypto-debuginfo" release="2.ule3" version="0.38.0">
+                         <filename>m2crypto-debuginfo-0.38.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-m2crypto" release="2.ule3" version="0.38.0">
+                         <filename>python3-m2crypto-0.38.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="m2crypto-debuginfo" release="2.ule3" version="0.38.0">
+                         <filename>m2crypto-debuginfo-0.38.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="m2crypto-debugsource" release="2.ule3" version="0.38.0">
+                         <filename>m2crypto-debugsource-0.38.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-m2crypto" release="2.ule3" version="0.38.0">
+                         <filename>python3-m2crypto-0.38.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1853</id>
+          <title>An update for rsync is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37434" id="CVE-2022-37434" title="CVE-2022-37434" type="cve"></reference>
+          </references>
+          <description>zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="rsync" release="3.ule3" version="3.2.3">
+                         <filename>rsync-3.2.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsync-debuginfo" release="3.ule3" version="3.2.3">
+                         <filename>rsync-debuginfo-3.2.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsync-debugsource" release="3.ule3" version="3.2.3">
+                         <filename>rsync-debugsource-3.2.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rsync-help" release="3.ule3" version="3.2.3">
+                         <filename>rsync-help-3.2.3-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsync" release="3.ule3" version="3.2.3">
+                         <filename>rsync-3.2.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsync-debuginfo" release="3.ule3" version="3.2.3">
+                         <filename>rsync-debuginfo-3.2.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsync-debugsource" release="3.ule3" version="3.2.3">
+                         <filename>rsync-debugsource-3.2.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1854</id>
+          <title>An update for varnish is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38150" id="CVE-2022-38150" title="CVE-2022-38150" type="cve"></reference>
+          </references>
+          <description>In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.(CVE-2022-38150)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="varnish" release="6.ule3" version="7.0.1">
+                         <filename>varnish-7.0.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debuginfo" release="6.ule3" version="7.0.1">
+                         <filename>varnish-debuginfo-7.0.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-devel" release="6.ule3" version="7.0.1">
+                         <filename>varnish-devel-7.0.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debugsource" release="6.ule3" version="7.0.1">
+                         <filename>varnish-debugsource-7.0.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="varnish-help" release="6.ule3" version="7.0.1">
+                         <filename>varnish-help-7.0.1-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debuginfo" release="6.ule3" version="7.0.1">
+                         <filename>varnish-debuginfo-7.0.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish" release="6.ule3" version="7.0.1">
+                         <filename>varnish-7.0.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-devel" release="6.ule3" version="7.0.1">
+                         <filename>varnish-devel-7.0.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debugsource" release="6.ule3" version="7.0.1">
+                         <filename>varnish-debugsource-7.0.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1857</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29526" id="CVE-2022-29526" title="CVE-2022-29526" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29804" id="CVE-2022-29804" title="CVE-2022-29804" type="cve"></reference>
+          </references>
+          <description>Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.(CVE-2022-29526)Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.(CVE-2022-29804)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="7.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="7.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="7.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="7.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1858</id>
+          <title>An update for shapelib is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0699" id="CVE-2022-0699" title="CVE-2022-0699" type="cve"></reference>
+          </references>
+          <description>** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-0699)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="shapelib-debugsource" release="2.ule3" version="1.5.0">
+                         <filename>shapelib-debugsource-1.5.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="shapelib" release="2.ule3" version="1.5.0">
+                         <filename>shapelib-1.5.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="shapelib-devel" release="2.ule3" version="1.5.0">
+                         <filename>shapelib-devel-1.5.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="shapelib-help" release="2.ule3" version="1.5.0">
+                         <filename>shapelib-help-1.5.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="shapelib-debuginfo" release="2.ule3" version="1.5.0">
+                         <filename>shapelib-debuginfo-1.5.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shapelib-help" release="2.ule3" version="1.5.0">
+                         <filename>shapelib-help-1.5.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shapelib-debugsource" release="2.ule3" version="1.5.0">
+                         <filename>shapelib-debugsource-1.5.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shapelib" release="2.ule3" version="1.5.0">
+                         <filename>shapelib-1.5.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shapelib-devel" release="2.ule3" version="1.5.0">
+                         <filename>shapelib-devel-1.5.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shapelib-debuginfo" release="2.ule3" version="1.5.0">
+                         <filename>shapelib-debuginfo-1.5.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1859</id>
+          <title>An update for busybox is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30065" id="CVE-2022-30065" title="CVE-2022-30065" type="cve"></reference>
+          </references>
+          <description>A use-after-free in Busybox 1.35-x&#39;s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.(CVE-2022-30065)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="busybox" release="16.ule3" version="1.34.1">
+                         <filename>busybox-1.34.1-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="busybox-debuginfo" release="16.ule3" version="1.34.1">
+                         <filename>busybox-debuginfo-1.34.1-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="busybox-petitboot" release="16.ule3" version="1.34.1">
+                         <filename>busybox-petitboot-1.34.1-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="busybox-help" release="16.ule3" version="1.34.1">
+                         <filename>busybox-help-1.34.1-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="busybox-debugsource" release="16.ule3" version="1.34.1">
+                         <filename>busybox-debugsource-1.34.1-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="busybox-petitboot" release="16.ule3" version="1.34.1">
+                         <filename>busybox-petitboot-1.34.1-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="busybox-debuginfo" release="16.ule3" version="1.34.1">
+                         <filename>busybox-debuginfo-1.34.1-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="busybox-debugsource" release="16.ule3" version="1.34.1">
+                         <filename>busybox-debugsource-1.34.1-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="busybox" release="16.ule3" version="1.34.1">
+                         <filename>busybox-1.34.1-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="busybox-help" release="16.ule3" version="1.34.1">
+                         <filename>busybox-help-1.34.1-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1860</id>
+          <title>An update for lua is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-44964" id="CVE-2021-44964" title="CVE-2021-44964" type="cve"></reference>
+          </references>
+          <description>Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.(CVE-2021-44964)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="lua-devel" release="8.ule3" version="5.4.3">
+                         <filename>lua-devel-5.4.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-debuginfo" release="8.ule3" version="5.4.3">
+                         <filename>lua-debuginfo-5.4.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua" release="8.ule3" version="5.4.3">
+                         <filename>lua-5.4.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-debugsource" release="8.ule3" version="5.4.3">
+                         <filename>lua-debugsource-5.4.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="lua-help" release="8.ule3" version="5.4.3">
+                         <filename>lua-help-5.4.3-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-debugsource" release="8.ule3" version="5.4.3">
+                         <filename>lua-debugsource-5.4.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua" release="8.ule3" version="5.4.3">
+                         <filename>lua-5.4.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-devel" release="8.ule3" version="5.4.3">
+                         <filename>lua-devel-5.4.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-debuginfo" release="8.ule3" version="5.4.3">
+                         <filename>lua-debuginfo-5.4.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1861</id>
+          <title>An update for python-bleach is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23980" id="CVE-2021-23980" title="CVE-2021-23980" type="cve"></reference>
+          </references>
+          <description>No description is available for this CVE.(CVE-2021-23980)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-bleach-help" release="1.ule3" version="5.0.1">
+                         <filename>python-bleach-help-5.0.1-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-bleach" release="1.ule3" version="5.0.1">
+                         <filename>python3-bleach-5.0.1-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1865</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2845" id="CVE-2022-2845" title="CVE-2022-2845" type="cve"></reference>
+          </references>
+          <description>Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218.(CVE-2022-2845)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="59.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-59.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="59.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-59.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="59.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-59.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="59.ule3" version="8.2">
+                         <filename>vim-common-8.2-59.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="59.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-59.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="59.ule3" version="8.2">
+                         <filename>vim-X11-8.2-59.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="59.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-59.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="59.ule3" version="8.2">
+                         <filename>vim-common-8.2-59.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="59.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-59.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="59.ule3" version="8.2">
+                         <filename>vim-X11-8.2-59.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="59.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-59.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="59.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-59.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="59.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-59.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1866</id>
+          <title>An update for redis6 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-32672" id="CVE-2021-32672" title="CVE-2021-32672" type="cve"></reference>
+          </references>
+          <description>Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.(CVE-2021-32672)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="redis6" release="1.ule3" version="6.2.7">
+                         <filename>redis6-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis6-devel" release="1.ule3" version="6.2.7">
+                         <filename>redis6-devel-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis6-debuginfo" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debuginfo-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis6-debugsource" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debugsource-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="redis6-doc" release="1.ule3" version="6.2.7">
+                         <filename>redis6-doc-6.2.7-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6-devel" release="1.ule3" version="6.2.7">
+                         <filename>redis6-devel-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6-debugsource" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debugsource-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6" release="1.ule3" version="6.2.7">
+                         <filename>redis6-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6-debuginfo" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debuginfo-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1869</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2867" id="CVE-2022-2867" title="CVE-2022-2867" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2868" id="CVE-2022-2868" title="CVE-2022-2868" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2869" id="CVE-2022-2869" title="CVE-2022-2869" type="cve"></reference>
+          </references>
+          <description>libtiff&#39;s tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.(CVE-2022-2867)libtiff&#39;s tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.(CVE-2022-2868)libtiff&#39;s tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.(CVE-2022-2869)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-tools" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="17.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1870</id>
+          <title>An update for grafana is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31107" id="CVE-2022-31107" title="CVE-2022-31107" type="cve"></reference>
+          </references>
+          <description>Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user&#39;s external user id is not already associated with an account in Grafana, the malicious user&#39;s email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user&#39;s Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.(CVE-2022-31107)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="grafana" release="3.ule3" version="7.5.15">
+                         <filename>grafana-7.5.15-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="grafana-debuginfo" release="3.ule3" version="7.5.15">
+                         <filename>grafana-debuginfo-7.5.15-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grafana" release="3.ule3" version="7.5.15">
+                         <filename>grafana-7.5.15-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grafana-debuginfo" release="3.ule3" version="7.5.15">
+                         <filename>grafana-debuginfo-7.5.15-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1872</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20369" id="CVE-2022-20369" title="CVE-2022-20369" type="cve"></reference>
+          </references>
+          <description>In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel(CVE-2022-20369)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.52.0.80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.52.0.80.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.52.0.80.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1874</id>
+          <title>An update for gdk-pixbuf2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46829" id="CVE-2021-46829" title="CVE-2021-46829" type="cve"></reference>
+          </references>
+          <description>GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.(CVE-2021-46829)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gdk-pixbuf2-modules" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-modules-2.42.6-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdk-pixbuf2" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-2.42.6-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdk-pixbuf2-devel" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-devel-2.42.6-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdk-pixbuf2-tests" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-tests-2.42.6-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdk-pixbuf2-debuginfo" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-debuginfo-2.42.6-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdk-pixbuf2-debugsource" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-debugsource-2.42.6-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gdk-pixbuf2-help" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-help-2.42.6-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdk-pixbuf2-devel" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-devel-2.42.6-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdk-pixbuf2-tests" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-tests-2.42.6-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdk-pixbuf2-modules" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-modules-2.42.6-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdk-pixbuf2-debuginfo" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-debuginfo-2.42.6-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdk-pixbuf2-debugsource" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-debugsource-2.42.6-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdk-pixbuf2" release="4.ule3" version="2.42.6">
+                         <filename>gdk-pixbuf2-2.42.6-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1875</id>
+          <title>An update for rsync is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29154" id="CVE-2022-29154" title="CVE-2022-29154" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).(CVE-2022-29154)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="rsync-debugsource" release="4.ule3" version="3.2.3">
+                         <filename>rsync-debugsource-3.2.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsync-debuginfo" release="4.ule3" version="3.2.3">
+                         <filename>rsync-debuginfo-3.2.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rsync" release="4.ule3" version="3.2.3">
+                         <filename>rsync-3.2.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rsync-help" release="4.ule3" version="3.2.3">
+                         <filename>rsync-help-3.2.3-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsync-debuginfo" release="4.ule3" version="3.2.3">
+                         <filename>rsync-debuginfo-3.2.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsync" release="4.ule3" version="3.2.3">
+                         <filename>rsync-3.2.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rsync-debugsource" release="4.ule3" version="3.2.3">
+                         <filename>rsync-debugsource-3.2.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1878</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32743" id="CVE-2022-32743" title="CVE-2022-32743" type="cve"></reference>
+          </references>
+          <description>CVE-2022-32743 samba: Validated dnsHostname write right needs to be implementedhttps://bugzilla.samba.org/show_bug.cgi?id=14833(CVE-2022-32743)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="samba-common" release="9.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="9.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="9.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="9.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="9.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="9.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient" release="9.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="9.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="9.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient-devel" release="9.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="9.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-clients" release="9.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="9.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind" release="9.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ctdb" release="9.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="9.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="9.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="9.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="9.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common-tools" release="9.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="9.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-libs" release="9.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="9.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debugsource" release="9.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="9.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="9.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="9.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="9.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="9.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="9.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="9.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="9.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="9.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="9.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="9.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="9.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="9.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="9.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="9.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="9.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="9.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="9.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="9.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="9.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="9.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="9.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="9.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="9.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="9.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="9.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="9.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="9.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="9.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="9.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1879</id>
+          <title>An update for python3 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-28861" id="CVE-2021-28861" title="CVE-2021-28861" type="cve"></reference>
+          </references>
+          <description>** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states &#34;Warning: http.server is not recommended for production. It only implements basic security checks.&#34;(CVE-2021-28861)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3" release="13.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debug" release="13.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debugsource" release="13.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-devel" release="13.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unversioned-command" release="13.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debuginfo" release="13.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-help" release="13.ule3" version="3.9.9">
+                         <filename>python3-help-3.9.9-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debugsource" release="13.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debuginfo" release="13.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-devel" release="13.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debug" release="13.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3" release="13.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unversioned-command" release="13.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1882</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2923" id="CVE-2022-2923" title="CVE-2022-2923" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2946" id="CVE-2022-2946" title="CVE-2022-2946" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2980" id="CVE-2022-2980" title="CVE-2022-2980" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3016" id="CVE-2022-3016" title="CVE-2022-3016" type="cve"></reference>
+          </references>
+          <description>NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.(CVE-2022-2923)Use After Free in GitHub repository vim/vim prior to 9.0.0246.(CVE-2022-2946)NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.(CVE-2022-2980)Use After Free in GitHub repository vim/vim prior to 9.0.0286.(CVE-2022-3016)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="62.ule3" version="8.2">
+                         <filename>vim-common-8.2-62.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="62.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-62.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="62.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-62.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="62.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-62.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="62.ule3" version="8.2">
+                         <filename>vim-X11-8.2-62.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="62.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-62.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="62.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-62.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="62.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-62.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="62.ule3" version="8.2">
+                         <filename>vim-common-8.2-62.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="62.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-62.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="62.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-62.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="62.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-62.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="62.ule3" version="8.2">
+                         <filename>vim-X11-8.2-62.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1883</id>
+          <title>An update for redis6 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29477" id="CVE-2021-29477" title="CVE-2021-29477" type="cve"></reference>
+          </references>
+          <description>Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.(CVE-2021-29477)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="redis6-devel" release="1.ule3" version="6.2.7">
+                         <filename>redis6-devel-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis6" release="1.ule3" version="6.2.7">
+                         <filename>redis6-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis6-debugsource" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debugsource-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis6-debuginfo" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debuginfo-6.2.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="redis6-doc" release="1.ule3" version="6.2.7">
+                         <filename>redis6-doc-6.2.7-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6-debuginfo" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debuginfo-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6" release="1.ule3" version="6.2.7">
+                         <filename>redis6-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6-debugsource" release="1.ule3" version="6.2.7">
+                         <filename>redis6-debugsource-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis6-devel" release="1.ule3" version="6.2.7">
+                         <filename>redis6-devel-6.2.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1886</id>
+          <title>An update for pcs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1049" id="CVE-2022-1049" title="CVE-2022-1049" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.(CVE-2022-1049)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="pcs" release="3.ule3" version="0.10.8">
+                         <filename>pcs-0.10.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcs-snmp" release="3.ule3" version="0.10.8">
+                         <filename>pcs-snmp-0.10.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcs-snmp" release="3.ule3" version="0.10.8">
+                         <filename>pcs-snmp-0.10.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcs" release="3.ule3" version="0.10.8">
+                         <filename>pcs-0.10.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1887</id>
+          <title>An update for python-reportlab is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-28463" id="CVE-2020-28463" title="CVE-2020-28463" type="cve"></reference>
+          </references>
+          <description>All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes &amp; trustedHosts (see in Reportlab&#39;s documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -&gt; odyssey -&gt; dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject &lt;img src=&#34;http://127.0.0.1:5000&#34; valign=&#34;top&#34;/&gt; 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF(CVE-2020-28463)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-reportlab-debugsource" release="1.ule3" version="3.6.10">
+                         <filename>python-reportlab-debugsource-3.6.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-reportlab" release="1.ule3" version="3.6.10">
+                         <filename>python3-reportlab-3.6.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-reportlab-debuginfo" release="1.ule3" version="3.6.10">
+                         <filename>python-reportlab-debuginfo-3.6.10-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-reportlab-help" release="1.ule3" version="3.6.10">
+                         <filename>python-reportlab-help-3.6.10-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-reportlab" release="1.ule3" version="3.6.10">
+                         <filename>python3-reportlab-3.6.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-reportlab-debuginfo" release="1.ule3" version="3.6.10">
+                         <filename>python-reportlab-debuginfo-3.6.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-reportlab-debugsource" release="1.ule3" version="3.6.10">
+                         <filename>python-reportlab-debugsource-3.6.10-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1888</id>
+          <title>An update for net-snmp is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24809" id="CVE-2022-24809" title="CVE-2022-24809" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24807" id="CVE-2022-24807" title="CVE-2022-24807" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24808" id="CVE-2022-24808" title="CVE-2022-24808" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24805" id="CVE-2022-24805" title="CVE-2022-24805" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24810" id="CVE-2022-24810" title="CVE-2022-24810" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24806" id="CVE-2022-24806" title="CVE-2022-24806" type="cve"></reference>
+          </references>
+          <description>https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGESCVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference.(CVE-2022-24809)CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES(CVE-2022-24807)https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGESCVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference(CVE-2022-24808)+*5.9.2*:+    security:+      - These two CVEs can be exploited by a user with read-only credentials:+          - CVE-2022-24805 A buffer overflow in the handling of the INDEX of+            NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.+          - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable+            can cause a NULL pointer dereference.+      - These CVEs can be exploited by a user with read-write credentials:+          - CVE-2022-24806 Improper Input Validation when SETing malformed+            OIDs in master agent and subagent simultaneously+          - CVE-2022-24807 A malformed OID in a SET request to+            SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an+            out-of-bounds memory access.+          - CVE-2022-24808 A malformed OID in a SET request to+            NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference+          - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable+            can cause a NULL pointer dereference.+      - To avoid these flaws, use strong SNMPv3 credentials and do not share them.+        If you must use SNMPv1 or SNMPv2c, use a complex community string+        and enhance the protection by restricting access to a given IP address range.+      - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for+        reporting the following CVEs that have been fixed in this release, and+        to Arista Networks for providing fixes.(CVE-2022-24805)https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.(CVE-2022-24810)From https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGESCVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously(CVE-2022-24806)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="net-snmp-perl" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-perl-5.9.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp-debuginfo" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-debuginfo-5.9.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp-devel" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-devel-5.9.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp-gui" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-gui-5.9.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp-libs" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-libs-5.9.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp-debugsource" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-debugsource-5.9.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-5.9.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="python3-net-snmp" release="3.ule3" version="5.9.1">
+                         <filename>python3-net-snmp-5.9.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="net-snmp-help" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-help-5.9.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-5.9.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-gui" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-gui-5.9.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="python3-net-snmp" release="3.ule3" version="5.9.1">
+                         <filename>python3-net-snmp-5.9.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-perl" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-perl-5.9.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-debuginfo" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-debuginfo-5.9.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-debugsource" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-debugsource-5.9.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-devel" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-devel-5.9.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-libs" release="3.ule3" version="5.9.1">
+                         <filename>net-snmp-libs-5.9.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1889</id>
+          <title>An update for gnutls is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4209" id="CVE-2021-4209" title="CVE-2021-4209" type="cve"></reference>
+          </references>
+          <description>A NULL pointer dereference flaw was found in GnuTLS. As Nettle&#39;s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.(CVE-2021-4209)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gnutls-debugsource" release="4.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-utils" release="4.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debuginfo" release="4.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-devel" release="4.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls" release="4.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gnutls-help" release="4.ule3" version="3.7.2">
+                         <filename>gnutls-help-3.7.2-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debuginfo" release="4.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls" release="4.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debugsource" release="4.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-devel" release="4.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-utils" release="4.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1890</id>
+          <title>An update for virglrenderer is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0135" id="CVE-2022-0135" title="CVE-2022-0135" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.(CVE-2022-0135)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="virglrenderer" release="3.ule3" version="0.8.2">
+                         <filename>virglrenderer-0.8.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="virglrenderer-devel" release="3.ule3" version="0.8.2">
+                         <filename>virglrenderer-devel-0.8.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="virglrenderer-debugsource" release="3.ule3" version="0.8.2">
+                         <filename>virglrenderer-debugsource-0.8.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="virglrenderer-debuginfo" release="3.ule3" version="0.8.2">
+                         <filename>virglrenderer-debuginfo-0.8.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="virglrenderer-debuginfo" release="3.ule3" version="0.8.2">
+                         <filename>virglrenderer-debuginfo-0.8.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="virglrenderer-debugsource" release="3.ule3" version="0.8.2">
+                         <filename>virglrenderer-debugsource-0.8.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="virglrenderer" release="3.ule3" version="0.8.2">
+                         <filename>virglrenderer-0.8.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="virglrenderer-devel" release="3.ule3" version="0.8.2">
+                         <filename>virglrenderer-devel-0.8.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1891</id>
+          <title>An update for libvirt is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3975" id="CVE-2021-3975" title="CVE-2021-3975" type="cve"></reference>
+          </references>
+          <description>A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2021-3975)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-rbd" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-rbd-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-disk" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-disk-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-bash-completion" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-bash-completion-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-network" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-network-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-gluster" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-gluster-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-libs" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-libs-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-nss" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-nss-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-mpath" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-mpath-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-scsi" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-scsi-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-debugsource" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-debugsource-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-core" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-core-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-wireshark" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-wireshark-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-config-nwfilter" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-nwfilter-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-kvm" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-kvm-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-docs" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-docs-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-qemu" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-qemu-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-debuginfo" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-debuginfo-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-devel" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-devel-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-lock-sanlock" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-lock-sanlock-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-nwfilter" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nwfilter-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-secret" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-secret-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-admin" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-admin-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-nodedev" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nodedev-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-client" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-client-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-interface" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-interface-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-config-network" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-network-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-iscsi" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-logical" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-logical-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-iscsi-direct" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-direct-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-qemu" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-qemu-6.2.0-42.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-bash-completion" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-bash-completion-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-nss" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-nss-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-wireshark" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-wireshark-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-network" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-network-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-qemu" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-qemu-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-mpath" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-mpath-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-debugsource" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-debugsource-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-secret" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-secret-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-config-network" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-network-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-iscsi-direct" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-direct-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-core" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-core-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-nwfilter" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nwfilter-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-iscsi" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-interface" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-interface-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-qemu" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-qemu-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-rbd" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-rbd-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-debuginfo" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-debuginfo-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-docs" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-docs-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-gluster" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-gluster-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-logical" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-logical-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-disk" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-disk-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-devel" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-devel-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-nodedev" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nodedev-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-scsi" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-scsi-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-client" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-client-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-admin" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-admin-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-libs" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-libs-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-config-nwfilter" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-nwfilter-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-kvm" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-kvm-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-lock-sanlock" release="42.ule3" version="6.2.0">
+                         <filename>libvirt-lock-sanlock-6.2.0-42.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1892</id>
+          <title>An update for sudo is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-07"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37434" id="CVE-2022-37434" title="CVE-2022-37434" type="cve"></reference>
+          </references>
+          <description>zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sudo-devel" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debugsource" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debuginfo" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sudo-help" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-help-1.9.8p2-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debugsource" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-devel" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debuginfo" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1893</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-07"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1462" id="CVE-2022-1462" title="CVE-2022-1462" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2503" id="CVE-2022-2503" title="CVE-2022-2503" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2959" id="CVE-2022-2959" title="CVE-2022-2959" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2977" id="CVE-2022-2977" title="CVE-2022-2977" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2964" id="CVE-2022-2964" title="CVE-2022-2964" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3028" id="CVE-2022-3028" title="CVE-2022-3028" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.(CVE-2022-1462)Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5(CVE-2022-2503)A race condition was found in the Linux kernel&#39;s watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.(CVE-2022-2959)A flaw was found in the kernels implementation of proxied virtualized TPM devices.  On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.References:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f(CVE-2022-2977)The linux kernels driver for the &#34;ASIX AX88179_178A based USB 2.0/3.0 Gigabit Ethernet Devices&#34; contains multiple out-of-bounds reads and possible writes in the ax88179_rx_fixup() function. References:https://www.spinics.net/lists/stable/msg536418.htmlUpstream commit:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581(CVE-2022-2964)A race condition was found in the Linux kernel&#39;s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.(CVE-2022-3028)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bpftool" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="perf-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1896</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-07"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2719" id="CVE-2022-2719" title="CVE-2022-2719" type="cve"></reference>
+          </references>
+          <description>In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.(CVE-2022-2719)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1897</id>
+          <title>An update for rpm is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35937" id="CVE-2021-35937" title="CVE-2021-35937" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35939" id="CVE-2021-35939" title="CVE-2021-35939" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-35938" id="CVE-2021-35938" title="CVE-2021-35938" type="cve"></reference>
+          </references>
+          <description>A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-35937)It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-35939)A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-35938)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="rpm-devel" release="14.ule3" version="4.17.0">
+                         <filename>rpm-devel-4.17.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rpm-build" release="14.ule3" version="4.17.0">
+                         <filename>rpm-build-4.17.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rpm-libs" release="14.ule3" version="4.17.0">
+                         <filename>rpm-libs-4.17.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rpm" release="14.ule3" version="4.17.0">
+                         <filename>rpm-4.17.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rpm-debuginfo" release="14.ule3" version="4.17.0">
+                         <filename>rpm-debuginfo-4.17.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rpm-debugsource" release="14.ule3" version="4.17.0">
+                         <filename>rpm-debugsource-4.17.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-rpm" release="14.ule3" version="4.17.0">
+                         <filename>python3-rpm-4.17.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rpm-plugin-systemd-inhibit" release="14.ule3" version="4.17.0">
+                         <filename>rpm-plugin-systemd-inhibit-4.17.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rpm-help" release="14.ule3" version="4.17.0">
+                         <filename>rpm-help-4.17.0-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rpm-build" release="14.ule3" version="4.17.0">
+                         <filename>rpm-build-4.17.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rpm-debuginfo" release="14.ule3" version="4.17.0">
+                         <filename>rpm-debuginfo-4.17.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rpm-devel" release="14.ule3" version="4.17.0">
+                         <filename>rpm-devel-4.17.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-rpm" release="14.ule3" version="4.17.0">
+                         <filename>python3-rpm-4.17.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rpm-debugsource" release="14.ule3" version="4.17.0">
+                         <filename>rpm-debugsource-4.17.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rpm" release="14.ule3" version="4.17.0">
+                         <filename>rpm-4.17.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rpm-plugin-systemd-inhibit" release="14.ule3" version="4.17.0">
+                         <filename>rpm-plugin-systemd-inhibit-4.17.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rpm-libs" release="14.ule3" version="4.17.0">
+                         <filename>rpm-libs-4.17.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1898</id>
+          <title>An update for intel-sgx-ssl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1292" id="CVE-2022-1292" title="CVE-2022-1292" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2068" id="CVE-2022-2068" title="CVE-2022-2068" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2097" id="CVE-2022-2097" title="CVE-2022-2097" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0778" id="CVE-2022-0778" title="CVE-2022-0778" type="cve"></reference>
+          </references>
+          <description>The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).(CVE-2022-1292)In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).(CVE-2022-2068)AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn&#39;t written. In the special case of &#34;in place&#34; encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097)The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="x86_64" name="intel-sgx-ssl-devel" release="2.ule3" version="2.15.1">
+                         <filename>intel-sgx-ssl-devel-2.15.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="intel-sgx-ssl" release="2.ule3" version="2.15.1">
+                         <filename>intel-sgx-ssl-2.15.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1899</id>
+          <title>An update for linux-sgx is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2068" id="CVE-2022-2068" title="CVE-2022-2068" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2097" id="CVE-2022-2097" title="CVE-2022-2097" type="cve"></reference>
+          </references>
+          <description>In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).(CVE-2022-2068)AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn&#39;t written. In the special case of &#34;in place&#34; encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="x86_64" name="libsgx-urts" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-urts-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="linux-sgx-debugsource" release="5.ule3" version="2.15.1">
+                         <filename>linux-sgx-debugsource-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-launch-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-launch-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-ra-service" release="5.ule3" version="2.15.1">
+                         <filename>sgx-ra-service-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-epid" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-epid-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-default-qpl-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-default-qpl-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-epid-plugin" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-epid-plugin-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-uae-service" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-uae-service-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-qve" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ae-qve-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-pce" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ae-pce-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-default-qpl" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-default-qpl-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-pce-plugin" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-pce-plugin-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-network" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ra-network-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-headers" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-headers-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-qe3-logic" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-qe3-logic-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-quote-ex-plugin" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-quote-ex-plugin-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-enclave-common" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-enclave-common-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-pck-id-retrieval-tool" release="5.ule3" version="2.15.1">
+                         <filename>sgx-pck-id-retrieval-tool-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-quote-verify-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-quote-verify-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-epid-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-epid-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-dcap-pccs" release="5.ule3" version="2.15.1">
+                         <filename>sgx-dcap-pccs-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-qe3" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ae-qe3-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-ql" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-ql-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-launch" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-launch-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-le" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ae-le-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-launch-plugin" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-launch-plugin-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-pce-logic" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-pce-logic-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="linux-sgx-debuginfo" release="5.ule3" version="2.15.1">
+                         <filename>linux-sgx-debuginfo-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-aesm-service" release="5.ule3" version="2.15.1">
+                         <filename>sgx-aesm-service-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-enclave-common-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-enclave-common-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-ecdsa-plugin" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-ecdsa-plugin-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-uefi-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ra-uefi-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgxsdk" release="5.ule3" version="2.15.1">
+                         <filename>sgxsdk-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-quote-ex" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-quote-ex-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-quote-ex-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-quote-ex-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-quote-verify" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-quote-verify-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-ql-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-ql-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-uefi" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ra-uefi-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-network-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ra-network-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-epid" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ae-epid-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1902</id>
+          <title>An update for unzip is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4217" id="CVE-2021-4217" title="CVE-2021-4217" type="cve"></reference>
+          </references>
+          <description>A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.(CVE-2021-4217)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="unzip-help" release="50.ule3" version="6.0">
+                         <filename>unzip-help-6.0-50.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unzip" release="50.ule3" version="6.0">
+                         <filename>unzip-6.0-50.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unzip-debuginfo" release="50.ule3" version="6.0">
+                         <filename>unzip-debuginfo-6.0-50.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unzip-debugsource" release="50.ule3" version="6.0">
+                         <filename>unzip-debugsource-6.0-50.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unzip-debuginfo" release="50.ule3" version="6.0">
+                         <filename>unzip-debuginfo-6.0-50.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unzip" release="50.ule3" version="6.0">
+                         <filename>unzip-6.0-50.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unzip-help" release="50.ule3" version="6.0">
+                         <filename>unzip-help-6.0-50.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unzip-debugsource" release="50.ule3" version="6.0">
+                         <filename>unzip-debugsource-6.0-50.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1903</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1115" id="CVE-2022-1115" title="CVE-2022-1115" type="cve"></reference>
+          </references>
+          <description>A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.(CVE-2022-1115)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="3.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1904</id>
+          <title>An update for sudo is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33070" id="CVE-2022-33070" title="CVE-2022-33070" type="cve"></reference>
+          </references>
+          <description>Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.(CVE-2022-33070)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sudo-debuginfo" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debugsource" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-devel" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sudo-help" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-help-1.9.8p2-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debugsource" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-devel" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debuginfo" release="3.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1905</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1615" id="CVE-2022-1615" title="CVE-2022-1615" type="cve"></reference>
+          </references>
+          <description>In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.(CVE-2022-1615)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libsmbclient-devel" release="10.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind" release="10.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="10.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-clients" release="10.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="10.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ctdb" release="10.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="10.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient" release="10.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="10.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="10.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="10.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="10.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="10.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="10.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="10.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debugsource" release="10.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="10.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="10.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="10.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common" release="10.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="10.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common-tools" release="10.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="10.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-libs" release="10.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="10.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="10.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="10.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="10.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="10.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="10.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="10.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="10.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="10.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="10.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="10.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="10.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="10.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="10.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="10.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="10.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="10.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="10.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="10.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="10.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="10.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="10.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="10.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="10.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="10.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="10.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="10.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="10.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="10.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="10.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1906</id>
+          <title>An update for poppler is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38784" id="CVE-2022-38784" title="CVE-2022-38784" type="cve"></reference>
+          </references>
+          <description>Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.(CVE-2022-38784)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="poppler-debuginfo" release="3.ule3" version="0.90.0">
+                         <filename>poppler-debuginfo-0.90.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-cpp-devel" release="3.ule3" version="0.90.0">
+                         <filename>poppler-cpp-devel-0.90.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-glib-devel" release="3.ule3" version="0.90.0">
+                         <filename>poppler-glib-devel-0.90.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler" release="3.ule3" version="0.90.0">
+                         <filename>poppler-0.90.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-debugsource" release="3.ule3" version="0.90.0">
+                         <filename>poppler-debugsource-0.90.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-qt5" release="3.ule3" version="0.90.0">
+                         <filename>poppler-qt5-0.90.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-glib" release="3.ule3" version="0.90.0">
+                         <filename>poppler-glib-0.90.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-utils" release="3.ule3" version="0.90.0">
+                         <filename>poppler-utils-0.90.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-cpp" release="3.ule3" version="0.90.0">
+                         <filename>poppler-cpp-0.90.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-qt5-devel" release="3.ule3" version="0.90.0">
+                         <filename>poppler-qt5-devel-0.90.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-devel" release="3.ule3" version="0.90.0">
+                         <filename>poppler-devel-0.90.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="poppler-help" release="3.ule3" version="0.90.0">
+                         <filename>poppler-help-0.90.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="poppler-glib-doc" release="3.ule3" version="0.90.0">
+                         <filename>poppler-glib-doc-0.90.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-cpp-devel" release="3.ule3" version="0.90.0">
+                         <filename>poppler-cpp-devel-0.90.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-utils" release="3.ule3" version="0.90.0">
+                         <filename>poppler-utils-0.90.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-qt5" release="3.ule3" version="0.90.0">
+                         <filename>poppler-qt5-0.90.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-glib-devel" release="3.ule3" version="0.90.0">
+                         <filename>poppler-glib-devel-0.90.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-cpp" release="3.ule3" version="0.90.0">
+                         <filename>poppler-cpp-0.90.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler" release="3.ule3" version="0.90.0">
+                         <filename>poppler-0.90.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-devel" release="3.ule3" version="0.90.0">
+                         <filename>poppler-devel-0.90.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-qt5-devel" release="3.ule3" version="0.90.0">
+                         <filename>poppler-qt5-devel-0.90.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-debugsource" release="3.ule3" version="0.90.0">
+                         <filename>poppler-debugsource-0.90.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-glib" release="3.ule3" version="0.90.0">
+                         <filename>poppler-glib-0.90.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-debuginfo" release="3.ule3" version="0.90.0">
+                         <filename>poppler-debuginfo-0.90.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1907</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0216" id="CVE-2022-0216" title="CVE-2022-0216" type="cve"></reference>
+          </references>
+          <description>A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.(CVE-2022-0216)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qemu-guest-agent" release="48.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-rbd" release="48.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-img" release="48.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-system-aarch64" release="48.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu" release="48.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-debuginfo" release="48.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-curl" release="48.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-system-x86_64" release="48.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-ssh" release="48.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-system-arm" release="48.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-debugsource" release="48.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-iscsi" release="48.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-hw-usb-host" release="48.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-system-riscv" release="48.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-48.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="qemu-help" release="48.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-48.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-curl" release="48.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-iscsi" release="48.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-ssh" release="48.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-guest-agent" release="48.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-aarch64" release="48.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-x86_64" release="48.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu" release="48.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-arm" release="48.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-riscv" release="48.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-debugsource" release="48.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-seabios" release="48.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-hw-usb-host" release="48.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-img" release="48.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-rbd" release="48.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-debuginfo" release="48.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-48.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1908</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-35252" id="CVE-2022-35252" title="CVE-2022-35252" type="cve"></reference>
+          </references>
+          <description>When curl is used to retrieve and parse cookies from an HTTP(S) server, it accepts cookies using control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response. Effectively allowing a &#34;sister site&#34; to deny service to siblings.Reference:https://curl.se/docs/CVE-2022-35252.html(CVE-2022-35252)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libcurl-devel" release="10.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl" release="10.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="10.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="10.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="10.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="10.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="10.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="10.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="10.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="10.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="10.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1909</id>
+          <title>An update for sqlite is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-35737" id="CVE-2022-35737" title="CVE-2022-35737" type="cve"></reference>
+          </references>
+          <description>SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.(CVE-2022-35737)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sqlite-devel" release="2.ule3" version="3.37.2">
+                         <filename>sqlite-devel-3.37.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite-debugsource" release="2.ule3" version="3.37.2">
+                         <filename>sqlite-debugsource-3.37.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite-debuginfo" release="2.ule3" version="3.37.2">
+                         <filename>sqlite-debuginfo-3.37.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite" release="2.ule3" version="3.37.2">
+                         <filename>sqlite-3.37.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sqlite-help" release="2.ule3" version="3.37.2">
+                         <filename>sqlite-help-3.37.2-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-debugsource" release="2.ule3" version="3.37.2">
+                         <filename>sqlite-debugsource-3.37.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite" release="2.ule3" version="3.37.2">
+                         <filename>sqlite-3.37.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-devel" release="2.ule3" version="3.37.2">
+                         <filename>sqlite-devel-3.37.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-debuginfo" release="2.ule3" version="3.37.2">
+                         <filename>sqlite-debuginfo-3.37.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1910</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2938" id="CVE-2022-2938" title="CVE-2022-2938" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2586" id="CVE-2022-2586" title="CVE-2022-2586" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the Linux kernel&#39;s implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.(CVE-2022-2938)A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation.(CVE-2022-2586)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-devel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.54.0.82.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="504" arch="x86_64" name="kernel-tools" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.54.0.82.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.54.0.82.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1911</id>
+          <title>An update for dpdk is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2132" id="CVE-2022-2132" title="CVE-2022-2132" type="cve"></reference>
+          </references>
+          <description>A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.(CVE-2022-2132)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="dpdk-debugsource" release="16.ule3" version="21.11">
+                         <filename>dpdk-debugsource-21.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk-debuginfo" release="16.ule3" version="21.11">
+                         <filename>dpdk-debuginfo-21.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk" release="16.ule3" version="21.11">
+                         <filename>dpdk-21.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk-tools" release="16.ule3" version="21.11">
+                         <filename>dpdk-tools-21.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk-devel" release="16.ule3" version="21.11">
+                         <filename>dpdk-devel-21.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="dpdk-doc" release="16.ule3" version="21.11">
+                         <filename>dpdk-doc-21.11-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-tools" release="16.ule3" version="21.11">
+                         <filename>dpdk-tools-21.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-devel" release="16.ule3" version="21.11">
+                         <filename>dpdk-devel-21.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-debuginfo" release="16.ule3" version="21.11">
+                         <filename>dpdk-debuginfo-21.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk" release="16.ule3" version="21.11">
+                         <filename>dpdk-21.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-debugsource" release="16.ule3" version="21.11">
+                         <filename>dpdk-debugsource-21.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1912</id>
+          <title>An update for yajl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24795" id="CVE-2022-24795" title="CVE-2022-24795" type="cve"></reference>
+          </references>
+          <description>yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf-&gt;alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.(CVE-2022-24795)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="yajl-devel" release="18.ule3" version="2.1.0">
+                         <filename>yajl-devel-2.1.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="yajl" release="18.ule3" version="2.1.0">
+                         <filename>yajl-2.1.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="yajl-debuginfo" release="18.ule3" version="2.1.0">
+                         <filename>yajl-debuginfo-2.1.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="yajl-debugsource" release="18.ule3" version="2.1.0">
+                         <filename>yajl-debugsource-2.1.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yajl" release="18.ule3" version="2.1.0">
+                         <filename>yajl-2.1.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yajl-debuginfo" release="18.ule3" version="2.1.0">
+                         <filename>yajl-debuginfo-2.1.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yajl-devel" release="18.ule3" version="2.1.0">
+                         <filename>yajl-devel-2.1.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yajl-debugsource" release="18.ule3" version="2.1.0">
+                         <filename>yajl-debugsource-2.1.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1913</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3099" id="CVE-2022-3099" title="CVE-2022-3099" type="cve"></reference>
+          </references>
+          <description>Use After Free in GitHub repository vim/vim prior to 9.0.0360.(CVE-2022-3099)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="65.ule3" version="8.2">
+                         <filename>vim-X11-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="65.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="65.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="65.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="65.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="65.ule3" version="8.2">
+                         <filename>vim-common-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="65.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-65.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="65.ule3" version="8.2">
+                         <filename>vim-common-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="65.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="65.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="65.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="65.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="65.ule3" version="8.2">
+                         <filename>vim-X11-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1914</id>
+          <title>An update for colord is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-42523" id="CVE-2021-42523" title="CVE-2021-42523" type="cve"></reference>
+          </references>
+          <description>There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the &#39;err_msg&#39; of &#39;sqlite3_exec&#39; is not releasing after use, while libxml2 emphasizes that the caller needs to release it.(CVE-2021-42523)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="colord-devel" release="4.ule3" version="1.4.5">
+                         <filename>colord-devel-1.4.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="colord-help" release="4.ule3" version="1.4.5">
+                         <filename>colord-help-1.4.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="colord-debuginfo" release="4.ule3" version="1.4.5">
+                         <filename>colord-debuginfo-1.4.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="colord" release="4.ule3" version="1.4.5">
+                         <filename>colord-1.4.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="colord-debugsource" release="4.ule3" version="1.4.5">
+                         <filename>colord-debugsource-1.4.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="colord-libs" release="4.ule3" version="1.4.5">
+                         <filename>colord-libs-1.4.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="colord-debuginfo" release="4.ule3" version="1.4.5">
+                         <filename>colord-debuginfo-1.4.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="colord" release="4.ule3" version="1.4.5">
+                         <filename>colord-1.4.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="colord-devel" release="4.ule3" version="1.4.5">
+                         <filename>colord-devel-1.4.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="colord-debugsource" release="4.ule3" version="1.4.5">
+                         <filename>colord-debugsource-1.4.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="colord-libs" release="4.ule3" version="1.4.5">
+                         <filename>colord-libs-1.4.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="colord-help" release="4.ule3" version="1.4.5">
+                         <filename>colord-help-1.4.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1917</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2953" id="CVE-2022-2953" title="CVE-2022-2953" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2519" id="CVE-2022-2519" title="CVE-2022-2519" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2521" id="CVE-2022-2521" title="CVE-2022-2521" type="cve"></reference>
+          </references>
+          <description>LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.(CVE-2022-2953)There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1(CVE-2022-2519)It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.(CVE-2022-2521)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-static" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1918</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-14394" id="CVE-2020-14394" title="CVE-2020-14394" type="cve"></reference>
+          </references>
+          <description>An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.(CVE-2020-14394)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="qemu-block-curl" release="49.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-debugsource" release="49.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-img" release="49.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-arm" release="49.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-debuginfo" release="49.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-riscv" release="49.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-guest-agent" release="49.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-hw-usb-host" release="49.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-aarch64" release="49.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-block-rbd" release="49.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-x86_64" release="49.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-block-ssh" release="49.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu" release="49.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-block-iscsi" release="49.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-49.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="qemu-help" release="49.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-49.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-x86_64" release="49.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-debugsource" release="49.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-aarch64" release="49.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-guest-agent" release="49.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-ssh" release="49.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-arm" release="49.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-iscsi" release="49.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-debuginfo" release="49.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu" release="49.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-rbd" release="49.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-seabios" release="49.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-hw-usb-host" release="49.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-curl" release="49.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-img" release="49.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-riscv" release="49.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-49.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1919</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3134" id="CVE-2022-3134" title="CVE-2022-3134" type="cve"></reference>
+          </references>
+          <description>Use After Free in GitHub repository vim/vim prior to 9.0.0389.(CVE-2022-3134)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="65.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="65.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="65.ule3" version="8.2">
+                         <filename>vim-X11-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="65.ule3" version="8.2">
+                         <filename>vim-common-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="65.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="65.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-65.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="65.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-65.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="65.ule3" version="8.2">
+                         <filename>vim-common-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="65.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="65.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="65.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="65.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="65.ule3" version="8.2">
+                         <filename>vim-X11-8.2-65.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1920</id>
+          <title>An update for wayland is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3782" id="CVE-2021-3782" title="CVE-2021-3782" type="cve"></reference>
+          </references>
+          <description>An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.(CVE-2021-3782)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="wayland-debuginfo" release="4.ule3" version="1.19.91">
+                         <filename>wayland-debuginfo-1.19.91-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="wayland" release="4.ule3" version="1.19.91">
+                         <filename>wayland-1.19.91-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="wayland-devel" release="4.ule3" version="1.19.91">
+                         <filename>wayland-devel-1.19.91-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="wayland-debugsource" release="4.ule3" version="1.19.91">
+                         <filename>wayland-debugsource-1.19.91-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="wayland-help" release="4.ule3" version="1.19.91">
+                         <filename>wayland-help-1.19.91-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="wayland-devel" release="4.ule3" version="1.19.91">
+                         <filename>wayland-devel-1.19.91-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="wayland" release="4.ule3" version="1.19.91">
+                         <filename>wayland-1.19.91-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="wayland-debuginfo" release="4.ule3" version="1.19.91">
+                         <filename>wayland-debuginfo-1.19.91-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="wayland-debugsource" release="4.ule3" version="1.19.91">
+                         <filename>wayland-debugsource-1.19.91-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1921</id>
+          <title>An update for python3 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-10735" id="CVE-2020-10735" title="CVE-2020-10735" type="cve"></reference>
+          </references>
+          <description>A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(&#34;text&#34;), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.(CVE-2020-10735)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-debuginfo" release="14.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unversioned-command" release="14.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-devel" release="14.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3" release="14.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debugsource" release="14.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debug" release="14.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-help" release="14.ule3" version="3.9.9">
+                         <filename>python3-help-3.9.9-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debugsource" release="14.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debug" release="14.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-devel" release="14.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debuginfo" release="14.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unversioned-command" release="14.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3" release="14.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1922</id>
+          <title>An update for bluez is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39177" id="CVE-2022-39177" title="CVE-2022-39177" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39176" id="CVE-2022-39176" title="CVE-2022-39176" type="cve"></reference>
+          </references>
+          <description>BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.(CVE-2022-39177)BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.(CVE-2022-39176)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bluez-debuginfo" release="15.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debugsource" release="15.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez" release="15.ule3" version="5.54">
+                         <filename>bluez-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-devel" release="15.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-cups" release="15.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-libs" release="15.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bluez-help" release="15.ule3" version="5.54">
+                         <filename>bluez-help-5.54-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-devel" release="15.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debuginfo" release="15.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez" release="15.ule3" version="5.54">
+                         <filename>bluez-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-cups" release="15.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debugsource" release="15.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-libs" release="15.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1923</id>
+          <title>An update for fribidi is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25308" id="CVE-2022-25308" title="CVE-2022-25308" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25309" id="CVE-2022-25309" title="CVE-2022-25309" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25310" id="CVE-2022-25310" title="CVE-2022-25310" type="cve"></reference>
+          </references>
+          <description>A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.(CVE-2022-25308)A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the &#39;--caprtl&#39; option, leading to a crash and causing a denial of service.(CVE-2022-25309)A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.(CVE-2022-25310)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="fribidi" release="2.ule3" version="1.0.10">
+                         <filename>fribidi-1.0.10-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fribidi-debugsource" release="2.ule3" version="1.0.10">
+                         <filename>fribidi-debugsource-1.0.10-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fribidi-devel" release="2.ule3" version="1.0.10">
+                         <filename>fribidi-devel-1.0.10-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fribidi-debuginfo" release="2.ule3" version="1.0.10">
+                         <filename>fribidi-debuginfo-1.0.10-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fribidi" release="2.ule3" version="1.0.10">
+                         <filename>fribidi-1.0.10-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fribidi-devel" release="2.ule3" version="1.0.10">
+                         <filename>fribidi-devel-1.0.10-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fribidi-debugsource" release="2.ule3" version="1.0.10">
+                         <filename>fribidi-debugsource-1.0.10-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fribidi-debuginfo" release="2.ule3" version="1.0.10">
+                         <filename>fribidi-debuginfo-1.0.10-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1924</id>
+          <title>An update for linux-sgx is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0778" id="CVE-2022-0778" title="CVE-2022-0778" type="cve"></reference>
+          </references>
+          <description>The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="x86_64" name="libsgx-urts" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-urts-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="linux-sgx-debugsource" release="5.ule3" version="2.15.1">
+                         <filename>linux-sgx-debugsource-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-launch-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-launch-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-ra-service" release="5.ule3" version="2.15.1">
+                         <filename>sgx-ra-service-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-epid" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-epid-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-default-qpl-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-default-qpl-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-epid-plugin" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-epid-plugin-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-uae-service" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-uae-service-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-qve" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ae-qve-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-pce" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ae-pce-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-default-qpl" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-default-qpl-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-pce-plugin" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-pce-plugin-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-network" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ra-network-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-headers" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-headers-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-qe3-logic" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-qe3-logic-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-quote-ex-plugin" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-quote-ex-plugin-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-enclave-common" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-enclave-common-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-pck-id-retrieval-tool" release="5.ule3" version="2.15.1">
+                         <filename>sgx-pck-id-retrieval-tool-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-quote-verify-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-quote-verify-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-epid-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-epid-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-dcap-pccs" release="5.ule3" version="2.15.1">
+                         <filename>sgx-dcap-pccs-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-qe3" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ae-qe3-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-ql" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-ql-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-launch" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-launch-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-le" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ae-le-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-launch-plugin" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-launch-plugin-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-pce-logic" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-pce-logic-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="linux-sgx-debuginfo" release="5.ule3" version="2.15.1">
+                         <filename>linux-sgx-debuginfo-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-aesm-service" release="5.ule3" version="2.15.1">
+                         <filename>sgx-aesm-service-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-enclave-common-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-enclave-common-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-ecdsa-plugin" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-ecdsa-plugin-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-uefi-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ra-uefi-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgxsdk" release="5.ule3" version="2.15.1">
+                         <filename>sgxsdk-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-quote-ex" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-quote-ex-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-quote-ex-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-quote-ex-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-quote-verify" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-quote-verify-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-ql-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-ql-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-uefi" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ra-uefi-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-network-devel" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ra-network-devel-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-epid" release="5.ule3" version="2.15.1">
+                         <filename>libsgx-ae-epid-2.15.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1927</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39842" id="CVE-2022-39842" title="CVE-2022-39842" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39190" id="CVE-2022-39190" title="CVE-2022-39190" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39189" id="CVE-2022-39189" title="CVE-2022-39189" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3061" id="CVE-2022-3061" title="CVE-2022-3061" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2663" id="CVE-2022-2663" title="CVE-2022-2663" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.(CVE-2022-39842)An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.(CVE-2022-39190)An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.(CVE-2022-39189)Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn t check the value of pixclock , so it may cause a divide by zero error.(CVE-2022-3061)An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.(CVE-2022-2663)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bpftool" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.56.0.84.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.56.0.84.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.56.0.84.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1928</id>
+          <title>An update for libconfuse is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40320" id="CVE-2022-40320" title="CVE-2022-40320" type="cve"></reference>
+          </references>
+          <description>cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.(CVE-2022-40320)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libconfuse-devel" release="2.ule3" version="3.3">
+                         <filename>libconfuse-devel-3.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libconfuse-debuginfo" release="2.ule3" version="3.3">
+                         <filename>libconfuse-debuginfo-3.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libconfuse-debugsource" release="2.ule3" version="3.3">
+                         <filename>libconfuse-debugsource-3.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libconfuse" release="2.ule3" version="3.3">
+                         <filename>libconfuse-3.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libconfuse-devel" release="2.ule3" version="3.3">
+                         <filename>libconfuse-devel-3.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libconfuse-debugsource" release="2.ule3" version="3.3">
+                         <filename>libconfuse-debugsource-3.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libconfuse" release="2.ule3" version="3.3">
+                         <filename>libconfuse-3.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libconfuse-debuginfo" release="2.ule3" version="3.3">
+                         <filename>libconfuse-debuginfo-3.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1932</id>
+          <title>An update for expat is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40674" id="CVE-2022-40674" title="CVE-2022-40674" type="cve"></reference>
+          </references>
+          <description>libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.(CVE-2022-40674)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="expat-debuginfo" release="6.ule3" version="2.4.1">
+                         <filename>expat-debuginfo-2.4.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat-debugsource" release="6.ule3" version="2.4.1">
+                         <filename>expat-debugsource-2.4.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat-devel" release="6.ule3" version="2.4.1">
+                         <filename>expat-devel-2.4.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat" release="6.ule3" version="2.4.1">
+                         <filename>expat-2.4.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="expat-help" release="6.ule3" version="2.4.1">
+                         <filename>expat-help-2.4.1-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-devel" release="6.ule3" version="2.4.1">
+                         <filename>expat-devel-2.4.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat" release="6.ule3" version="2.4.1">
+                         <filename>expat-2.4.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-debugsource" release="6.ule3" version="2.4.1">
+                         <filename>expat-debugsource-2.4.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-debuginfo" release="6.ule3" version="2.4.1">
+                         <filename>expat-debuginfo-2.4.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1935</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2520" id="CVE-2022-2520" title="CVE-2022-2520" type="cve"></reference>
+          </references>
+          <description>A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.(CVE-2022-2520)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="18.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1936</id>
+          <title>An update for docker is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36109" id="CVE-2022-36109" title="CVE-2022-36109" type="cve"></reference>
+          </references>
+          <description>Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `&#34;USER $USERNAME&#34;` Dockerfile instruction. Instead by calling `ENTRYPOINT [&#34;su&#34;, &#34;-&#34;, &#34;user&#34;]` the supplementary groups will be set up properly.(CVE-2022-36109)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="docker-engine" release="310.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-310.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="docker-engine-debugsource" release="310.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-310.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="docker-engine-debuginfo" release="310.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-310.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-engine" release="310.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-310.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-engine-debuginfo" release="310.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-310.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-engine-debugsource" release="310.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-310.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1938</id>
+          <title>An update for shim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-1971" id="CVE-2020-1971" title="CVE-2020-1971" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23840" id="CVE-2021-23840" title="CVE-2021-23840" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2017-3735" id="CVE-2017-3735" title="CVE-2017-3735" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-0732" id="CVE-2018-0732" title="CVE-2018-0732" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3712" id="CVE-2021-3712" title="CVE-2021-3712" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0778" id="CVE-2022-0778" title="CVE-2022-0778" type="cve"></reference>
+          </references>
+          <description>The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL&#39;s s_server, s_client and verify tools have support for the &#34;-crl_download&#34; option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL&#39;s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).(CVE-2020-1971)Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).(CVE-2021-23840)While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.(CVE-2017-3735)During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).(CVE-2018-0732)ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL&#39;s own &#34;d2i&#34; functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the &#34;data&#34; and &#34;length&#34; fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the &#34;data&#34; field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).(CVE-2021-3712)The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="shim" release="5.ule3" version="15.4">
+                         <filename>shim-15.4-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debuginfo" release="5.ule3" version="15.4">
+                         <filename>shim-debuginfo-15.4-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debugsource" release="5.ule3" version="15.4">
+                         <filename>shim-debugsource-15.4-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shim" release="5.ule3" version="15.4">
+                         <filename>shim-15.4-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1939</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27664" id="CVE-2022-27664" title="CVE-2022-27664" type="cve"></reference>
+          </references>
+          <description>In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.(CVE-2022-27664)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="9.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="9.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="9.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="9.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1942</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26373" id="CVE-2022-26373" title="CVE-2022-26373" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2991" id="CVE-2022-2991" title="CVE-2022-2991" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2905" id="CVE-2022-2905" title="CVE-2022-2905" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3078" id="CVE-2022-3078" title="CVE-2022-3078" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40307" id="CVE-2022-40307" title="CVE-2022-40307" type="cve"></reference>
+          </references>
+          <description>Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.(CVE-2022-26373)A heap-based buffer overflow was found in the Linux kernel&#39;s LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.(CVE-2022-2991)An out-of-bounds memory read flaw was found in the Linux kernel&#39;s BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.(CVE-2022-2905)An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.(CVE-2022-3078)An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.(CVE-2022-40307)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.57.0.85.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="kernel" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.57.0.85.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.57.0.85.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1951</id>
+          <title>An update for linux-sgx is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1292" id="CVE-2022-1292" title="CVE-2022-1292" type="cve"></reference>
+          </references>
+          <description>The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).(CVE-2022-1292)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="x86_64" name="libsgx-urts" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-urts-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="linux-sgx-debugsource" release="6.ule3" version="2.15.1">
+                         <filename>linux-sgx-debugsource-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-launch-devel" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-launch-devel-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-ra-service" release="6.ule3" version="2.15.1">
+                         <filename>sgx-ra-service-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-epid" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-epid-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-default-qpl-devel" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-default-qpl-devel-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-epid-plugin" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-epid-plugin-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-uae-service" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-uae-service-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-qve" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-ae-qve-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-pce" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-ae-pce-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-default-qpl" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-default-qpl-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-pce-plugin" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-pce-plugin-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-network" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-ra-network-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-headers" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-headers-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-qe3-logic" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-qe3-logic-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-quote-ex-plugin" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-quote-ex-plugin-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-enclave-common" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-enclave-common-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-pck-id-retrieval-tool" release="6.ule3" version="2.15.1">
+                         <filename>sgx-pck-id-retrieval-tool-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-quote-verify-devel" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-quote-verify-devel-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-epid-devel" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-epid-devel-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-dcap-pccs" release="6.ule3" version="2.15.1">
+                         <filename>sgx-dcap-pccs-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-qe3" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-ae-qe3-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-ql" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-ql-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-launch" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-launch-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-le" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-ae-le-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-launch-plugin" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-launch-plugin-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-pce-logic" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-pce-logic-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="linux-sgx-debuginfo" release="6.ule3" version="2.15.1">
+                         <filename>linux-sgx-debuginfo-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgx-aesm-service" release="6.ule3" version="2.15.1">
+                         <filename>sgx-aesm-service-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-enclave-common-devel" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-enclave-common-devel-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-aesm-ecdsa-plugin" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-aesm-ecdsa-plugin-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-uefi-devel" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-ra-uefi-devel-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sgxsdk" release="6.ule3" version="2.15.1">
+                         <filename>sgxsdk-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-quote-ex" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-quote-ex-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-quote-ex-devel" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-quote-ex-devel-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-quote-verify" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-quote-verify-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-dcap-ql-devel" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-dcap-ql-devel-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-uefi" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-ra-uefi-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ra-network-devel" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-ra-network-devel-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsgx-ae-epid" release="6.ule3" version="2.15.1">
+                         <filename>libsgx-ae-epid-2.15.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1961</id>
+          <title>An update for pcs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2735" id="CVE-2022-2735" title="CVE-2022-2735" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the &#34;hacluster&#34; token, this flaw allows an attacker to have complete control over the cluster managed by PCS.(CVE-2022-2735)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="pcs-snmp" release="4.ule3" version="0.10.8">
+                         <filename>pcs-snmp-0.10.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcs" release="4.ule3" version="0.10.8">
+                         <filename>pcs-0.10.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcs-snmp" release="4.ule3" version="0.10.8">
+                         <filename>pcs-snmp-0.10.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcs" release="4.ule3" version="0.10.8">
+                         <filename>pcs-0.10.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1964</id>
+          <title>An update for mod_security_crs is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-27"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39955" id="CVE-2022-39955" title="CVE-2022-39955" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39956" id="CVE-2022-39956" title="CVE-2022-39956" type="cve"></reference>
+          </references>
+          <description>The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type &#34;charset&#34; names and therefore bypassing the configurable CRS Content-Type header &#34;charset&#34; allow list. An encoded payload can bypass CRS detection this way and may then be decoded by the backend. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.(CVE-2022-39955)The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be exploited. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. The mitigation against these vulnerabilities depends on the installation of the latest ModSecurity version (v2.9.6 / v3.0.8).(CVE-2022-39956)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="mod_security_crs" release="1.ule3" version="3.2.2">
+                         <filename>mod_security_crs-3.2.2-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1965</id>
+          <title>An update for dpdk is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28199" id="CVE-2022-28199" title="CVE-2022-28199" type="cve"></reference>
+          </references>
+          <description>NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.(CVE-2022-28199)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="dpdk-debugsource" release="17.ule3" version="21.11">
+                         <filename>dpdk-debugsource-21.11-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk-debuginfo" release="17.ule3" version="21.11">
+                         <filename>dpdk-debuginfo-21.11-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk" release="17.ule3" version="21.11">
+                         <filename>dpdk-21.11-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk-tools" release="17.ule3" version="21.11">
+                         <filename>dpdk-tools-21.11-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dpdk-devel" release="17.ule3" version="21.11">
+                         <filename>dpdk-devel-21.11-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="dpdk-doc" release="17.ule3" version="21.11">
+                         <filename>dpdk-doc-21.11-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-tools" release="17.ule3" version="21.11">
+                         <filename>dpdk-tools-21.11-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-devel" release="17.ule3" version="21.11">
+                         <filename>dpdk-devel-21.11-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-debuginfo" release="17.ule3" version="21.11">
+                         <filename>dpdk-debuginfo-21.11-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk" release="17.ule3" version="21.11">
+                         <filename>dpdk-21.11-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dpdk-debugsource" release="17.ule3" version="21.11">
+                         <filename>dpdk-debugsource-21.11-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1968</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39188" id="CVE-2022-39188" title="CVE-2022-39188" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.(CVE-2022-39188)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1969</id>
+          <title>An update for microcode_ctl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21233" id="CVE-2022-21233" title="CVE-2022-21233" type="cve"></reference>
+          </references>
+          <description>Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.(CVE-2022-21233)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="x86_64" name="microcode_ctl" release="37.ule3" version="2.1">
+                         <filename>microcode_ctl-2.1-37.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1970</id>
+          <title>An update for mod_security_crs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39958" id="CVE-2022-39958" title="CVE-2022-39958" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39957" id="CVE-2022-39957" title="CVE-2022-39957" type="cve"></reference>
+          </references>
+          <description>The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher.(CVE-2022-39958)The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional &#34;charset&#34; parameter in order to receive the response in an encoded form. Depending on the &#34;charset&#34;, this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.(CVE-2022-39957)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="mod_security_crs" release="1.ule3" version="3.2.2">
+                         <filename>mod_security_crs-3.2.2-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1971</id>
+          <title>An update for python-oauthlib is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36087" id="CVE-2022-36087" title="CVE-2022-36087" type="cve"></reference>
+          </references>
+          <description>OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.(CVE-2022-36087)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-oauthlib" release="3.ule3" version="3.1.1">
+                         <filename>python3-oauthlib-3.1.1-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1972</id>
+          <title>An update for unbound is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3204" id="CVE-2022-3204" title="CVE-2022-3204" type="cve"></reference>
+          </references>
+          <description>A vulnerability named &#39;Non-Responsive Delegation Attack&#39; (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.(CVE-2022-3204)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="unbound-libs" release="6.ule3" version="1.13.2">
+                         <filename>unbound-libs-1.13.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-debuginfo" release="6.ule3" version="1.13.2">
+                         <filename>unbound-debuginfo-1.13.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound" release="6.ule3" version="1.13.2">
+                         <filename>unbound-1.13.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-debugsource" release="6.ule3" version="1.13.2">
+                         <filename>unbound-debugsource-1.13.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-help" release="6.ule3" version="1.13.2">
+                         <filename>unbound-help-1.13.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-devel" release="6.ule3" version="1.13.2">
+                         <filename>unbound-devel-1.13.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unbound" release="6.ule3" version="1.13.2">
+                         <filename>python3-unbound-1.13.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unbound" release="6.ule3" version="1.13.2">
+                         <filename>python3-unbound-1.13.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-help" release="6.ule3" version="1.13.2">
+                         <filename>unbound-help-1.13.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-debugsource" release="6.ule3" version="1.13.2">
+                         <filename>unbound-debugsource-1.13.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound" release="6.ule3" version="1.13.2">
+                         <filename>unbound-1.13.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-devel" release="6.ule3" version="1.13.2">
+                         <filename>unbound-devel-1.13.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-debuginfo" release="6.ule3" version="1.13.2">
+                         <filename>unbound-debuginfo-1.13.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-libs" release="6.ule3" version="1.13.2">
+                         <filename>unbound-libs-1.13.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1973</id>
+          <title>An update for deltarpm is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37434" id="CVE-2022-37434" title="CVE-2022-37434" type="cve"></reference>
+          </references>
+          <description>zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-deltarpm" release="2.ule3" version="3.6.3">
+                         <filename>python3-deltarpm-3.6.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="deltarpm-debugsource" release="2.ule3" version="3.6.3">
+                         <filename>deltarpm-debugsource-3.6.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="deltarpm" release="2.ule3" version="3.6.3">
+                         <filename>deltarpm-3.6.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="deltarpm-debuginfo" release="2.ule3" version="3.6.3">
+                         <filename>deltarpm-debuginfo-3.6.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="drpmsync" release="2.ule3" version="3.6.3">
+                         <filename>drpmsync-3.6.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="deltarpm-help" release="2.ule3" version="3.6.3">
+                         <filename>deltarpm-help-3.6.3-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="drpmsync" release="2.ule3" version="3.6.3">
+                         <filename>drpmsync-3.6.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-deltarpm" release="2.ule3" version="3.6.3">
+                         <filename>python3-deltarpm-3.6.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="deltarpm" release="2.ule3" version="3.6.3">
+                         <filename>deltarpm-3.6.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="deltarpm-debuginfo" release="2.ule3" version="3.6.3">
+                         <filename>deltarpm-debuginfo-3.6.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="deltarpm-debugsource" release="2.ule3" version="3.6.3">
+                         <filename>deltarpm-debugsource-3.6.3-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1974</id>
+          <title>An update for squid is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41317" id="CVE-2022-41317" title="CVE-2022-41317" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41318" id="CVE-2022-41318" title="CVE-2022-41318" type="cve"></reference>
+          </references>
+          <description>Exposure of Sensitive Information in Cache Manager https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq(CVE-2022-41317)Buffer Over Read in SSPI and SMB Authentication https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78(CVE-2022-41318)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="7" arch="aarch64" name="squid-debuginfo" release="16.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid" release="16.ule3" version="4.9">
+                         <filename>squid-4.9-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debugsource" release="16.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debugsource" release="16.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debuginfo" release="16.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid" release="16.ule3" version="4.9">
+                         <filename>squid-4.9-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1975</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3234" id="CVE-2022-3234" title="CVE-2022-3234" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3235" id="CVE-2022-3235" title="CVE-2022-3235" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3256" id="CVE-2022-3256" title="CVE-2022-3256" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.(CVE-2022-3234)Use After Free in GitHub repository vim/vim prior to 9.0.0490.(CVE-2022-3235)Use After Free in GitHub repository vim/vim prior to 9.0.0530.(CVE-2022-3256)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="67.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="67.ule3" version="8.2">
+                         <filename>vim-common-8.2-67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="67.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="67.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="67.ule3" version="8.2">
+                         <filename>vim-X11-8.2-67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="67.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-67.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="67.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-67.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="67.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="67.ule3" version="8.2">
+                         <filename>vim-common-8.2-67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="67.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="67.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="67.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-67.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="67.ule3" version="8.2">
+                         <filename>vim-X11-8.2-67.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1976</id>
+          <title>An update for mujs is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30975" id="CVE-2022-30975" title="CVE-2022-30975" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30974" id="CVE-2022-30974" title="CVE-2022-30974" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2016-7504" id="CVE-2016-7504" title="CVE-2016-7504" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2016-9108" id="CVE-2016-9108" title="CVE-2016-9108" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2017-5627" id="CVE-2017-5627" title="CVE-2017-5627" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2016-7506" id="CVE-2016-7506" title="CVE-2016-7506" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2016-9017" id="CVE-2016-9017" title="CVE-2016-9017" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2017-5628" id="CVE-2017-5628" title="CVE-2017-5628" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2016-10141" id="CVE-2016-10141" title="CVE-2016-10141" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2016-9136" id="CVE-2016-9136" title="CVE-2016-9136" type="cve"></reference>
+          </references>
+          <description>In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.(CVE-2022-30975)compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.(CVE-2022-30974)A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition.(CVE-2016-7504)Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.(CVE-2016-9108)An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a specially crafted JS file.(CVE-2017-5627)An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition.(CVE-2016-7506)Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the &#34;opname in crafted JavaScript file&#34; approach, related to an &#34;Out-of-Bounds read&#34; issue affecting the jsC_dumpfunction function in the jsdump.c component.(CVE-2016-9017)An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file.(CVE-2017-5628)An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition.(CVE-2016-10141)Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the &#34;crafted JavaScript&#34; approach, related to a &#34;Buffer Over-read&#34; issue.(CVE-2016-9136)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mujs-devel" release="2.ule3" version="1.2.0">
+                         <filename>mujs-devel-1.2.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mujs" release="2.ule3" version="1.2.0">
+                         <filename>mujs-1.2.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mujs-debuginfo" release="2.ule3" version="1.2.0">
+                         <filename>mujs-debuginfo-1.2.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mujs-debugsource" release="2.ule3" version="1.2.0">
+                         <filename>mujs-debugsource-1.2.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mujs-debuginfo" release="2.ule3" version="1.2.0">
+                         <filename>mujs-debuginfo-1.2.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mujs-debugsource" release="2.ule3" version="1.2.0">
+                         <filename>mujs-debugsource-1.2.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mujs-devel" release="2.ule3" version="1.2.0">
+                         <filename>mujs-devel-1.2.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mujs" release="2.ule3" version="1.2.0">
+                         <filename>mujs-1.2.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1977</id>
+          <title>An update for bcel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-09-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34169" id="CVE-2022-34169" title="CVE-2022-34169" type="cve"></reference>
+          </references>
+          <description>The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="bcel" release="2.ule3" version="6.4.1">
+                         <filename>bcel-6.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1978</id>
+          <title>An update for uboot-tools is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30767" id="CVE-2022-30767" title="CVE-2022-30767" type="cve"></reference>
+          </references>
+          <description>nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.(CVE-2022-30767)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="uboot-tools-debugsource" release="7.ule3" version="2021.10">
+                         <filename>uboot-tools-debugsource-2021.10-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="uboot-images-elf" release="7.ule3" version="2021.10">
+                         <filename>uboot-images-elf-2021.10-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="uboot-tools" release="7.ule3" version="2021.10">
+                         <filename>uboot-tools-2021.10-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="uboot-tools-debuginfo" release="7.ule3" version="2021.10">
+                         <filename>uboot-tools-debuginfo-2021.10-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="uboot-images-armv8" release="7.ule3" version="2021.10">
+                         <filename>uboot-images-armv8-2021.10-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="uboot-tools-help" release="7.ule3" version="2021.10">
+                         <filename>uboot-tools-help-2021.10-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="uboot-tools" release="7.ule3" version="2021.10">
+                         <filename>uboot-tools-2021.10-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="uboot-tools-debugsource" release="7.ule3" version="2021.10">
+                         <filename>uboot-tools-debugsource-2021.10-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="uboot-tools-debuginfo" release="7.ule3" version="2021.10">
+                         <filename>uboot-tools-debuginfo-2021.10-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1979</id>
+          <title>An update for kubernetes is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3172" id="CVE-2022-3172" title="CVE-2022-3172" type="cve"></reference>
+          </references>
+          <description>A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to theclient performing unexpected actions as well as forwarding the client&#39;s API server credentials to third parties.ref: https://github.com/kubernetes/kubernetes/issues/112513(CVE-2022-3172)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kubernetes-help" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-help-1.20.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-kubelet" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-kubelet-1.20.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-node" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-node-1.20.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-client" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-client-1.20.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-kubeadm" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-kubeadm-1.20.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-master" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-master-1.20.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-1.20.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-1.20.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-kubelet" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-kubelet-1.20.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-kubeadm" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-kubeadm-1.20.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-master" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-master-1.20.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-node" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-node-1.20.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-help" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-help-1.20.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-client" release="9.ule3" version="1.20.2">
+                         <filename>kubernetes-client-1.20.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1980</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3296" id="CVE-2022-3296" title="CVE-2022-3296" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3352" id="CVE-2022-3352" title="CVE-2022-3352" type="cve"></reference>
+          </references>
+          <description>Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.(CVE-2022-3296)Use After Free in GitHub repository vim/vim prior to 9.0.0614.(CVE-2022-3352)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="69.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="69.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="69.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="69.ule3" version="8.2">
+                         <filename>vim-X11-8.2-69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="69.ule3" version="8.2">
+                         <filename>vim-common-8.2-69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="69.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-69.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="69.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-69.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="69.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="69.ule3" version="8.2">
+                         <filename>vim-X11-8.2-69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="69.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="69.ule3" version="8.2">
+                         <filename>vim-common-8.2-69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="69.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-69.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="69.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-69.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1983</id>
+          <title>An update for bind is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3080" id="CVE-2022-3080" title="CVE-2022-3080" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38177" id="CVE-2022-38177" title="CVE-2022-38177" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38178" id="CVE-2022-38178" title="CVE-2022-38178" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2795" id="CVE-2022-2795" title="CVE-2022-2795" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2881" id="CVE-2022-2881" title="CVE-2022-2881" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2906" id="CVE-2022-2906" title="CVE-2022-2906" type="cve"></reference>
+          </references>
+          <description>By sending specific queries to the resolver, an attacker can cause named to crash.(CVE-2022-3080)By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.(CVE-2022-38177)By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.(CVE-2022-38178)By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver&#39;s performance, effectively denying legitimate clients access to the DNS resolution service.(CVE-2022-2795)The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.(CVE-2022-2881)An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.(CVE-2022-2906)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="32" arch="aarch64" name="bind-chroot" release="11.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-libs" release="11.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-libs" release="11.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-dnssec-utils" release="11.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind" release="11.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-devel" release="11.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-debugsource" release="11.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11" release="11.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-utils" release="11.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-devel" release="11.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-utils" release="11.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-debuginfo" release="11.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="python3-bind" release="11.ule3" version="9.16.23">
+                         <filename>python3-bind-9.16.23-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="bind-dnssec-doc" release="11.ule3" version="9.16.23">
+                         <filename>bind-dnssec-doc-9.16.23-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="bind-license" release="11.ule3" version="9.16.23">
+                         <filename>bind-license-9.16.23-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-devel" release="11.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-devel" release="11.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-utils" release="11.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-libs" release="11.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-chroot" release="11.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debugsource" release="11.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind" release="11.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-utils" release="11.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-dnssec-utils" release="11.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11" release="11.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debuginfo" release="11.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-libs" release="11.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1984</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3239" id="CVE-2022-3239" title="CVE-2022-3239" type="cve"></reference>
+          </references>
+          <description>A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.(CVE-2022-3239)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-devel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.58.0.86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.58.0.86.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.58.0.86.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1988</id>
+          <title>An update for edk2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-11098" id="CVE-2019-11098" title="CVE-2019-11098" type="cve"></reference>
+          </references>
+          <description>Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.(CVE-2019-11098)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="edk2-debuginfo" release="6.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-debugsource" release="6.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-devel" release="6.ule3" version="202011">
+                         <filename>edk2-devel-202011-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-ovmf" release="6.ule3" version="202011">
+                         <filename>edk2-ovmf-202011-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-help" release="6.ule3" version="202011">
+                         <filename>edk2-help-202011-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-aarch64" release="6.ule3" version="202011">
+                         <filename>edk2-aarch64-202011-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-edk2-devel" release="6.ule3" version="202011">
+                         <filename>python3-edk2-devel-202011-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debugsource" release="6.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debuginfo" release="6.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-devel" release="6.ule3" version="202011">
+                         <filename>edk2-devel-202011-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1989</id>
+          <title>An update for lighttpd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37797" id="CVE-2022-37797" title="CVE-2022-37797" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41556" id="CVE-2022-41556" title="CVE-2022-41556" type="cve"></reference>
+          </references>
+          <description>In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.(CVE-2022-37797)A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.(CVE-2022-41556)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="lighttpd-mod_authn_mysql" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-mod_authn_mysql-1.4.67-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lighttpd-fastcgi" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-fastcgi-1.4.67-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lighttpd" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-1.4.67-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lighttpd-debugsource" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-debugsource-1.4.67-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lighttpd-mod_mysql_vhost" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-mod_mysql_vhost-1.4.67-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lighttpd-debuginfo" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-debuginfo-1.4.67-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lighttpd-mod_authn_pam" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-mod_authn_pam-1.4.67-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lighttpd-mod_authn_gssapi" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-mod_authn_gssapi-1.4.67-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="lighttpd-filesystem" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-filesystem-1.4.67-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lighttpd-debuginfo" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-debuginfo-1.4.67-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lighttpd-debugsource" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-debugsource-1.4.67-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lighttpd-mod_mysql_vhost" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-mod_mysql_vhost-1.4.67-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lighttpd" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-1.4.67-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lighttpd-mod_authn_gssapi" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-mod_authn_gssapi-1.4.67-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lighttpd-mod_authn_mysql" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-mod_authn_mysql-1.4.67-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lighttpd-mod_authn_pam" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-mod_authn_pam-1.4.67-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lighttpd-fastcgi" release="1.ule3" version="1.4.67">
+                         <filename>lighttpd-fastcgi-1.4.67-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1990</id>
+          <title>An update for python-joblib is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21797" id="CVE-2022-21797" title="CVE-2022-21797" type="cve"></reference>
+          </references>
+          <description>The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.(CVE-2022-21797)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-joblib" release="2.ule3" version="1.0.0">
+                         <filename>python3-joblib-1.0.0-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1992</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3190" id="CVE-2022-3190" title="CVE-2022-3190" type="cve"></reference>
+          </references>
+          <description>Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file(CVE-2022-3190)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="2.ule3" version="3.6.2">
+                         <filename>wireshark-3.6.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="2.ule3" version="3.6.2">
+                         <filename>wireshark-debuginfo-3.6.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="2.ule3" version="3.6.2">
+                         <filename>wireshark-help-3.6.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="2.ule3" version="3.6.2">
+                         <filename>wireshark-debugsource-3.6.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="2.ule3" version="3.6.2">
+                         <filename>wireshark-devel-3.6.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="2.ule3" version="3.6.2">
+                         <filename>wireshark-debugsource-3.6.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="2.ule3" version="3.6.2">
+                         <filename>wireshark-3.6.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="2.ule3" version="3.6.2">
+                         <filename>wireshark-devel-3.6.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="2.ule3" version="3.6.2">
+                         <filename>wireshark-debuginfo-3.6.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="2.ule3" version="3.6.2">
+                         <filename>wireshark-help-3.6.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1993</id>
+          <title>An update for dhcp is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-25215" id="CVE-2021-25215" title="CVE-2021-25215" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-25214" id="CVE-2021-25214" title="CVE-2021-25214" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-25219" id="CVE-2021-25219" title="CVE-2021-25219" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-25220" id="CVE-2021-25220" title="CVE-2021-25220" type="cve"></reference>
+          </references>
+          <description>In BIND 9.0.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9.9.3-S1 -&gt; 9.11.29-S1 and 9.16.8-S1 -&gt; 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -&gt; 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.(CVE-2021-25215)In BIND 9.8.5 -&gt; 9.8.8, 9.9.3 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9.9.3-S1 -&gt; 9.11.29-S1 and 9.16.8-S1 -&gt; 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -&gt; 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.(CVE-2021-25214)In BIND 9.3.0 -&gt; 9.11.35, 9.12.0 -&gt; 9.16.21, and versions 9.9.3-S1 -&gt; 9.11.35-S1 and 9.16.8-S1 -&gt; 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -&gt; 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.(CVE-2021-25219)BIND 9.11.0 -&gt; 9.11.36 9.12.0 -&gt; 9.16.26 9.17.0 -&gt; 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -&gt; 9.11.36-S1 9.16.8-S1 -&gt; 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.(CVE-2021-25220)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="dhcp-debuginfo" release="14.ule3" version="4.4.2">
+                         <filename>dhcp-debuginfo-4.4.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dhcp-devel" release="14.ule3" version="4.4.2">
+                         <filename>dhcp-devel-4.4.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dhcp" release="14.ule3" version="4.4.2">
+                         <filename>dhcp-4.4.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dhcp-debugsource" release="14.ule3" version="4.4.2">
+                         <filename>dhcp-debugsource-4.4.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="dhcp-help" release="14.ule3" version="4.4.2">
+                         <filename>dhcp-help-4.4.2-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dhcp-debugsource" release="14.ule3" version="4.4.2">
+                         <filename>dhcp-debugsource-4.4.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dhcp" release="14.ule3" version="4.4.2">
+                         <filename>dhcp-4.4.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dhcp-devel" release="14.ule3" version="4.4.2">
+                         <filename>dhcp-devel-4.4.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dhcp-debuginfo" release="14.ule3" version="4.4.2">
+                         <filename>dhcp-debuginfo-4.4.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1994</id>
+          <title>An update for dovecot is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-30550" id="CVE-2022-30550" title="CVE-2022-30550" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.(CVE-2022-30550)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="dovecot" release="5.ule3" version="2.3.15">
+                         <filename>dovecot-2.3.15-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dovecot-debugsource" release="5.ule3" version="2.3.15">
+                         <filename>dovecot-debugsource-2.3.15-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dovecot-devel" release="5.ule3" version="2.3.15">
+                         <filename>dovecot-devel-2.3.15-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dovecot-help" release="5.ule3" version="2.3.15">
+                         <filename>dovecot-help-2.3.15-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dovecot-debuginfo" release="5.ule3" version="2.3.15">
+                         <filename>dovecot-debuginfo-2.3.15-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dovecot-help" release="5.ule3" version="2.3.15">
+                         <filename>dovecot-help-2.3.15-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dovecot-debugsource" release="5.ule3" version="2.3.15">
+                         <filename>dovecot-debugsource-2.3.15-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dovecot" release="5.ule3" version="2.3.15">
+                         <filename>dovecot-2.3.15-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dovecot-devel" release="5.ule3" version="2.3.15">
+                         <filename>dovecot-devel-2.3.15-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dovecot-debuginfo" release="5.ule3" version="2.3.15">
+                         <filename>dovecot-debuginfo-2.3.15-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1997</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3638" id="CVE-2021-3638" title="CVE-2021-3638" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2962" id="CVE-2022-2962" title="CVE-2022-2962" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.(CVE-2021-3638)A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn&#39;t check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.(CVE-2022-2962)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="qemu-hw-usb-host" release="52.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-debuginfo" release="52.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-block-curl" release="52.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-aarch64" release="52.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu" release="52.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-guest-agent" release="52.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-block-iscsi" release="52.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-block-rbd" release="52.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-img" release="52.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-riscv" release="52.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-block-ssh" release="52.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-arm" release="52.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-debugsource" release="52.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-x86_64" release="52.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-52.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="qemu-help" release="52.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-52.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-hw-usb-host" release="52.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-rbd" release="52.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-img" release="52.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-iscsi" release="52.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-arm" release="52.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-ssh" release="52.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-guest-agent" release="52.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-curl" release="52.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-seabios" release="52.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-riscv" release="52.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu" release="52.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-debugsource" release="52.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-debuginfo" release="52.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-aarch64" release="52.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-x86_64" release="52.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-52.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1998</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3213" id="CVE-2022-3213" title="CVE-2022-3213" type="cve"></reference>
+          </references>
+          <description>A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.(CVE-2022-3213)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1998</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3213" id="CVE-2022-3213" title="CVE-2022-3213" type="cve"></reference>
+          </references>
+          <description>A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.(CVE-2022-3213)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-1999</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3297" id="CVE-2022-3297" title="CVE-2022-3297" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3324" id="CVE-2022-3324" title="CVE-2022-3324" type="cve"></reference>
+          </references>
+          <description>Use After Free in GitHub repository vim/vim prior to 9.0.0579.(CVE-2022-3297)Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.(CVE-2022-3324)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="71.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="71.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="71.ule3" version="8.2">
+                         <filename>vim-common-8.2-71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="71.ule3" version="8.2">
+                         <filename>vim-X11-8.2-71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="71.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="71.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-71.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="71.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-71.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="71.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="71.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="71.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="71.ule3" version="8.2">
+                         <filename>vim-X11-8.2-71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="71.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-71.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="71.ule3" version="8.2">
+                         <filename>vim-common-8.2-71.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2001</id>
+          <title>An update for dbus is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42010" id="CVE-2022-42010" title="CVE-2022-42010" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42011" id="CVE-2022-42011" title="CVE-2022-42011" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42012" id="CVE-2022-42012" title="CVE-2022-42012" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.(CVE-2022-42010)An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.(CVE-2022-42011)An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.(CVE-2022-42012)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="dbus-debugsource" release="8.ule3" version="1.12.20">
+                         <filename>dbus-debugsource-1.12.20-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-devel" release="8.ule3" version="1.12.20">
+                         <filename>dbus-devel-1.12.20-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-tools" release="8.ule3" version="1.12.20">
+                         <filename>dbus-tools-1.12.20-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-debuginfo" release="8.ule3" version="1.12.20">
+                         <filename>dbus-debuginfo-1.12.20-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus" release="8.ule3" version="1.12.20">
+                         <filename>dbus-1.12.20-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-daemon" release="8.ule3" version="1.12.20">
+                         <filename>dbus-daemon-1.12.20-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-x11" release="8.ule3" version="1.12.20">
+                         <filename>dbus-x11-1.12.20-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-libs" release="8.ule3" version="1.12.20">
+                         <filename>dbus-libs-1.12.20-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="dbus-common" release="8.ule3" version="1.12.20">
+                         <filename>dbus-common-1.12.20-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="dbus-help" release="8.ule3" version="1.12.20">
+                         <filename>dbus-help-1.12.20-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus" release="8.ule3" version="1.12.20">
+                         <filename>dbus-1.12.20-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-debuginfo" release="8.ule3" version="1.12.20">
+                         <filename>dbus-debuginfo-1.12.20-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-libs" release="8.ule3" version="1.12.20">
+                         <filename>dbus-libs-1.12.20-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-debugsource" release="8.ule3" version="1.12.20">
+                         <filename>dbus-debugsource-1.12.20-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-daemon" release="8.ule3" version="1.12.20">
+                         <filename>dbus-daemon-1.12.20-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-x11" release="8.ule3" version="1.12.20">
+                         <filename>dbus-x11-1.12.20-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-tools" release="8.ule3" version="1.12.20">
+                         <filename>dbus-tools-1.12.20-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-devel" release="8.ule3" version="1.12.20">
+                         <filename>dbus-devel-1.12.20-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2002</id>
+          <title>An update for crash is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-1010180" id="CVE-2019-1010180" title="CVE-2019-1010180" type="cve"></reference>
+          </references>
+          <description>GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.(CVE-2019-1010180)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="crash-devel" release="6.ule3" version="7.3.0">
+                         <filename>crash-devel-7.3.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="crash-debugsource" release="6.ule3" version="7.3.0">
+                         <filename>crash-debugsource-7.3.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="crash-debuginfo" release="6.ule3" version="7.3.0">
+                         <filename>crash-debuginfo-7.3.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="crash" release="6.ule3" version="7.3.0">
+                         <filename>crash-7.3.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="crash-help" release="6.ule3" version="7.3.0">
+                         <filename>crash-help-7.3.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="crash-debuginfo" release="6.ule3" version="7.3.0">
+                         <filename>crash-debuginfo-7.3.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="crash-debugsource" release="6.ule3" version="7.3.0">
+                         <filename>crash-debugsource-7.3.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="crash-devel" release="6.ule3" version="7.3.0">
+                         <filename>crash-devel-7.3.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="crash" release="6.ule3" version="7.3.0">
+                         <filename>crash-7.3.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2003</id>
+          <title>An update for mariadb-connector-c is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37434" id="CVE-2022-37434" title="CVE-2022-37434" type="cve"></reference>
+          </references>
+          <description>zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mariadb-connector-c-debuginfo" release="2.ule3" version="3.1.13">
+                         <filename>mariadb-connector-c-debuginfo-3.1.13-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mariadb-connector-c-devel" release="2.ule3" version="3.1.13">
+                         <filename>mariadb-connector-c-devel-3.1.13-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mariadb-connector-c-debugsource" release="2.ule3" version="3.1.13">
+                         <filename>mariadb-connector-c-debugsource-3.1.13-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mariadb-connector-c" release="2.ule3" version="3.1.13">
+                         <filename>mariadb-connector-c-3.1.13-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-connector-c-debuginfo" release="2.ule3" version="3.1.13">
+                         <filename>mariadb-connector-c-debuginfo-3.1.13-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-connector-c" release="2.ule3" version="3.1.13">
+                         <filename>mariadb-connector-c-3.1.13-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-connector-c-debugsource" release="2.ule3" version="3.1.13">
+                         <filename>mariadb-connector-c-debugsource-3.1.13-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mariadb-connector-c-devel" release="2.ule3" version="3.1.13">
+                         <filename>mariadb-connector-c-devel-3.1.13-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2004</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2879" id="CVE-2022-2879" title="CVE-2022-2879" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2880" id="CVE-2022-2880" title="CVE-2022-2880" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41715" id="CVE-2022-41715" title="CVE-2022-41715" type="cve"></reference>
+          </references>
+          <description>Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.(CVE-2022-2879)Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request&#39;s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.(CVE-2022-2880)Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.(CVE-2022-41715)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="10.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="10.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="10.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="10.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2005</id>
+          <title>An update for mailman is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-34337" id="CVE-2021-34337" title="CVE-2021-34337" type="cve"></reference>
+          </references>
+          <description>Check the REST API password in a way that is resistant to timing attacks. Using basic string equality is vulnerable to timing attacks as it will short circuit at the first wrong character. Using hmac.compare_digest avoids that issue and will take the same time, regardless of whether the value is correct or not. This is only exploitable if an attacker can talk directly to the REST API, which by default is bound to localhost.Reference:https://bugs.gentoo.org/828115(CVE-2021-34337)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="3" arch="noarch" name="mailman" release="5.ule3" version="3.3.2">
+                         <filename>mailman-3.3.2-5.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2007</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2056" id="CVE-2022-2056" title="CVE-2022-2056" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2058" id="CVE-2022-2058" title="CVE-2022-2058" type="cve"></reference>
+          </references>
+          <description>Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.(CVE-2022-2056)Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.(CVE-2022-2058)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-debugsource" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="19.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2009</id>
+          <title>An update for dhcp is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2928" id="CVE-2022-2928" title="CVE-2022-2928" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2929" id="CVE-2022-2929" title="CVE-2022-2929" type="cve"></reference>
+          </references>
+          <description>In ISC DHCP 4.4.0 -&gt; 4.4.3, ISC DHCP 4.1-ESV-R1 -&gt; 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option&#39;s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.(CVE-2022-2928)In ISC DHCP 1.0 -&gt; 4.4.3, ISC DHCP 4.1-ESV-R1 -&gt; 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.(CVE-2022-2929)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="dhcp-debuginfo" release="15.ule3" version="4.4.2">
+                         <filename>dhcp-debuginfo-4.4.2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dhcp-debugsource" release="15.ule3" version="4.4.2">
+                         <filename>dhcp-debugsource-4.4.2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dhcp" release="15.ule3" version="4.4.2">
+                         <filename>dhcp-4.4.2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dhcp-devel" release="15.ule3" version="4.4.2">
+                         <filename>dhcp-devel-4.4.2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="dhcp-help" release="15.ule3" version="4.4.2">
+                         <filename>dhcp-help-4.4.2-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dhcp-debugsource" release="15.ule3" version="4.4.2">
+                         <filename>dhcp-debugsource-4.4.2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dhcp-devel" release="15.ule3" version="4.4.2">
+                         <filename>dhcp-devel-4.4.2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dhcp-debuginfo" release="15.ule3" version="4.4.2">
+                         <filename>dhcp-debuginfo-4.4.2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dhcp" release="15.ule3" version="4.4.2">
+                         <filename>dhcp-4.4.2-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2012</id>
+          <title>An update for protobuf is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1941" id="CVE-2022-1941" title="CVE-2022-1941" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3171" id="CVE-2022-3171" title="CVE-2022-3171" type="cve"></reference>
+          </references>
+          <description>A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.(CVE-2022-1941)A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.(CVE-2022-3171)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="protobuf-debugsource" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-debugsource-3.14.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-lite" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-lite-3.14.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-lite-devel" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-lite-devel-3.14.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-debuginfo" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-debuginfo-3.14.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-compiler" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-compiler-3.14.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-3.14.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="protobuf-devel" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-devel-3.14.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-java" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-java-3.14.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-protobuf" release="6.ule3" version="3.14.0">
+                         <filename>python3-protobuf-3.14.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-javalite" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-javalite-3.14.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-parent" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-parent-3.14.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-java-util" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-java-util-3.14.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-javadoc" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-javadoc-3.14.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="protobuf-bom" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-bom-3.14.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-lite-devel" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-lite-devel-3.14.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-debuginfo" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-debuginfo-3.14.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-3.14.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-lite" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-lite-3.14.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-compiler" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-compiler-3.14.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-devel" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-devel-3.14.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="protobuf-debugsource" release="6.ule3" version="3.14.0">
+                         <filename>protobuf-debugsource-3.14.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2015</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1184" id="CVE-2022-1184" title="CVE-2022-1184" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3303" id="CVE-2022-3303" title="CVE-2022-3303" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41849" id="CVE-2022-41849" title="CVE-2022-41849" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20421" id="CVE-2022-20421" title="CVE-2022-20421" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20422" id="CVE-2022-20422" title="CVE-2022-20422" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3435" id="CVE-2022-3435" title="CVE-2022-3435" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41674" id="CVE-2022-41674" title="CVE-2022-41674" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41850" id="CVE-2022-41850" title="CVE-2022-41850" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42703" id="CVE-2022-42703" title="CVE-2022-42703" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42719" id="CVE-2022-42719" title="CVE-2022-42719" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42720" id="CVE-2022-42720" title="CVE-2022-42720" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42721" id="CVE-2022-42721" title="CVE-2022-42721" type="cve"></reference>
+          </references>
+          <description>A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.(CVE-2022-1184)A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition(CVE-2022-3303)drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.(CVE-2022-41849)In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel(CVE-2022-20421)In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel(CVE-2022-20422)A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.(CVE-2022-3435)An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.(CVE-2022-41674)roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report-&gt;value is in progress.(CVE-2022-41850)mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.(CVE-2022-42703)A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.(CVE-2022-42719)Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.(CVE-2022-42720)A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.(CVE-2022-42721)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2016</id>
+          <title>An update for hadoop is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33036" id="CVE-2021-33036" title="CVE-2021-33036" type="cve"></reference>
+          </references>
+          <description>In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.(CVE-2021-33036)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="hadoop-debugsource" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debugsource-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libhdfs" release="1.ule3" version="3.3.4">
+                         <filename>libhdfs-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-devel" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-devel-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-yarn-security" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-yarn-security-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-debuginfo" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debuginfo-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-common-native" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-common-native-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-httpfs" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-httpfs-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-client" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-client-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-mapreduce-examples" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-mapreduce-examples-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-maven-plugin" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-maven-plugin-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-yarn" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-yarn-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-hdfs" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-hdfs-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-mapreduce" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-mapreduce-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-tests" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-tests-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-common" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-common-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-debuginfo" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debuginfo-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-debugsource" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debugsource-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-common-native" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-common-native-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-devel" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-devel-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-yarn-security" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-yarn-security-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libhdfs" release="1.ule3" version="3.3.4">
+                         <filename>libhdfs-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2016</id>
+          <title>An update for hadoop is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33036" id="CVE-2021-33036" title="CVE-2021-33036" type="cve"></reference>
+          </references>
+          <description>In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.(CVE-2021-33036)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="hadoop-debugsource" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debugsource-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libhdfs" release="1.ule3" version="3.3.4">
+                         <filename>libhdfs-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-devel" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-devel-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-yarn-security" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-yarn-security-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-debuginfo" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debuginfo-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-common-native" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-common-native-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-httpfs" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-httpfs-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-client" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-client-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-mapreduce-examples" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-mapreduce-examples-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-maven-plugin" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-maven-plugin-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-yarn" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-yarn-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-hdfs" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-hdfs-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-mapreduce" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-mapreduce-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-tests" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-tests-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-common" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-common-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-debuginfo" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debuginfo-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-debugsource" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debugsource-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-common-native" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-common-native-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-devel" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-devel-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-yarn-security" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-yarn-security-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libhdfs" release="1.ule3" version="3.3.4">
+                         <filename>libhdfs-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2018</id>
+          <title>An update for freerdp is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39283" id="CVE-2022-39283" title="CVE-2022-39283" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39282" id="CVE-2022-39282" title="CVE-2022-39282" type="cve"></reference>
+          </references>
+          <description>FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.(CVE-2022-39283)FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.(CVE-2022-39282)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="freerdp" release="1.ule3" version="2.8.1">
+                         <filename>freerdp-2.8.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr-devel" release="1.ule3" version="2.8.1">
+                         <filename>libwinpr-devel-2.8.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-devel" release="1.ule3" version="2.8.1">
+                         <filename>freerdp-devel-2.8.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr" release="1.ule3" version="2.8.1">
+                         <filename>libwinpr-2.8.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-help" release="1.ule3" version="2.8.1">
+                         <filename>freerdp-help-2.8.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debugsource" release="1.ule3" version="2.8.1">
+                         <filename>freerdp-debugsource-2.8.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debuginfo" release="1.ule3" version="2.8.1">
+                         <filename>freerdp-debuginfo-2.8.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debugsource" release="1.ule3" version="2.8.1">
+                         <filename>freerdp-debugsource-2.8.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-help" release="1.ule3" version="2.8.1">
+                         <filename>freerdp-help-2.8.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debuginfo" release="1.ule3" version="2.8.1">
+                         <filename>freerdp-debuginfo-2.8.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-devel" release="1.ule3" version="2.8.1">
+                         <filename>freerdp-devel-2.8.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr" release="1.ule3" version="2.8.1">
+                         <filename>libwinpr-2.8.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr-devel" release="1.ule3" version="2.8.1">
+                         <filename>libwinpr-devel-2.8.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp" release="1.ule3" version="2.8.1">
+                         <filename>freerdp-2.8.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2019</id>
+          <title>An update for firefox is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40674" id="CVE-2022-40674" title="CVE-2022-40674" type="cve"></reference>
+          </references>
+          <description>libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.(CVE-2022-40674)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="firefox" release="13.ule3" version="79.0">
+                         <filename>firefox-79.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debugsource" release="13.ule3" version="79.0">
+                         <filename>firefox-debugsource-79.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debuginfo" release="13.ule3" version="79.0">
+                         <filename>firefox-debuginfo-79.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mozilla-crashreporter-firefox-debuginfo" release="13.ule3" version="79.0">
+                         <filename>mozilla-crashreporter-firefox-debuginfo-79.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox" release="13.ule3" version="79.0">
+                         <filename>firefox-79.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debuginfo" release="13.ule3" version="79.0">
+                         <filename>firefox-debuginfo-79.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="79" arch="x86_64" name="firefox-debugsource" release="13.ule3" version="79.0">
+                         <filename>firefox-debugsource-79.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2020</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3570" id="CVE-2022-3570" title="CVE-2022-3570" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3597" id="CVE-2022-3597" title="CVE-2022-3597" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3599" id="CVE-2022-3599" title="CVE-2022-3599" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3598" id="CVE-2022-3598" title="CVE-2022-3598" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3626" id="CVE-2022-3626" title="CVE-2022-3626" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3627" id="CVE-2022-3627" title="CVE-2022-3627" type="cve"></reference>
+          </references>
+          <description>Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact(CVE-2022-3570)LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3597)LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.(CVE-2022-3599)LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.(CVE-2022-3598)LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3626)LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3627)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-debugsource" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2021</id>
+          <title>An update for libksba is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3515" id="CVE-2022-3515" title="CVE-2022-3515" type="cve"></reference>
+          </references>
+          <description>A bug found in libksba, the library used by GnuPG for parsing the ASN.1 structures as used by S/MIME. The bug affects all versions of Libksba before 1.6.2 and may be used for remote code execution. https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.htmlhttps://dev.gnupg.org/T6230https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582bhttps://lwn.net/Articles/911467/(CVE-2022-3515)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libksba-debuginfo" release="2.ule3" version="1.6.0">
+                         <filename>libksba-debuginfo-1.6.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libksba-devel" release="2.ule3" version="1.6.0">
+                         <filename>libksba-devel-1.6.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libksba-debugsource" release="2.ule3" version="1.6.0">
+                         <filename>libksba-debugsource-1.6.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libksba" release="2.ule3" version="1.6.0">
+                         <filename>libksba-1.6.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libksba-help" release="2.ule3" version="1.6.0">
+                         <filename>libksba-help-1.6.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libksba-devel" release="2.ule3" version="1.6.0">
+                         <filename>libksba-devel-1.6.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libksba-debugsource" release="2.ule3" version="1.6.0">
+                         <filename>libksba-debugsource-1.6.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libksba" release="2.ule3" version="1.6.0">
+                         <filename>libksba-1.6.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libksba-debuginfo" release="2.ule3" version="1.6.0">
+                         <filename>libksba-debuginfo-1.6.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2022</id>
+          <title>An update for libX11 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3555" id="CVE-2022-3555" title="CVE-2022-3555" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3554" id="CVE-2022-3554" title="CVE-2022-3554" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function _XFreeX11XCBStructure of the file xcb_disp.c. The manipulation of the argument dpy leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211055.(CVE-2022-3555)A vulnerability has been found in X.org libX11 and classified as problematic. This vulnerability affects the function _XimRegisterIMInstantiateCallback of the file modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211054 is the identifier assigned to this vulnerability.(CVE-2022-3554)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libX11-debuginfo" release="4.ule3" version="1.7.2">
+                         <filename>libX11-debuginfo-1.7.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libX11" release="4.ule3" version="1.7.2">
+                         <filename>libX11-1.7.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libX11-devel" release="4.ule3" version="1.7.2">
+                         <filename>libX11-devel-1.7.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libX11-debugsource" release="4.ule3" version="1.7.2">
+                         <filename>libX11-debugsource-1.7.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libX11-help" release="4.ule3" version="1.7.2">
+                         <filename>libX11-help-1.7.2-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11" release="4.ule3" version="1.7.2">
+                         <filename>libX11-1.7.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11-devel" release="4.ule3" version="1.7.2">
+                         <filename>libX11-devel-1.7.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11-debugsource" release="4.ule3" version="1.7.2">
+                         <filename>libX11-debugsource-1.7.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11-debuginfo" release="4.ule3" version="1.7.2">
+                         <filename>libX11-debuginfo-1.7.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2023</id>
+          <title>An update for nginx is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41742" id="CVE-2022-41742" title="CVE-2022-41742" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41741" id="CVE-2022-41741" title="CVE-2022-41741" type="cve"></reference>
+          </references>
+          <description>NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.(CVE-2022-41742)NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.(CVE-2022-41741)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="nginx" release="3.ule3" version="1.21.5">
+                         <filename>nginx-1.21.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-debuginfo" release="3.ule3" version="1.21.5">
+                         <filename>nginx-debuginfo-1.21.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-mod-http-xslt-filter" release="3.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-xslt-filter-1.21.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-mod-mail" release="3.ule3" version="1.21.5">
+                         <filename>nginx-mod-mail-1.21.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-debugsource" release="3.ule3" version="1.21.5">
+                         <filename>nginx-debugsource-1.21.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-mod-http-perl" release="3.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-perl-1.21.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-mod-stream" release="3.ule3" version="1.21.5">
+                         <filename>nginx-mod-stream-1.21.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-mod-http-image-filter" release="3.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-image-filter-1.21.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="nginx-filesystem" release="3.ule3" version="1.21.5">
+                         <filename>nginx-filesystem-1.21.5-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="nginx-all-modules" release="3.ule3" version="1.21.5">
+                         <filename>nginx-all-modules-1.21.5-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="nginx-help" release="3.ule3" version="1.21.5">
+                         <filename>nginx-help-1.21.5-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-mod-http-xslt-filter" release="3.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-xslt-filter-1.21.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-debuginfo" release="3.ule3" version="1.21.5">
+                         <filename>nginx-debuginfo-1.21.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx" release="3.ule3" version="1.21.5">
+                         <filename>nginx-1.21.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-mod-mail" release="3.ule3" version="1.21.5">
+                         <filename>nginx-mod-mail-1.21.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-mod-http-image-filter" release="3.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-image-filter-1.21.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-mod-http-perl" release="3.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-perl-1.21.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-mod-stream" release="3.ule3" version="1.21.5">
+                         <filename>nginx-mod-stream-1.21.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-debugsource" release="3.ule3" version="1.21.5">
+                         <filename>nginx-debugsource-1.21.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2024</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3165" id="CVE-2022-3165" title="CVE-2022-3165" type="cve"></reference>
+          </references>
+          <description>An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.(CVE-2022-3165)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="qemu-debuginfo" release="53.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-block-iscsi" release="53.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-debugsource" release="53.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-riscv" release="53.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu" release="53.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-hw-usb-host" release="53.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-arm" release="53.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-img" release="53.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-x86_64" release="53.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-block-rbd" release="53.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-block-ssh" release="53.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-guest-agent" release="53.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-system-aarch64" release="53.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qemu-block-curl" release="53.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="qemu-help" release="53.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-53.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-arm" release="53.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-img" release="53.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-x86_64" release="53.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-rbd" release="53.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-aarch64" release="53.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-system-riscv" release="53.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-guest-agent" release="53.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-debuginfo" release="53.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-ssh" release="53.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-seabios" release="53.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-debugsource" release="53.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-curl" release="53.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu" release="53.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-block-iscsi" release="53.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qemu-hw-usb-host" release="53.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-53.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2027</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20423" id="CVE-2022-20423" title="CVE-2022-20423" type="cve"></reference>
+          </references>
+          <description>In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel(CVE-2022-20423)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.61.0.88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.61.0.88.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.61.0.88.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2028</id>
+          <title>An update for nodejs-minimatch is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3517" id="CVE-2022-3517" title="CVE-2022-3517" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.(CVE-2022-3517)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-minimatch" release="2.ule3" version="3.0.4">
+                         <filename>nodejs-minimatch-3.0.4-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2029</id>
+          <title>An update for git is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39253" id="CVE-2022-39253" title="CVE-2022-39253" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39260" id="CVE-2022-39260" title="CVE-2022-39260" type="cve"></reference>
+          </references>
+          <description>Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source&#39;s `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim&#39;s machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.(CVE-2022-39253)Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git&#39;s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.(CVE-2022-39260)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="git-daemon" release="4.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git" release="4.ule3" version="2.33.0">
+                         <filename>git-2.33.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debuginfo" release="4.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debugsource" release="4.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-svn" release="4.ule3" version="2.33.0">
+                         <filename>git-svn-2.33.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git-SVN" release="4.ule3" version="2.33.0">
+                         <filename>perl-Git-SVN-2.33.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gitk" release="4.ule3" version="2.33.0">
+                         <filename>gitk-2.33.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-gui" release="4.ule3" version="2.33.0">
+                         <filename>git-gui-2.33.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git" release="4.ule3" version="2.33.0">
+                         <filename>perl-Git-2.33.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-help" release="4.ule3" version="2.33.0">
+                         <filename>git-help-2.33.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-email" release="4.ule3" version="2.33.0">
+                         <filename>git-email-2.33.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-web" release="4.ule3" version="2.33.0">
+                         <filename>git-web-2.33.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git" release="4.ule3" version="2.33.0">
+                         <filename>git-2.33.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-daemon" release="4.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debuginfo" release="4.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debugsource" release="4.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2030</id>
+          <title>An update for libtasn1 is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46848" id="CVE-2021-46848" title="CVE-2021-46848" type="cve"></reference>
+          </references>
+          <description>GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.(CVE-2021-46848)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtasn1-debuginfo" release="3.ule3" version="4.17.0">
+                         <filename>libtasn1-debuginfo-4.17.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtasn1-debugsource" release="3.ule3" version="4.17.0">
+                         <filename>libtasn1-debugsource-4.17.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtasn1-devel" release="3.ule3" version="4.17.0">
+                         <filename>libtasn1-devel-4.17.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtasn1" release="3.ule3" version="4.17.0">
+                         <filename>libtasn1-4.17.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtasn1-help" release="3.ule3" version="4.17.0">
+                         <filename>libtasn1-help-4.17.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtasn1-debuginfo" release="3.ule3" version="4.17.0">
+                         <filename>libtasn1-debuginfo-4.17.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtasn1-devel" release="3.ule3" version="4.17.0">
+                         <filename>libtasn1-devel-4.17.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtasn1-debugsource" release="3.ule3" version="4.17.0">
+                         <filename>libtasn1-debugsource-4.17.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtasn1" release="3.ule3" version="4.17.0">
+                         <filename>libtasn1-4.17.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2033</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-10-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20409" id="CVE-2022-20409" title="CVE-2022-20409" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3524" id="CVE-2022-3524" title="CVE-2022-3524" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3534" id="CVE-2022-3534" title="CVE-2022-3534" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3545" id="CVE-2022-3545" title="CVE-2022-3545" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3564" id="CVE-2022-3564" title="CVE-2022-3564" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3565" id="CVE-2022-3565" title="CVE-2022-3565" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3566" id="CVE-2022-3566" title="CVE-2022-3566" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3567" id="CVE-2022-3567" title="CVE-2022-3567" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3594" id="CVE-2022-3594" title="CVE-2022-3594" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3649" id="CVE-2022-3649" title="CVE-2022-3649" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42722" id="CVE-2022-42722" title="CVE-2022-42722" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3521" id="CVE-2022-3521" title="CVE-2022-3521" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3586" id="CVE-2022-3586" title="CVE-2022-3586" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2602" id="CVE-2022-2602" title="CVE-2022-2602" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3633" id="CVE-2022-3633" title="CVE-2022-3633" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3577" id="CVE-2022-3577" title="CVE-2022-3577" type="cve"></reference>
+          </references>
+          <description>In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel(CVE-2022-20409)A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.(CVE-2022-3524)A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.(CVE-2022-3534)A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.(CVE-2022-3545)A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.(CVE-2022-3564)A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.(CVE-2022-3565)A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.(CVE-2022-3566)A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.(CVE-2022-3567)A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.(CVE-2022-3594)A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.(CVE-2022-3649)In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.(CVE-2022-42722)A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.(CVE-2022-3521)A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.(CVE-2022-3586)VUL-0: CVE-2022-2602: kernel: defer registered files gc to io_uring release(CVE-2022-2602)A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.(CVE-2022-3633)An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.(CVE-2022-3577)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.63.0.89.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.63.0.89.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.63.0.89.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2034</id>
+          <title>An update for strongswan is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40617" id="CVE-2022-40617" title="CVE-2022-40617" type="cve"></reference>
+          </references>
+          <description>strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker&#39;s control) that doesn&#39;t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.(CVE-2022-40617)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="strongswan-tnc-imcvs" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-tnc-imcvs-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-libipsec" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-libipsec-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-debugsource" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-debugsource-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-charon-nm" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-charon-nm-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-debuginfo" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-debuginfo-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-sqlite" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-sqlite-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-sqlite" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-sqlite-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-libipsec" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-libipsec-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-debuginfo" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-debuginfo-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-charon-nm" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-charon-nm-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-tnc-imcvs" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-tnc-imcvs-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-debugsource" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-debugsource-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2037</id>
+          <title>An update for expat is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-43680" id="CVE-2022-43680" title="CVE-2022-43680" type="cve"></reference>
+          </references>
+          <description>In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.(CVE-2022-43680)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="expat" release="8.ule3" version="2.4.1">
+                         <filename>expat-2.4.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat-debuginfo" release="8.ule3" version="2.4.1">
+                         <filename>expat-debuginfo-2.4.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat-devel" release="8.ule3" version="2.4.1">
+                         <filename>expat-devel-2.4.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat-debugsource" release="8.ule3" version="2.4.1">
+                         <filename>expat-debugsource-2.4.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="expat-help" release="8.ule3" version="2.4.1">
+                         <filename>expat-help-2.4.1-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-devel" release="8.ule3" version="2.4.1">
+                         <filename>expat-devel-2.4.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-debugsource" release="8.ule3" version="2.4.1">
+                         <filename>expat-debugsource-2.4.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat" release="8.ule3" version="2.4.1">
+                         <filename>expat-2.4.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-debuginfo" release="8.ule3" version="2.4.1">
+                         <filename>expat-debuginfo-2.4.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2038</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3437" id="CVE-2022-3437" title="CVE-2022-3437" type="cve"></reference>
+          </references>
+          <description>The DES (for Samba 4.11 and earlier) and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet.Affects - All versions of Samba since Samba 4.0 compiled with Heimdal Kerberos.Samba 4.15.11, 4.16.6 and 4.17.2 have been issued as security releases to correct the defecthttps://www.samba.org/samba/security/CVE-2022-3437.html(CVE-2022-3437)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="samba-winbind-clients" release="12.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common" release="12.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-libs" release="12.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="12.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="12.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="12.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="12.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="12.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="12.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="12.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="12.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="12.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="12.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="12.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind" release="12.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="12.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debugsource" release="12.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="12.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="12.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient" release="12.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient-devel" release="12.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="12.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ctdb" release="12.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common-tools" release="12.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="12.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="12.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="12.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="12.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="12.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="12.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="12.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="12.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="12.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="12.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="12.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="12.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="12.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="12.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="12.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="12.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="12.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="12.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="12.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="12.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="12.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="12.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="12.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="12.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="12.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="12.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="12.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="12.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="12.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="12.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2041</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42915" id="CVE-2022-42915" title="CVE-2022-42915" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32221" id="CVE-2022-32221" title="CVE-2022-32221" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42916" id="CVE-2022-42916" title="CVE-2022-42916" type="cve"></reference>
+          </references>
+          <description>curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.(CVE-2022-42915)A vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request.(CVE-2022-32221)In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.(CVE-2022-42916)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="curl" release="12.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="12.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="12.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="12.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="12.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="12.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="12.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="12.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="12.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="12.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="12.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2042</id>
+          <title>An update for multipath-tools is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41973" id="CVE-2022-41973" title="CVE-2022-41973" type="cve"></reference>
+          </references>
+          <description>multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.(CVE-2022-41973)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kpartx" release="5.ule3" version="0.8.7">
+                         <filename>kpartx-0.8.7-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="multipath-tools-debuginfo" release="5.ule3" version="0.8.7">
+                         <filename>multipath-tools-debuginfo-0.8.7-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="multipath-tools-help" release="5.ule3" version="0.8.7">
+                         <filename>multipath-tools-help-0.8.7-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="multipath-tools-debugsource" release="5.ule3" version="0.8.7">
+                         <filename>multipath-tools-debugsource-0.8.7-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="multipath-tools-devel" release="5.ule3" version="0.8.7">
+                         <filename>multipath-tools-devel-0.8.7-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="multipath-tools" release="5.ule3" version="0.8.7">
+                         <filename>multipath-tools-0.8.7-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="multipath-tools" release="5.ule3" version="0.8.7">
+                         <filename>multipath-tools-0.8.7-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="multipath-tools-devel" release="5.ule3" version="0.8.7">
+                         <filename>multipath-tools-devel-0.8.7-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="multipath-tools-help" release="5.ule3" version="0.8.7">
+                         <filename>multipath-tools-help-0.8.7-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="multipath-tools-debugsource" release="5.ule3" version="0.8.7">
+                         <filename>multipath-tools-debugsource-0.8.7-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="multipath-tools-debuginfo" release="5.ule3" version="0.8.7">
+                         <filename>multipath-tools-debuginfo-0.8.7-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kpartx" release="5.ule3" version="0.8.7">
+                         <filename>kpartx-0.8.7-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2043</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3705" id="CVE-2022-3705" title="CVE-2022-3705" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.(CVE-2022-3705)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="72.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="72.ule3" version="8.2">
+                         <filename>vim-common-8.2-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="72.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="72.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="72.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="72.ule3" version="8.2">
+                         <filename>vim-X11-8.2-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="72.ule3" version="8.2">
+                         <filename>vim-filesystem-8.2-72.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="72.ule3" version="8.2">
+                         <filename>vim-debuginfo-8.2-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="72.ule3" version="8.2">
+                         <filename>vim-X11-8.2-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="72.ule3" version="8.2">
+                         <filename>vim-common-8.2-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="72.ule3" version="8.2">
+                         <filename>vim-minimal-8.2-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="72.ule3" version="8.2">
+                         <filename>vim-enhanced-8.2-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="72.ule3" version="8.2">
+                         <filename>vim-debugsource-8.2-72.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2044</id>
+          <title>An update for exiv2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-13108" id="CVE-2019-13108" title="CVE-2019-13108" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-13504" id="CVE-2019-13504" title="CVE-2019-13504" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-37616" id="CVE-2021-37616" title="CVE-2021-37616" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-37615" id="CVE-2021-37615" title="CVE-2021-37615" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-32815" id="CVE-2021-32815" title="CVE-2021-32815" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-37623" id="CVE-2021-37623" title="CVE-2021-37623" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-37622" id="CVE-2021-37622" title="CVE-2021-37622" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-34334" id="CVE-2021-34334" title="CVE-2021-34334" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-37620" id="CVE-2021-37620" title="CVE-2021-37620" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-37621" id="CVE-2021-37621" title="CVE-2021-37621" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-34335" id="CVE-2021-34335" title="CVE-2021-34335" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-37618" id="CVE-2021-37618" title="CVE-2021-37618" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-31292" id="CVE-2021-31292" title="CVE-2021-31292" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-37619" id="CVE-2021-37619" title="CVE-2021-37619" type="cve"></reference>
+          </references>
+          <description>An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.(CVE-2019-13108)There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.(CVE-2019-13504)Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-37616)Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-37615)Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fi`. ### Patches The bug is fixed in version v0.27.5. ### References Regression test and bug fix: #1739 ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security.(CVE-2021-32815)Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.(CVE-2021-37623)Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.(CVE-2021-37622)Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.(CVE-2021-34334)Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.(CVE-2021-37620)Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.(CVE-2021-37621)Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-34335)Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.(CVE-2021-37618)A flaw was found in exiv2. A integer wraparound in the CrwMap:encode0x1810 function leads to memcpy call with a very large size allowing an attacker, who can provide a malicious image, to crash an application which uses the exiv2 library. The highest threat from this vulnerability is to service availability.(CVE-2021-31292)Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.5.(CVE-2021-37619)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="exiv2-devel" release="2.ule3" version="0.27.5">
+                         <filename>exiv2-devel-0.27.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="exiv2-debugsource" release="2.ule3" version="0.27.5">
+                         <filename>exiv2-debugsource-0.27.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="exiv2" release="2.ule3" version="0.27.5">
+                         <filename>exiv2-0.27.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="exiv2-debuginfo" release="2.ule3" version="0.27.5">
+                         <filename>exiv2-debuginfo-0.27.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="exiv2-help" release="2.ule3" version="0.27.5">
+                         <filename>exiv2-help-0.27.5-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2" release="2.ule3" version="0.27.5">
+                         <filename>exiv2-0.27.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2-debugsource" release="2.ule3" version="0.27.5">
+                         <filename>exiv2-debugsource-0.27.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2-devel" release="2.ule3" version="0.27.5">
+                         <filename>exiv2-devel-0.27.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2-debuginfo" release="2.ule3" version="0.27.5">
+                         <filename>exiv2-debuginfo-0.27.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2045</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3523" id="CVE-2022-3523" title="CVE-2022-3523" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3535" id="CVE-2022-3535" title="CVE-2022-3535" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3621" id="CVE-2022-3621" title="CVE-2022-3621" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3623" id="CVE-2022-3623" title="CVE-2022-3623" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3625" id="CVE-2022-3625" title="CVE-2022-3625" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3635" id="CVE-2022-3635" title="CVE-2022-3635" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-43750" id="CVE-2022-43750" title="CVE-2022-43750" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2978" id="CVE-2022-2978" title="CVE-2022-2978" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3629" id="CVE-2022-3629" title="CVE-2022-3629" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42432" id="CVE-2022-42432" title="CVE-2022-42432" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3646" id="CVE-2022-3646" title="CVE-2022-3646" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020.(CVE-2022-3523)A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability.(CVE-2022-3535)A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.(CVE-2022-3621)A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability.(CVE-2022-3623)A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.(CVE-2022-3625)A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.(CVE-2022-3635)drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor&#39;s internal memory.(CVE-2022-43750)A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.(CVE-2022-2978)A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.(CVE-2022-3629)VUL-0: CVE-2022-42432: kernel-source-rt,kernel-source-azure,kernel-source: nftables: leak of stale stack data to userspace via nf_osf_find()(CVE-2022-42432)A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.(CVE-2022-3646)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.65.0.90.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.65.0.90.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.65.0.90.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2046</id>
+          <title>An update for nodejs-jison is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-8178" id="CVE-2020-8178" title="CVE-2020-8178" type="cve"></reference>
+          </references>
+          <description>Insufficient input validation in npm package `jison` &lt;= 0.4.18 may lead to OS command injection attacks.(CVE-2020-8178)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-jison" release="2.ule3" version="0.4.18">
+                         <filename>nodejs-jison-0.4.18-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2047</id>
+          <title>An update for bluez is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43400" id="CVE-2021-43400" title="CVE-2021-43400" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-0129" id="CVE-2021-0129" title="CVE-2021-0129" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.(CVE-2021-43400)Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.(CVE-2021-0129)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bluez" release="15.ule3" version="5.54">
+                         <filename>bluez-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debuginfo" release="15.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-cups" release="15.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debugsource" release="15.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-devel" release="15.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-libs" release="15.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bluez-help" release="15.ule3" version="5.54">
+                         <filename>bluez-help-5.54-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debuginfo" release="15.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-devel" release="15.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debugsource" release="15.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-libs" release="15.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez" release="15.ule3" version="5.54">
+                         <filename>bluez-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-cups" release="15.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2048</id>
+          <title>An update for nodejs-grunt is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-7729" id="CVE-2020-7729" title="CVE-2020-7729" type="cve"></reference>
+          </references>
+          <description>The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.(CVE-2020-7729)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-grunt" release="5.ule3" version="1.0.1">
+                         <filename>nodejs-grunt-1.0.1-5.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2049</id>
+          <title>An update for swtpm is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23645" id="CVE-2022-23645" title="CVE-2022-23645" type="cve"></reference>
+          </references>
+          <description>swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm&#39;s state, where the blobheader&#39;s hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.(CVE-2022-23645)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="swtpm-debugsource" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-debugsource-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="swtpm-debuginfo" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-debuginfo-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="swtpm-devel" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-devel-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="swtpm-libs" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-libs-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="swtpm" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="swtpm-tools" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-tools-0.3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm-devel" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-devel-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm-libs" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-libs-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm-tools" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-tools-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm-debuginfo" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-debuginfo-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="swtpm-debugsource" release="6.ule3" version="0.3.3">
+                         <filename>swtpm-debugsource-0.3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2050</id>
+          <title>An update for multipath-tools is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41974" id="CVE-2022-41974" title="CVE-2022-41974" type="cve"></reference>
+          </references>
+          <description>multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.(CVE-2022-41974)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="multipath-tools-help" release="6.ule3" version="0.8.7">
+                         <filename>multipath-tools-help-0.8.7-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="multipath-tools" release="6.ule3" version="0.8.7">
+                         <filename>multipath-tools-0.8.7-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="multipath-tools-debuginfo" release="6.ule3" version="0.8.7">
+                         <filename>multipath-tools-debuginfo-0.8.7-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="multipath-tools-devel" release="6.ule3" version="0.8.7">
+                         <filename>multipath-tools-devel-0.8.7-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="multipath-tools-debugsource" release="6.ule3" version="0.8.7">
+                         <filename>multipath-tools-debugsource-0.8.7-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kpartx" release="6.ule3" version="0.8.7">
+                         <filename>kpartx-0.8.7-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="multipath-tools-debuginfo" release="6.ule3" version="0.8.7">
+                         <filename>multipath-tools-debuginfo-0.8.7-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="multipath-tools-debugsource" release="6.ule3" version="0.8.7">
+                         <filename>multipath-tools-debugsource-0.8.7-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="multipath-tools-devel" release="6.ule3" version="0.8.7">
+                         <filename>multipath-tools-devel-0.8.7-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="multipath-tools-help" release="6.ule3" version="0.8.7">
+                         <filename>multipath-tools-help-0.8.7-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="multipath-tools" release="6.ule3" version="0.8.7">
+                         <filename>multipath-tools-0.8.7-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kpartx" release="6.ule3" version="0.8.7">
+                         <filename>kpartx-0.8.7-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2052</id>
+          <title>An update for nodejs-getobject is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-28282" id="CVE-2020-28282" title="CVE-2020-28282" type="cve"></reference>
+          </references>
+          <description>Prototype pollution vulnerability in &#39;getobject&#39; version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.(CVE-2020-28282)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-getobject" release="2.ule3" version="0.1.0">
+                         <filename>nodejs-getobject-0.1.0-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2053</id>
+          <title>An update for mosquitto is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-34432" id="CVE-2021-34432" title="CVE-2021-34432" type="cve"></reference>
+          </references>
+          <description>In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.(CVE-2021-34432)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mosquitto" release="6.ule3" version="1.6.15">
+                         <filename>mosquitto-1.6.15-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto-debuginfo" release="6.ule3" version="1.6.15">
+                         <filename>mosquitto-debuginfo-1.6.15-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto-devel" release="6.ule3" version="1.6.15">
+                         <filename>mosquitto-devel-1.6.15-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto-debugsource" release="6.ule3" version="1.6.15">
+                         <filename>mosquitto-debugsource-1.6.15-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto" release="6.ule3" version="1.6.15">
+                         <filename>mosquitto-1.6.15-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-devel" release="6.ule3" version="1.6.15">
+                         <filename>mosquitto-devel-1.6.15-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-debugsource" release="6.ule3" version="1.6.15">
+                         <filename>mosquitto-debugsource-1.6.15-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-debuginfo" release="6.ule3" version="1.6.15">
+                         <filename>mosquitto-debuginfo-1.6.15-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2054</id>
+          <title>An update for haproxy is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0711" id="CVE-2022-0711" title="CVE-2022-0711" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the way HAProxy processed HTTP responses containing the &#34;Set-Cookie2&#34; header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.(CVE-2022-0711)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="haproxy-debuginfo" release="2.ule3" version="2.4.8">
+                         <filename>haproxy-debuginfo-2.4.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="haproxy" release="2.ule3" version="2.4.8">
+                         <filename>haproxy-2.4.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="haproxy-debugsource" release="2.ule3" version="2.4.8">
+                         <filename>haproxy-debugsource-2.4.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="haproxy-help" release="2.ule3" version="2.4.8">
+                         <filename>haproxy-help-2.4.8-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy-debugsource" release="2.ule3" version="2.4.8">
+                         <filename>haproxy-debugsource-2.4.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy" release="2.ule3" version="2.4.8">
+                         <filename>haproxy-2.4.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy-debuginfo" release="2.ule3" version="2.4.8">
+                         <filename>haproxy-debuginfo-2.4.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2055</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45115" id="CVE-2021-45115" title="CVE-2021-45115" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45116" id="CVE-2021-45116" title="CVE-2021-45116" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45452" id="CVE-2021-45452" title="CVE-2021-45452" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22818" id="CVE-2022-22818" title="CVE-2022-22818" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23833" id="CVE-2022-23833" title="CVE-2022-23833" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.(CVE-2021-45115)An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language&#39;s variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.(CVE-2021-45116)Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.(CVE-2021-45452)The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.(CVE-2022-22818)An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.(CVE-2022-23833)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-Django" release="2.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-django-help" release="2.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2056</id>
+          <title>An update for three-eight-nine-ds-base is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-35518" id="CVE-2020-35518" title="CVE-2020-35518" type="cve"></reference>
+          </references>
+          <description>When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.(CVE-2020-35518)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="389-ds-base-debugsource" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-debugsource-1.4.3.20-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base-devel" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-devel-1.4.3.20-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base-debuginfo" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-debuginfo-1.4.3.20-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-1.4.3.20-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base-legacy-tools" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-legacy-tools-1.4.3.20-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base-snmp" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-snmp-1.4.3.20-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base-help" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-help-1.4.3.20-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="cockpit-389-ds" release="1.ule3" version="1.4.3.20">
+                         <filename>cockpit-389-ds-1.4.3.20-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-lib389" release="1.ule3" version="1.4.3.20">
+                         <filename>python3-lib389-1.4.3.20-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-debuginfo" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-debuginfo-1.4.3.20-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-devel" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-devel-1.4.3.20-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-1.4.3.20-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-help" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-help-1.4.3.20-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-legacy-tools" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-legacy-tools-1.4.3.20-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-debugsource" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-debugsource-1.4.3.20-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-snmp" release="1.ule3" version="1.4.3.20">
+                         <filename>389-ds-base-snmp-1.4.3.20-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2057</id>
+          <title>An update for expat is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25235" id="CVE-2022-25235" title="CVE-2022-25235" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25236" id="CVE-2022-25236" title="CVE-2022-25236" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25314" id="CVE-2022-25314" title="CVE-2022-25314" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25313" id="CVE-2022-25313" title="CVE-2022-25313" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25315" id="CVE-2022-25315" title="CVE-2022-25315" type="cve"></reference>
+          </references>
+          <description>xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.(CVE-2022-25235)xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.(CVE-2022-25236)In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.(CVE-2022-25314)In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.(CVE-2022-25313)In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.(CVE-2022-25315)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="expat-debuginfo" release="8.ule3" version="2.4.1">
+                         <filename>expat-debuginfo-2.4.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat-debugsource" release="8.ule3" version="2.4.1">
+                         <filename>expat-debugsource-2.4.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat" release="8.ule3" version="2.4.1">
+                         <filename>expat-2.4.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat-devel" release="8.ule3" version="2.4.1">
+                         <filename>expat-devel-2.4.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="expat-help" release="8.ule3" version="2.4.1">
+                         <filename>expat-help-2.4.1-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-debuginfo" release="8.ule3" version="2.4.1">
+                         <filename>expat-debuginfo-2.4.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-devel" release="8.ule3" version="2.4.1">
+                         <filename>expat-devel-2.4.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-debugsource" release="8.ule3" version="2.4.1">
+                         <filename>expat-debugsource-2.4.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat" release="8.ule3" version="2.4.1">
+                         <filename>expat-2.4.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2058</id>
+          <title>An update for pixman is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44638" id="CVE-2022-44638" title="CVE-2022-44638" type="cve"></reference>
+          </references>
+          <description>In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.(CVE-2022-44638)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="pixman" release="3.ule3" version="0.40.0">
+                         <filename>pixman-0.40.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pixman-devel" release="3.ule3" version="0.40.0">
+                         <filename>pixman-devel-0.40.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pixman-debugsource" release="3.ule3" version="0.40.0">
+                         <filename>pixman-debugsource-0.40.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pixman-debuginfo" release="3.ule3" version="0.40.0">
+                         <filename>pixman-debuginfo-0.40.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pixman-devel" release="3.ule3" version="0.40.0">
+                         <filename>pixman-devel-0.40.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pixman-debuginfo" release="3.ule3" version="0.40.0">
+                         <filename>pixman-debuginfo-0.40.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pixman-debugsource" release="3.ule3" version="0.40.0">
+                         <filename>pixman-debugsource-0.40.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pixman" release="3.ule3" version="0.40.0">
+                         <filename>pixman-0.40.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2060</id>
+          <title>An update for qt5-qtbase is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38593" id="CVE-2021-38593" title="CVE-2021-38593" type="cve"></reference>
+          </references>
+          <description>Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).(CVE-2021-38593)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qt5-qtbase-odbc" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-postgresql" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debugsource" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debuginfo" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-static" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-gui" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-devel" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-examples" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-mysql" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-private-devel" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="qt5-qtbase-common" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-common-5.15.2-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debugsource" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-private-devel" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-mysql" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-static" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-gui" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debuginfo" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-odbc" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-examples" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-devel" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-postgresql" release="3.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2061</id>
+          <title>An update for postgresql is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23214" id="CVE-2021-23214" title="CVE-2021-23214" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23222" id="CVE-2021-23222" title="CVE-2021-23222" type="cve"></reference>
+          </references>
+          <description>When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.(CVE-2021-23214)A man-in-the-middle attacker can inject false responses to the client&#39;s first few queries, despite the use of SSL certificate verification and encryption.(CVE-2021-23222)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="postgresql" release="7.ule3" version="13.3">
+                         <filename>postgresql-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-debuginfo" release="7.ule3" version="13.3">
+                         <filename>postgresql-debuginfo-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-plpython3" release="7.ule3" version="13.3">
+                         <filename>postgresql-plpython3-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-server" release="7.ule3" version="13.3">
+                         <filename>postgresql-server-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-contrib" release="7.ule3" version="13.3">
+                         <filename>postgresql-contrib-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-llvmjit" release="7.ule3" version="13.3">
+                         <filename>postgresql-llvmjit-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-debugsource" release="7.ule3" version="13.3">
+                         <filename>postgresql-debugsource-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-server-devel" release="7.ule3" version="13.3">
+                         <filename>postgresql-server-devel-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-test" release="7.ule3" version="13.3">
+                         <filename>postgresql-test-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-docs" release="7.ule3" version="13.3">
+                         <filename>postgresql-docs-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-plperl" release="7.ule3" version="13.3">
+                         <filename>postgresql-plperl-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-pltcl" release="7.ule3" version="13.3">
+                         <filename>postgresql-pltcl-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-static" release="7.ule3" version="13.3">
+                         <filename>postgresql-static-13.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="postgresql-test-rpm-macros" release="7.ule3" version="13.3">
+                         <filename>postgresql-test-rpm-macros-13.3-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-docs" release="7.ule3" version="13.3">
+                         <filename>postgresql-docs-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-plperl" release="7.ule3" version="13.3">
+                         <filename>postgresql-plperl-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-server-devel" release="7.ule3" version="13.3">
+                         <filename>postgresql-server-devel-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql" release="7.ule3" version="13.3">
+                         <filename>postgresql-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-pltcl" release="7.ule3" version="13.3">
+                         <filename>postgresql-pltcl-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-debuginfo" release="7.ule3" version="13.3">
+                         <filename>postgresql-debuginfo-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-llvmjit" release="7.ule3" version="13.3">
+                         <filename>postgresql-llvmjit-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-server" release="7.ule3" version="13.3">
+                         <filename>postgresql-server-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-static" release="7.ule3" version="13.3">
+                         <filename>postgresql-static-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-plpython3" release="7.ule3" version="13.3">
+                         <filename>postgresql-plpython3-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-test" release="7.ule3" version="13.3">
+                         <filename>postgresql-test-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-contrib" release="7.ule3" version="13.3">
+                         <filename>postgresql-contrib-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-debugsource" release="7.ule3" version="13.3">
+                         <filename>postgresql-debugsource-13.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2062</id>
+          <title>An update for kafka is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-12399" id="CVE-2019-12399" title="CVE-2019-12399" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34917" id="CVE-2022-34917" title="CVE-2022-34917" type="cve"></reference>
+          </references>
+          <description>When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector&#39;s task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.(CVE-2019-12399)A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.(CVE-2022-34917)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kafka" release="1.ule3" version="2.8.2">
+                         <filename>kafka-2.8.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kafka" release="1.ule3" version="2.8.2">
+                         <filename>kafka-2.8.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2063</id>
+          <title>An update for exiv2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3756" id="CVE-2022-3756" title="CVE-2022-3756" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496.(CVE-2022-3756)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="exiv2-debuginfo" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-debuginfo-0.27.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="exiv2-devel" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-devel-0.27.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="exiv2-debugsource" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-debugsource-0.27.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="exiv2" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-0.27.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="exiv2-help" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-help-0.27.5-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2-debuginfo" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-debuginfo-0.27.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2-debugsource" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-debugsource-0.27.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2-devel" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-devel-0.27.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-0.27.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2064</id>
+          <title>An update for tomcat is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23181" id="CVE-2022-23181" title="CVE-2022-23181" type="cve"></reference>
+          </references>
+          <description>The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.(CVE-2022-23181)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="tomcat-help" release="26.ule3" version="9.0.10">
+                         <filename>tomcat-help-9.0.10-26.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat" release="26.ule3" version="9.0.10">
+                         <filename>tomcat-9.0.10-26.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat-jsvc" release="26.ule3" version="9.0.10">
+                         <filename>tomcat-jsvc-9.0.10-26.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2065</id>
+          <title>An update for log4j12 is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4104" id="CVE-2021-4104" title="CVE-2021-4104" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23307" id="CVE-2022-23307" title="CVE-2022-23307" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23302" id="CVE-2022-23302" title="CVE-2022-23302" type="cve"></reference>
+          </references>
+          <description>JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.(CVE-2021-4104)CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.(CVE-2022-23307)JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.(CVE-2022-23302)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="log4j12-help" release="25.ule3" version="1.2.17">
+                         <filename>log4j12-help-1.2.17-25.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="log4j12" release="25.ule3" version="1.2.17">
+                         <filename>log4j12-1.2.17-25.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2066</id>
+          <title>An update for xstream is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43859" id="CVE-2021-43859" title="CVE-2021-43859" type="cve"></reference>
+          </references>
+          <description>XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.(CVE-2021-43859)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="xstream-parent" release="2.ule3" version="1.4.18">
+                         <filename>xstream-parent-1.4.18-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xstream-javadoc" release="2.ule3" version="1.4.18">
+                         <filename>xstream-javadoc-1.4.18-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xstream-benchmark" release="2.ule3" version="1.4.18">
+                         <filename>xstream-benchmark-1.4.18-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xstream-hibernate" release="2.ule3" version="1.4.18">
+                         <filename>xstream-hibernate-1.4.18-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xstream" release="2.ule3" version="1.4.18">
+                         <filename>xstream-1.4.18-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2067</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0562" id="CVE-2022-0562" title="CVE-2022-0562" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0561" id="CVE-2022-0561" title="CVE-2022-0561" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22844" id="CVE-2022-22844" title="CVE-2022-22844" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0891" id="CVE-2022-0891" title="CVE-2022-0891" type="cve"></reference>
+          </references>
+          <description>Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.(CVE-2022-0562)Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.(CVE-2022-0561)LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.(CVE-2022-22844)A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact(CVE-2022-0891)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-tools" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="20.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2068</id>
+          <title>An update for strongswan is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45079" id="CVE-2021-45079" title="CVE-2021-45079" type="cve"></reference>
+          </references>
+          <description>In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.(CVE-2021-45079)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="strongswan-debugsource" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-debugsource-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-libipsec" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-libipsec-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-charon-nm" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-charon-nm-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-debuginfo" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-debuginfo-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-sqlite" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-sqlite-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-tnc-imcvs" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-tnc-imcvs-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-5.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-tnc-imcvs" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-tnc-imcvs-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-debugsource" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-debugsource-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-charon-nm" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-charon-nm-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-debuginfo" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-debuginfo-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-libipsec" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-libipsec-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-sqlite" release="12.ule3" version="5.7.2">
+                         <filename>strongswan-sqlite-5.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2071</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3542" id="CVE-2022-3542" title="CVE-2022-3542" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3606" id="CVE-2022-3606" title="CVE-2022-3606" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40768" id="CVE-2022-40768" title="CVE-2022-40768" type="cve"></reference>
+          </references>
+          <description>A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability.(CVE-2022-3542)A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.(CVE-2022-3606)drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.(CVE-2022-40768)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="504" arch="aarch64" name="bpftool" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2072</id>
+          <title>An update for xterm is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24130" id="CVE-2022-24130" title="CVE-2022-24130" type="cve"></reference>
+          </references>
+          <description>xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.(CVE-2022-24130)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xterm-help" release="4.ule3" version="363">
+                         <filename>xterm-help-363-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xterm" release="4.ule3" version="363">
+                         <filename>xterm-363-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xterm-debuginfo" release="4.ule3" version="363">
+                         <filename>xterm-debuginfo-363-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xterm-debugsource" release="4.ule3" version="363">
+                         <filename>xterm-debugsource-363-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xterm-help" release="4.ule3" version="363">
+                         <filename>xterm-help-363-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xterm" release="4.ule3" version="363">
+                         <filename>xterm-363-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xterm-debugsource" release="4.ule3" version="363">
+                         <filename>xterm-debugsource-363-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xterm-debuginfo" release="4.ule3" version="363">
+                         <filename>xterm-debuginfo-363-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2073</id>
+          <title>An update for ganglia is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-20378" id="CVE-2019-20378" title="CVE-2019-20378" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-20379" id="CVE-2019-20379" title="CVE-2019-20379" type="cve"></reference>
+          </references>
+          <description>ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.(CVE-2019-20378)ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.(CVE-2019-20379)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ganglia-devel" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-devel-3.7.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ganglia-web" release="2.ule3" version="3.7.5">
+                         <filename>ganglia-web-3.7.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ganglia-gmetad" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-gmetad-3.7.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ganglia-gmond" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-gmond-3.7.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ganglia-debugsource" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-debugsource-3.7.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ganglia-debuginfo" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-debuginfo-3.7.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ganglia" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-3.7.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ganglia-gmond" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-gmond-3.7.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ganglia-debugsource" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-debugsource-3.7.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ganglia-debuginfo" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-debuginfo-3.7.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ganglia" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-3.7.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ganglia-web" release="2.ule3" version="3.7.5">
+                         <filename>ganglia-web-3.7.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ganglia-gmetad" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-gmetad-3.7.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ganglia-devel" release="2.ule3" version="3.7.2">
+                         <filename>ganglia-devel-3.7.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2074</id>
+          <title>An update for gnome-font-viewer is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-19308" id="CVE-2019-19308" title="CVE-2019-19308" type="cve"></reference>
+          </references>
+          <description>In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).(CVE-2019-19308)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gnome-font-viewer-debugsource" release="2.ule3" version="3.34.0">
+                         <filename>gnome-font-viewer-debugsource-3.34.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnome-font-viewer" release="2.ule3" version="3.34.0">
+                         <filename>gnome-font-viewer-3.34.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnome-font-viewer-debuginfo" release="2.ule3" version="3.34.0">
+                         <filename>gnome-font-viewer-debuginfo-3.34.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnome-font-viewer-debuginfo" release="2.ule3" version="3.34.0">
+                         <filename>gnome-font-viewer-debuginfo-3.34.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnome-font-viewer-debugsource" release="2.ule3" version="3.34.0">
+                         <filename>gnome-font-viewer-debugsource-3.34.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnome-font-viewer" release="2.ule3" version="3.34.0">
+                         <filename>gnome-font-viewer-3.34.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2075</id>
+          <title>An update for freetds is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-13508" id="CVE-2019-13508" title="CVE-2019-13508" type="cve"></reference>
+          </references>
+          <description>FreeTDS through 1.1.11 has a Buffer Overflow.(CVE-2019-13508)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="freetds-debugsource" release="8.ule3" version="1.00.38">
+                         <filename>freetds-debugsource-1.00.38-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetds-devel" release="8.ule3" version="1.00.38">
+                         <filename>freetds-devel-1.00.38-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetds" release="8.ule3" version="1.00.38">
+                         <filename>freetds-1.00.38-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetds-debuginfo" release="8.ule3" version="1.00.38">
+                         <filename>freetds-debuginfo-1.00.38-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="freetds-help" release="8.ule3" version="1.00.38">
+                         <filename>freetds-help-1.00.38-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetds-debuginfo" release="8.ule3" version="1.00.38">
+                         <filename>freetds-debuginfo-1.00.38-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetds-devel" release="8.ule3" version="1.00.38">
+                         <filename>freetds-devel-1.00.38-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetds-debugsource" release="8.ule3" version="1.00.38">
+                         <filename>freetds-debugsource-1.00.38-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetds" release="8.ule3" version="1.00.38">
+                         <filename>freetds-1.00.38-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2076</id>
+          <title>An update for mysql-connector-java is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-2692" id="CVE-2019-2692" title="CVE-2019-2692" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2019-2692)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="mysql-connector-java" release="1.ule3" version="8.0.16">
+                         <filename>mysql-connector-java-8.0.16-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2077</id>
+          <title>An update for grafana is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21702" id="CVE-2022-21702" title="CVE-2022-21702" type="cve"></reference>
+          </references>
+          <description>Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.(CVE-2022-21702)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="grafana" release="3.ule3" version="7.5.15">
+                         <filename>grafana-7.5.15-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="grafana-debuginfo" release="3.ule3" version="7.5.15">
+                         <filename>grafana-debuginfo-7.5.15-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grafana-debuginfo" release="3.ule3" version="7.5.15">
+                         <filename>grafana-debuginfo-7.5.15-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grafana" release="3.ule3" version="7.5.15">
+                         <filename>grafana-7.5.15-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2078</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0583" id="CVE-2022-0583" title="CVE-2022-0583" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0585" id="CVE-2022-0585" title="CVE-2022-0585" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0581" id="CVE-2022-0581" title="CVE-2022-0581" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0586" id="CVE-2022-0586" title="CVE-2022-0586" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0582" id="CVE-2022-0582" title="CVE-2022-0582" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3725" id="CVE-2022-3725" title="CVE-2022-3725" type="cve"></reference>
+          </references>
+          <description>Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file(CVE-2022-0583)Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file(CVE-2022-0585)Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file(CVE-2022-0581)Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file(CVE-2022-0586)Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file(CVE-2022-0582)Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file(CVE-2022-3725)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="3.ule3" version="3.6.2">
+                         <filename>wireshark-debuginfo-3.6.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="3.ule3" version="3.6.2">
+                         <filename>wireshark-help-3.6.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="3.ule3" version="3.6.2">
+                         <filename>wireshark-3.6.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="3.ule3" version="3.6.2">
+                         <filename>wireshark-debugsource-3.6.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="3.ule3" version="3.6.2">
+                         <filename>wireshark-devel-3.6.2-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="3.ule3" version="3.6.2">
+                         <filename>wireshark-debuginfo-3.6.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="3.ule3" version="3.6.2">
+                         <filename>wireshark-debugsource-3.6.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="3.ule3" version="3.6.2">
+                         <filename>wireshark-3.6.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="3.ule3" version="3.6.2">
+                         <filename>wireshark-devel-3.6.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="3.ule3" version="3.6.2">
+                         <filename>wireshark-help-3.6.2-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2079</id>
+          <title>An update for sudo is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-43995" id="CVE-2022-43995" title="CVE-2022-43995" type="cve"></reference>
+          </references>
+          <description>Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.(CVE-2022-43995)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sudo" release="4.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debugsource" release="4.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debuginfo" release="4.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-devel" release="4.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sudo-help" release="4.ule3" version="1.9.8p2">
+                         <filename>sudo-help-1.9.8p2-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debuginfo" release="4.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debugsource" release="4.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo" release="4.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-devel" release="4.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2082</id>
+          <title>An update for libxml2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23308" id="CVE-2022-23308" title="CVE-2022-23308" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40303" id="CVE-2022-40303" title="CVE-2022-40303" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40304" id="CVE-2022-40304" title="CVE-2022-40304" type="cve"></reference>
+          </references>
+          <description>valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.(CVE-2022-23308)A flaw was found in libxml2. Parsing a XML document with the XML_PARSE_HUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn&#39;t have any length limitation.(CVE-2022-40303)A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free.(CVE-2022-40304)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libxml2" release="13.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-devel" release="13.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-debuginfo" release="13.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-debugsource" release="13.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-libxml2" release="13.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libxml2-help" release="13.ule3" version="2.9.12">
+                         <filename>libxml2-help-2.9.12-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debugsource" release="13.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2" release="13.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-devel" release="13.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debuginfo" release="13.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-libxml2" release="13.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2084</id>
+          <title>An update for nodejs-fstream is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-13173" id="CVE-2019-13173" title="CVE-2019-13173" type="cve"></reference>
+          </references>
+          <description>fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system&#39;s file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.(CVE-2019-13173)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-fstream" release="1.ule3" version="1.0.12">
+                         <filename>nodejs-fstream-1.0.12-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2085</id>
+          <title>An update for firefox is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25235" id="CVE-2022-25235" title="CVE-2022-25235" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25236" id="CVE-2022-25236" title="CVE-2022-25236" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25315" id="CVE-2022-25315" title="CVE-2022-25315" type="cve"></reference>
+          </references>
+          <description>xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.(CVE-2022-25235)xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.(CVE-2022-25236)In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.(CVE-2022-25315)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="firefox-debuginfo" release="13.ule3" version="79.0">
+                         <filename>firefox-debuginfo-79.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debugsource" release="13.ule3" version="79.0">
+                         <filename>firefox-debugsource-79.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox" release="13.ule3" version="79.0">
+                         <filename>firefox-79.0-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debugsource" release="13.ule3" version="79.0">
+                         <filename>firefox-debugsource-79.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debuginfo" release="13.ule3" version="79.0">
+                         <filename>firefox-debuginfo-79.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox" release="13.ule3" version="79.0">
+                         <filename>firefox-79.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mozilla-crashreporter-firefox-debuginfo" release="13.ule3" version="79.0">
+                         <filename>mozilla-crashreporter-firefox-debuginfo-79.0-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2086</id>
+          <title>An update for python-pillow is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24303" id="CVE-2022-24303" title="CVE-2022-24303" type="cve"></reference>
+          </references>
+          <description>Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.(CVE-2022-24303)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-pillow-devel" release="2.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pillow-debugsource" release="2.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow" release="2.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-tk" release="2.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-qt" release="2.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pillow-debuginfo" release="2.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-pillow-help" release="2.ule3" version="9.0.1">
+                         <filename>python3-pillow-help-9.0.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-devel" release="2.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-qt" release="2.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debuginfo" release="2.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debugsource" release="2.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-tk" release="2.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow" release="2.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2087</id>
+          <title>An update for festival is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2010-3996" id="CVE-2010-3996" title="CVE-2010-3996" type="cve"></reference>
+          </references>
+          <description>festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.(CVE-2010-3996)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="festival-debuginfo" release="45.ule3" version="1.96">
+                         <filename>festival-debuginfo-1.96-45.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="festival" release="45.ule3" version="1.96">
+                         <filename>festival-1.96-45.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="festival-devel" release="45.ule3" version="1.96">
+                         <filename>festival-devel-1.96-45.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="festival-debugsource" release="45.ule3" version="1.96">
+                         <filename>festival-debugsource-1.96-45.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="festival-help" release="45.ule3" version="1.96">
+                         <filename>festival-help-1.96-45.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="festival-debuginfo" release="45.ule3" version="1.96">
+                         <filename>festival-debuginfo-1.96-45.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="festival" release="45.ule3" version="1.96">
+                         <filename>festival-1.96-45.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="festival-debugsource" release="45.ule3" version="1.96">
+                         <filename>festival-debugsource-1.96-45.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="festival-devel" release="45.ule3" version="1.96">
+                         <filename>festival-devel-1.96-45.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2088</id>
+          <title>An update for usbguard is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-25058" id="CVE-2019-25058" title="CVE-2019-25058" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.(CVE-2019-25058)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="usbguard-debugsource" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-debugsource-0.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="usbguard-debuginfo" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-debuginfo-0.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="usbguard-help" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-help-0.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="usbguard-applet-qt" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-applet-qt-0.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="usbguard-dbus" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-dbus-0.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="usbguard-tools" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-tools-0.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="usbguard-devel" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-devel-0.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="usbguard" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-0.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="usbguard" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-0.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="usbguard-applet-qt" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-applet-qt-0.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="usbguard-devel" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-devel-0.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="usbguard-tools" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-tools-0.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="usbguard-debuginfo" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-debuginfo-0.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="usbguard-debugsource" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-debugsource-0.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="usbguard-dbus" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-dbus-0.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="usbguard-help" release="7.ule3" version="0.7.2">
+                         <filename>usbguard-help-0.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2089</id>
+          <title>An update for gnulib is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-17942" id="CVE-2018-17942" title="CVE-2018-17942" type="cve"></reference>
+          </references>
+          <description>The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing &#39;\0&#39; character during %f processing.(CVE-2018-17942)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gnulib-debugsource" release="29.20180720git.ule3" version="0">
+                         <filename>gnulib-debugsource-0-29.20180720git.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnulib-help" release="29.20180720git.ule3" version="0">
+                         <filename>gnulib-help-0-29.20180720git.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnulib-debuginfo" release="29.20180720git.ule3" version="0">
+                         <filename>gnulib-debuginfo-0-29.20180720git.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gnulib-devel" release="29.20180720git.ule3" version="0">
+                         <filename>gnulib-devel-0-29.20180720git.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnulib-help" release="29.20180720git.ule3" version="0">
+                         <filename>gnulib-help-0-29.20180720git.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnulib-debuginfo" release="29.20180720git.ule3" version="0">
+                         <filename>gnulib-debuginfo-0-29.20180720git.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnulib-debugsource" release="29.20180720git.ule3" version="0">
+                         <filename>gnulib-debugsource-0-29.20180720git.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2090</id>
+          <title>An update for libvncserver is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-29260" id="CVE-2020-29260" title="CVE-2020-29260" type="cve"></reference>
+          </references>
+          <description>libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().(CVE-2020-29260)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libvncserver-debuginfo" release="3.ule3" version="0.9.13">
+                         <filename>libvncserver-debuginfo-0.9.13-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvncserver-devel" release="3.ule3" version="0.9.13">
+                         <filename>libvncserver-devel-0.9.13-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvncserver" release="3.ule3" version="0.9.13">
+                         <filename>libvncserver-0.9.13-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvncserver-debugsource" release="3.ule3" version="0.9.13">
+                         <filename>libvncserver-debugsource-0.9.13-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvncserver-debugsource" release="3.ule3" version="0.9.13">
+                         <filename>libvncserver-debugsource-0.9.13-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvncserver-devel" release="3.ule3" version="0.9.13">
+                         <filename>libvncserver-devel-0.9.13-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvncserver" release="3.ule3" version="0.9.13">
+                         <filename>libvncserver-0.9.13-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvncserver-debuginfo" release="3.ule3" version="0.9.13">
+                         <filename>libvncserver-debuginfo-0.9.13-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2091</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-39212" id="CVE-2021-39212" title="CVE-2021-39212" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-3596" id="CVE-2021-3596" title="CVE-2021-3596" type="cve"></reference>
+          </references>
+          <description>ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. &lt;policy domain=&#34;module&#34; rights=&#34;none&#34; pattern=&#34;PS&#34; /&gt;. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: &lt;policy domain=&#34;coder&#34; rights=&#34;none&#34; pattern=&#34;{PS,EPI,EPS,EPSF,EPSI}&#34; /&gt;.(CVE-2021-39212)A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2&#39;s xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.(CVE-2021-3596)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="4.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2092</id>
+          <title>An update for hadoop is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26612" id="CVE-2022-26612" title="CVE-2022-26612" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-37404" id="CVE-2021-37404" title="CVE-2021-37404" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25168" id="CVE-2022-25168" title="CVE-2022-25168" type="cve"></reference>
+          </references>
+          <description>In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn&#39;t resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3(CVE-2022-26612)There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.(CVE-2021-37404)Apache Hadoop&#39;s FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. &#34;Check existence of file before untarring/zipping&#34;, which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).(CVE-2022-25168)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="hadoop-devel" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-devel-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-debuginfo" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debuginfo-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-debugsource" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debugsource-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libhdfs" release="1.ule3" version="3.3.4">
+                         <filename>libhdfs-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-common-native" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-common-native-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hadoop-yarn-security" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-yarn-security-3.3.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-common" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-common-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-tests" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-tests-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-client" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-client-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-httpfs" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-httpfs-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-mapreduce" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-mapreduce-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-hdfs" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-hdfs-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-yarn" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-yarn-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-mapreduce-examples" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-mapreduce-examples-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hadoop-maven-plugin" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-maven-plugin-3.3.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-yarn-security" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-yarn-security-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-common-native" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-common-native-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libhdfs" release="1.ule3" version="3.3.4">
+                         <filename>libhdfs-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-debugsource" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debugsource-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-debuginfo" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-debuginfo-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hadoop-devel" release="1.ule3" version="3.3.4">
+                         <filename>hadoop-devel-3.3.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2093</id>
+          <title>An update for rubygem-websocket-extensions is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-7663" id="CVE-2020-7663" title="CVE-2020-7663" type="cve"></reference>
+          </references>
+          <description>websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.(CVE-2020-7663)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="rubygem-websocket-extensions-doc" release="2.ule3" version="0.1.2">
+                         <filename>rubygem-websocket-extensions-doc-0.1.2-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-websocket-extensions" release="2.ule3" version="0.1.2">
+                         <filename>rubygem-websocket-extensions-0.1.2-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2094</id>
+          <title>An update for zsh is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45444" id="CVE-2021-45444" title="CVE-2021-45444" type="cve"></reference>
+          </references>
+          <description>In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.(CVE-2021-45444)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="zsh" release="3.ule3" version="5.8">
+                         <filename>zsh-5.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zsh-debugsource" release="3.ule3" version="5.8">
+                         <filename>zsh-debugsource-5.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zsh-debuginfo" release="3.ule3" version="5.8">
+                         <filename>zsh-debuginfo-5.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="zsh-help" release="3.ule3" version="5.8">
+                         <filename>zsh-help-5.8-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zsh" release="3.ule3" version="5.8">
+                         <filename>zsh-5.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zsh-debugsource" release="3.ule3" version="5.8">
+                         <filename>zsh-debugsource-5.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zsh-debuginfo" release="3.ule3" version="5.8">
+                         <filename>zsh-debuginfo-5.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2095</id>
+          <title>An update for ntfs-3g is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40284" id="CVE-2022-40284" title="CVE-2022-40284" type="cve"></reference>
+          </references>
+          <description>A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.(CVE-2022-40284)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="ntfs-3g-devel" release="2.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-devel-2022.5.17-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ntfs-3g-debuginfo" release="2.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-debuginfo-2022.5.17-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ntfs-3g-debugsource" release="2.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-debugsource-2022.5.17-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ntfs-3g-help" release="2.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-help-2022.5.17-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ntfs-3g" release="2.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-2022.5.17-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ntfs-3g-devel" release="2.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-devel-2022.5.17-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ntfs-3g-debuginfo" release="2.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-debuginfo-2022.5.17-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ntfs-3g-debugsource" release="2.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-debugsource-2022.5.17-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ntfs-3g-help" release="2.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-help-2022.5.17-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ntfs-3g" release="2.ule3" version="2022.5.17">
+                         <filename>ntfs-3g-2022.5.17-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2096</id>
+          <title>An update for xmlrpc is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-17570" id="CVE-2019-17570" title="CVE-2019-17570" type="cve"></reference>
+          </references>
+          <description>An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.(CVE-2019-17570)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="xmlrpc-client" release="2.ule3" version="3.1.3">
+                         <filename>xmlrpc-client-3.1.3-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xmlrpc-common" release="2.ule3" version="3.1.3">
+                         <filename>xmlrpc-common-3.1.3-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xmlrpc-javadoc" release="2.ule3" version="3.1.3">
+                         <filename>xmlrpc-javadoc-3.1.3-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xmlrpc-server" release="2.ule3" version="3.1.3">
+                         <filename>xmlrpc-server-3.1.3-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2097</id>
+          <title>An update for python3 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42919" id="CVE-2022-42919" title="CVE-2022-42919" type="cve"></reference>
+          </references>
+          <description>Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.(CVE-2022-42919)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-unversioned-command" release="16.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debug" release="16.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3" release="16.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-devel" release="16.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debugsource" release="16.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debuginfo" release="16.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-help" release="16.ule3" version="3.9.9">
+                         <filename>python3-help-3.9.9-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unversioned-command" release="16.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debugsource" release="16.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3" release="16.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debug" release="16.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-devel" release="16.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debuginfo" release="16.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2098</id>
+          <title>An update for libxslt is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-30560" id="CVE-2021-30560" title="CVE-2021-30560" type="cve"></reference>
+          </references>
+          <description>Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2021-30560)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libxslt" release="8.ule3" version="1.1.34">
+                         <filename>libxslt-1.1.34-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxslt-devel" release="8.ule3" version="1.1.34">
+                         <filename>libxslt-devel-1.1.34-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxslt-debuginfo" release="8.ule3" version="1.1.34">
+                         <filename>libxslt-debuginfo-1.1.34-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxslt-debugsource" release="8.ule3" version="1.1.34">
+                         <filename>libxslt-debugsource-1.1.34-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libxslt-help" release="8.ule3" version="1.1.34">
+                         <filename>libxslt-help-1.1.34-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxslt-debuginfo" release="8.ule3" version="1.1.34">
+                         <filename>libxslt-debuginfo-1.1.34-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxslt-devel" release="8.ule3" version="1.1.34">
+                         <filename>libxslt-devel-1.1.34-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxslt-debugsource" release="8.ule3" version="1.1.34">
+                         <filename>libxslt-debugsource-1.1.34-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxslt" release="8.ule3" version="1.1.34">
+                         <filename>libxslt-1.1.34-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2099</id>
+          <title>An update for systemd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3821" id="CVE-2022-3821" title="CVE-2022-3821" type="cve"></reference>
+          </references>
+          <description>An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.(CVE-2022-3821)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="systemd" release="40.ule3" version="249">
+                         <filename>systemd-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-debuginfo" release="40.ule3" version="249">
+                         <filename>systemd-debuginfo-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-devel" release="40.ule3" version="249">
+                         <filename>systemd-devel-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-timesyncd" release="40.ule3" version="249">
+                         <filename>systemd-timesyncd-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-nspawn" release="40.ule3" version="249">
+                         <filename>systemd-nspawn-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-resolved" release="40.ule3" version="249">
+                         <filename>systemd-resolved-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-debugsource" release="40.ule3" version="249">
+                         <filename>systemd-debugsource-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-container" release="40.ule3" version="249">
+                         <filename>systemd-container-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-udev" release="40.ule3" version="249">
+                         <filename>systemd-udev-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-libs" release="40.ule3" version="249">
+                         <filename>systemd-libs-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-pam" release="40.ule3" version="249">
+                         <filename>systemd-pam-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-networkd" release="40.ule3" version="249">
+                         <filename>systemd-networkd-249-40.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="systemd-help" release="40.ule3" version="249">
+                         <filename>systemd-help-249-40.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-container" release="40.ule3" version="249">
+                         <filename>systemd-container-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-libs" release="40.ule3" version="249">
+                         <filename>systemd-libs-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-networkd" release="40.ule3" version="249">
+                         <filename>systemd-networkd-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-pam" release="40.ule3" version="249">
+                         <filename>systemd-pam-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-debuginfo" release="40.ule3" version="249">
+                         <filename>systemd-debuginfo-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-resolved" release="40.ule3" version="249">
+                         <filename>systemd-resolved-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-udev" release="40.ule3" version="249">
+                         <filename>systemd-udev-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd" release="40.ule3" version="249">
+                         <filename>systemd-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-nspawn" release="40.ule3" version="249">
+                         <filename>systemd-nspawn-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-debugsource" release="40.ule3" version="249">
+                         <filename>systemd-debugsource-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-timesyncd" release="40.ule3" version="249">
+                         <filename>systemd-timesyncd-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-devel" release="40.ule3" version="249">
+                         <filename>systemd-devel-249-40.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2100</id>
+          <title>An update for bash is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3715" id="CVE-2022-3715" title="CVE-2022-3715" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the bash package, where a heap-buffer overflow can occur in valid_parameter_transform. This issue may lead to memory problems.(CVE-2022-3715)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bash-debugsource" release="6.ule3" version="5.1.8">
+                         <filename>bash-debugsource-5.1.8-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bash-devel" release="6.ule3" version="5.1.8">
+                         <filename>bash-devel-5.1.8-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bash-debuginfo" release="6.ule3" version="5.1.8">
+                         <filename>bash-debuginfo-5.1.8-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bash" release="6.ule3" version="5.1.8">
+                         <filename>bash-5.1.8-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bash-help" release="6.ule3" version="5.1.8">
+                         <filename>bash-help-5.1.8-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bash-debugsource" release="6.ule3" version="5.1.8">
+                         <filename>bash-debugsource-5.1.8-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bash-debuginfo" release="6.ule3" version="5.1.8">
+                         <filename>bash-debuginfo-5.1.8-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bash" release="6.ule3" version="5.1.8">
+                         <filename>bash-5.1.8-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bash-devel" release="6.ule3" version="5.1.8">
+                         <filename>bash-devel-5.1.8-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2101</id>
+          <title>An update for exiv2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3755" id="CVE-2022-3755" title="CVE-2022-3755" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.(CVE-2022-3755)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="exiv2" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-0.27.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="exiv2-devel" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-devel-0.27.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="exiv2-debuginfo" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-debuginfo-0.27.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="exiv2-debugsource" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-debugsource-0.27.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="exiv2-help" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-help-0.27.5-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2-devel" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-devel-0.27.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-0.27.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2-debuginfo" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-debuginfo-0.27.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="exiv2-debugsource" release="3.ule3" version="0.27.5">
+                         <filename>exiv2-debugsource-0.27.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2102</id>
+          <title>An update for python3 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45061" id="CVE-2022-45061" title="CVE-2022-45061" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.(CVE-2022-45061)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3" release="17.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debugsource" release="17.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debuginfo" release="17.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debug" release="17.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unversioned-command" release="17.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-devel" release="17.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-help" release="17.ule3" version="3.9.9">
+                         <filename>python3-help-3.9.9-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unversioned-command" release="17.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-devel" release="17.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3" release="17.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debugsource" release="17.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debuginfo" release="17.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debug" release="17.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2103</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3628" id="CVE-2022-3628" title="CVE-2022-3628" type="cve"></reference>
+          </references>
+          <description>VUL-0: CVE-2022-3628: kernel: USB-accessible buffer overflow in Linux kernel driver brcmfmac(CVE-2022-3628)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="5" arch="aarch64" name="perf-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.66.0.91.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="kernel-source" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.66.0.91.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.66.0.91.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2104</id>
+          <title>An update for libpq is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1552" id="CVE-2022-1552" title="CVE-2022-1552" type="cve"></reference>
+          </references>
+          <description>A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user&#39;s objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.(CVE-2022-1552)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libpq-debuginfo" release="1.ule3" version="13.7">
+                         <filename>libpq-debuginfo-13.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libpq-debugsource" release="1.ule3" version="13.7">
+                         <filename>libpq-debugsource-13.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libpq-devel" release="1.ule3" version="13.7">
+                         <filename>libpq-devel-13.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libpq" release="1.ule3" version="13.7">
+                         <filename>libpq-13.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq" release="1.ule3" version="13.7">
+                         <filename>libpq-13.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq-devel" release="1.ule3" version="13.7">
+                         <filename>libpq-devel-13.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq-debuginfo" release="1.ule3" version="13.7">
+                         <filename>libpq-debuginfo-13.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq-debugsource" release="1.ule3" version="13.7">
+                         <filename>libpq-debugsource-13.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2105</id>
+          <title>An update for xfce4-settings is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45062" id="CVE-2022-45062" title="CVE-2022-45062" type="cve"></reference>
+          </references>
+          <description>In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.(CVE-2022-45062)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xfce4-settings-debuginfo" release="2.ule3" version="4.16.0">
+                         <filename>xfce4-settings-debuginfo-4.16.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xfce4-settings-debugsource" release="2.ule3" version="4.16.0">
+                         <filename>xfce4-settings-debugsource-4.16.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xfce4-settings" release="2.ule3" version="4.16.0">
+                         <filename>xfce4-settings-4.16.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xfce4-settings" release="2.ule3" version="4.16.0">
+                         <filename>xfce4-settings-4.16.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xfce4-settings-debuginfo" release="2.ule3" version="4.16.0">
+                         <filename>xfce4-settings-debuginfo-4.16.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xfce4-settings-debugsource" release="2.ule3" version="4.16.0">
+                         <filename>xfce4-settings-debugsource-4.16.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2107</id>
+          <title>An update for sysstat is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39377" id="CVE-2022-39377" title="CVE-2022-39377" type="cve"></reference>
+          </references>
+          <description>sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.(CVE-2022-39377)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sysstat-debugsource" release="4.ule3" version="12.5.4">
+                         <filename>sysstat-debugsource-12.5.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sysstat" release="4.ule3" version="12.5.4">
+                         <filename>sysstat-12.5.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sysstat-debuginfo" release="4.ule3" version="12.5.4">
+                         <filename>sysstat-debuginfo-12.5.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sysstat-debuginfo" release="4.ule3" version="12.5.4">
+                         <filename>sysstat-debuginfo-12.5.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sysstat" release="4.ule3" version="12.5.4">
+                         <filename>sysstat-12.5.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sysstat-debugsource" release="4.ule3" version="12.5.4">
+                         <filename>sysstat-debugsource-12.5.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2108</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3970" id="CVE-2022-3970" title="CVE-2022-3970" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.(CVE-2022-3970)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-debugsource" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="21.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2109</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32547" id="CVE-2022-32547" title="CVE-2022-32547" type="cve"></reference>
+          </references>
+          <description>In ImageMagick, there is load of misaligned address for type &#39;double&#39;, which requires 8 byte alignment and for type &#39;float&#39;, which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.(CVE-2022-32547)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="5.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2110</id>
+          <title>An update for xorg-x11-server is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3553" id="CVE-2022-3553" title="CVE-2022-3553" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3551" id="CVE-2022-3551" title="CVE-2022-3551" type="cve"></reference>
+          </references>
+          <description>A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability.(CVE-2022-3553)A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.(CVE-2022-3551)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xorg-x11-server-debugsource" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xephyr" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xvfb" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-devel" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xnest" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debuginfo" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xdmx" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-common" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-help" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-help-1.20.11-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-source" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-source-1.20.11-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xnest" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xephyr" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debugsource" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xvfb" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debuginfo" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-devel" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xdmx" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-common" release="12.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2111</id>
+          <title>An update for varnish is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45060" id="CVE-2022-45060" title="CVE-2022-45060" type="cve"></reference>
+          </references>
+          <description>An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.(CVE-2022-45060)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="varnish" release="7.ule3" version="7.0.1">
+                         <filename>varnish-7.0.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debuginfo" release="7.ule3" version="7.0.1">
+                         <filename>varnish-debuginfo-7.0.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-devel" release="7.ule3" version="7.0.1">
+                         <filename>varnish-devel-7.0.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debugsource" release="7.ule3" version="7.0.1">
+                         <filename>varnish-debugsource-7.0.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="varnish-help" release="7.ule3" version="7.0.1">
+                         <filename>varnish-help-7.0.1-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debuginfo" release="7.ule3" version="7.0.1">
+                         <filename>varnish-debuginfo-7.0.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish" release="7.ule3" version="7.0.1">
+                         <filename>varnish-7.0.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-devel" release="7.ule3" version="7.0.1">
+                         <filename>varnish-devel-7.0.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debugsource" release="7.ule3" version="7.0.1">
+                         <filename>varnish-debugsource-7.0.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2112</id>
+          <title>An update for freerdp is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39347" id="CVE-2022-39347" title="CVE-2022-39347" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39316" id="CVE-2022-39316" title="CVE-2022-39316" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39319" id="CVE-2022-39319" title="CVE-2022-39319" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41877" id="CVE-2022-41877" title="CVE-2022-41877" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39318" id="CVE-2022-39318" title="CVE-2022-39318" type="cve"></reference>
+          </references>
+          <description>FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.(CVE-2022-39347)FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.(CVE-2022-39316)FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.(CVE-2022-39319)FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`.(CVE-2022-41877)FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.(CVE-2022-39318)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="freerdp-devel" release="2.ule3" version="2.8.1">
+                         <filename>freerdp-devel-2.8.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debugsource" release="2.ule3" version="2.8.1">
+                         <filename>freerdp-debugsource-2.8.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-help" release="2.ule3" version="2.8.1">
+                         <filename>freerdp-help-2.8.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr" release="2.ule3" version="2.8.1">
+                         <filename>libwinpr-2.8.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debuginfo" release="2.ule3" version="2.8.1">
+                         <filename>freerdp-debuginfo-2.8.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp" release="2.ule3" version="2.8.1">
+                         <filename>freerdp-2.8.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr-devel" release="2.ule3" version="2.8.1">
+                         <filename>libwinpr-devel-2.8.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-devel" release="2.ule3" version="2.8.1">
+                         <filename>freerdp-devel-2.8.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debugsource" release="2.ule3" version="2.8.1">
+                         <filename>freerdp-debugsource-2.8.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp" release="2.ule3" version="2.8.1">
+                         <filename>freerdp-2.8.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debuginfo" release="2.ule3" version="2.8.1">
+                         <filename>freerdp-debuginfo-2.8.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr" release="2.ule3" version="2.8.1">
+                         <filename>libwinpr-2.8.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-help" release="2.ule3" version="2.8.1">
+                         <filename>freerdp-help-2.8.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr-devel" release="2.ule3" version="2.8.1">
+                         <filename>libwinpr-devel-2.8.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2113</id>
+          <title>An update for python-pillow is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45199" id="CVE-2022-45199" title="CVE-2022-45199" type="cve"></reference>
+          </references>
+          <description>Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.(CVE-2022-45199)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-pillow-debugsource" release="3.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-devel" release="3.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-tk" release="3.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pillow-debuginfo" release="3.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-qt" release="3.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow" release="3.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-pillow-help" release="3.ule3" version="9.0.1">
+                         <filename>python3-pillow-help-9.0.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-qt" release="3.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debuginfo" release="3.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-devel" release="3.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debugsource" release="3.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-tk" release="3.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow" release="3.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2114</id>
+          <title>An update for nodejs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-43548" id="CVE-2022-43548" title="CVE-2022-43548" type="cve"></reference>
+          </references>
+          <description>A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.(CVE-2022-43548)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="nodejs-devel" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-devel-12.22.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-libs" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-libs-12.22.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-12.22.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-debuginfo" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-debuginfo-12.22.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="v8-devel" release="1.12.22.11.3.ule3" version="7.8.279.23">
+                         <filename>v8-devel-7.8.279.23-1.12.22.11.3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="npm" release="1.12.22.11.3.ule3" version="6.14.16">
+                         <filename>npm-6.14.16-1.12.22.11.3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-full-i18n" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-full-i18n-12.22.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-debugsource" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-debugsource-12.22.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="nodejs-docs" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-docs-12.22.11-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-12.22.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-full-i18n" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-full-i18n-12.22.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-devel" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-devel-12.22.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-debuginfo" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-debuginfo-12.22.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="npm" release="1.12.22.11.3.ule3" version="6.14.16">
+                         <filename>npm-6.14.16-1.12.22.11.3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-libs" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-libs-12.22.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="v8-devel" release="1.12.22.11.3.ule3" version="7.8.279.23">
+                         <filename>v8-devel-7.8.279.23-1.12.22.11.3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-debugsource" release="3.ule3" version="12.22.11">
+                         <filename>nodejs-debugsource-12.22.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2115</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41716" id="CVE-2022-41716" title="CVE-2022-41716" type="cve"></reference>
+          </references>
+          <description>Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string &#34;A=B\x00C=D&#34; sets the variables &#34;A=B&#34; and &#34;C=D&#34;.(CVE-2022-41716)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="12.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="12.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="12.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="12.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2116</id>
+          <title>An update for dbus-broker is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31212" id="CVE-2022-31212" title="CVE-2022-31212" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31213" id="CVE-2022-31213" title="CVE-2022-31213" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service&#39;s Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.(CVE-2022-31212)An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.(CVE-2022-31213)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="dbus-broker" release="4.ule3" version="29">
+                         <filename>dbus-broker-29-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dbus-broker-debuginfo" release="4.ule3" version="29">
+                         <filename>dbus-broker-debuginfo-29-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="dbus-broker-debugsource" release="4.ule3" version="29">
+                         <filename>dbus-broker-debugsource-29-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dbus-broker" release="4.ule3" version="29">
+                         <filename>dbus-broker-29-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dbus-broker-debuginfo" release="4.ule3" version="29">
+                         <filename>dbus-broker-debuginfo-29-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="dbus-broker-debugsource" release="4.ule3" version="29">
+                         <filename>dbus-broker-debugsource-29-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2117</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42895" id="CVE-2022-42895" title="CVE-2022-42895" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42896" id="CVE-2022-42896" title="CVE-2022-42896" type="cve"></reference>
+          </references>
+          <description>There is an infoleak vulnerability in the Linux kernel&#39;s net/bluetooth/l2cap_core.c&#39;s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url(CVE-2022-42895)There are use-after-free vulnerabilities in the Linux kernel&#39;s net/bluetooth/l2cap_core.c&#39;s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url(CVE-2022-42896)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.68.0.93.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.68.0.93.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.68.0.93.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2118</id>
+          <title>An update for grub2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2601" id="CVE-2022-2601" title="CVE-2022-2601" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3775" id="CVE-2022-3775" title="CVE-2022-3775" type="cve"></reference>
+          </references>
+          <description>A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.(CVE-2022-2601)A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.(CVE-2022-3775)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="grub2-debugsource" release="15.ule3" version="2.06">
+                         <filename>grub2-debugsource-2.06-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-debuginfo" release="15.ule3" version="2.06">
+                         <filename>grub2-debuginfo-2.06-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-efi-aa64" release="15.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-2.06-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-tools-extra" release="15.ule3" version="2.06">
+                         <filename>grub2-tools-extra-2.06-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-tools" release="15.ule3" version="2.06">
+                         <filename>grub2-tools-2.06-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-efi-aa64-cdboot" release="15.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-cdboot-2.06-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-tools-minimal" release="15.ule3" version="2.06">
+                         <filename>grub2-tools-minimal-2.06-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-aa64-modules" release="15.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-modules-2.06-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-pc-modules" release="15.ule3" version="2.06">
+                         <filename>grub2-pc-modules-2.06-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-common" release="15.ule3" version="2.06">
+                         <filename>grub2-common-2.06-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-ia32-modules" release="15.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-modules-2.06-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-x64-modules" release="15.ule3" version="2.06">
+                         <filename>grub2-efi-x64-modules-2.06-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-help" release="15.ule3" version="2.06">
+                         <filename>grub2-help-2.06-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-extra" release="15.ule3" version="2.06">
+                         <filename>grub2-tools-extra-2.06-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-pc" release="15.ule3" version="2.06">
+                         <filename>grub2-pc-2.06-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools" release="15.ule3" version="2.06">
+                         <filename>grub2-tools-2.06-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-x64" release="15.ule3" version="2.06">
+                         <filename>grub2-efi-x64-2.06-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-x64-cdboot" release="15.ule3" version="2.06">
+                         <filename>grub2-efi-x64-cdboot-2.06-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-ia32-cdboot" release="15.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-cdboot-2.06-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-debuginfo" release="15.ule3" version="2.06">
+                         <filename>grub2-debuginfo-2.06-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-debugsource" release="15.ule3" version="2.06">
+                         <filename>grub2-debugsource-2.06-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-minimal" release="15.ule3" version="2.06">
+                         <filename>grub2-tools-minimal-2.06-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-ia32" release="15.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-2.06-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-efi" release="15.ule3" version="2.06">
+                         <filename>grub2-tools-efi-2.06-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2119</id>
+          <title>An update for apache-sshd is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45047" id="CVE-2022-45047" title="CVE-2022-45047" type="cve"></reference>
+          </references>
+          <description>Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD &lt;= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.(CVE-2022-45047)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="apache-sshd-javadoc" release="1.ule3" version="2.9.2">
+                         <filename>apache-sshd-javadoc-2.9.2-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="apache-sshd" release="1.ule3" version="2.9.2">
+                         <filename>apache-sshd-2.9.2-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2120</id>
+          <title>An update for freerdp is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-11-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39317" id="CVE-2022-39317" title="CVE-2022-39317" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39320" id="CVE-2022-39320" title="CVE-2022-39320" type="cve"></reference>
+          </references>
+          <description>FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.(CVE-2022-39317)FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.(CVE-2022-39320)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="freerdp-debugsource" release="3.ule3" version="2.8.1">
+                         <filename>freerdp-debugsource-2.8.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-help" release="3.ule3" version="2.8.1">
+                         <filename>freerdp-help-2.8.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debuginfo" release="3.ule3" version="2.8.1">
+                         <filename>freerdp-debuginfo-2.8.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr" release="3.ule3" version="2.8.1">
+                         <filename>libwinpr-2.8.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-devel" release="3.ule3" version="2.8.1">
+                         <filename>freerdp-devel-2.8.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr-devel" release="3.ule3" version="2.8.1">
+                         <filename>libwinpr-devel-2.8.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp" release="3.ule3" version="2.8.1">
+                         <filename>freerdp-2.8.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debuginfo" release="3.ule3" version="2.8.1">
+                         <filename>freerdp-debuginfo-2.8.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-devel" release="3.ule3" version="2.8.1">
+                         <filename>freerdp-devel-2.8.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr" release="3.ule3" version="2.8.1">
+                         <filename>libwinpr-2.8.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp" release="3.ule3" version="2.8.1">
+                         <filename>freerdp-2.8.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-help" release="3.ule3" version="2.8.1">
+                         <filename>freerdp-help-2.8.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debugsource" release="3.ule3" version="2.8.1">
+                         <filename>freerdp-debugsource-2.8.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr-devel" release="3.ule3" version="2.8.1">
+                         <filename>libwinpr-devel-2.8.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2121</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42898" id="CVE-2022-42898" title="CVE-2022-42898" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash.(CVE-2022-42898)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="samba-common-tools" release="14.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="14.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient-devel" release="14.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="14.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common" release="14.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind" release="14.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="14.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debugsource" release="14.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="14.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-libs" release="14.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="14.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient" release="14.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="14.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="14.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="14.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="14.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ctdb" release="14.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="14.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="14.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="14.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="14.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="14.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="14.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="14.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-clients" release="14.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="14.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="14.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="14.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="14.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="14.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="14.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="14.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="14.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="14.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="14.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="14.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="14.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="14.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="14.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="14.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="14.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="14.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="14.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="14.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="14.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="14.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="14.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="14.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="14.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="14.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="14.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="14.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="14.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="14.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2122</id>
+          <title>An update for edk2 is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38578" id="CVE-2021-38578" title="CVE-2021-38578" type="cve"></reference>
+          </references>
+          <description>Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.(CVE-2021-38578)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="edk2-debugsource" release="7.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-debuginfo" release="7.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-devel" release="7.ule3" version="202011">
+                         <filename>edk2-devel-202011-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-help" release="7.ule3" version="202011">
+                         <filename>edk2-help-202011-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-aarch64" release="7.ule3" version="202011">
+                         <filename>edk2-aarch64-202011-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-ovmf" release="7.ule3" version="202011">
+                         <filename>edk2-ovmf-202011-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-edk2-devel" release="7.ule3" version="202011">
+                         <filename>python3-edk2-devel-202011-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debugsource" release="7.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-devel" release="7.ule3" version="202011">
+                         <filename>edk2-devel-202011-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debuginfo" release="7.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2124</id>
+          <title>An update for libarchive is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36227" id="CVE-2022-36227" title="CVE-2022-36227" type="cve"></reference>
+          </references>
+          <description>In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: &#34;In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.&#34;(CVE-2022-36227)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bsdcat" release="5.ule3" version="3.5.2">
+                         <filename>bsdcat-3.5.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libarchive" release="5.ule3" version="3.5.2">
+                         <filename>libarchive-3.5.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libarchive-debugsource" release="5.ule3" version="3.5.2">
+                         <filename>libarchive-debugsource-3.5.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libarchive-devel" release="5.ule3" version="3.5.2">
+                         <filename>libarchive-devel-3.5.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bsdcpio" release="5.ule3" version="3.5.2">
+                         <filename>bsdcpio-3.5.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bsdtar" release="5.ule3" version="3.5.2">
+                         <filename>bsdtar-3.5.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libarchive-debuginfo" release="5.ule3" version="3.5.2">
+                         <filename>libarchive-debuginfo-3.5.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libarchive-help" release="5.ule3" version="3.5.2">
+                         <filename>libarchive-help-3.5.2-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libarchive-devel" release="5.ule3" version="3.5.2">
+                         <filename>libarchive-devel-3.5.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bsdtar" release="5.ule3" version="3.5.2">
+                         <filename>bsdtar-3.5.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libarchive-debuginfo" release="5.ule3" version="3.5.2">
+                         <filename>libarchive-debuginfo-3.5.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bsdcpio" release="5.ule3" version="3.5.2">
+                         <filename>bsdcpio-3.5.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bsdcat" release="5.ule3" version="3.5.2">
+                         <filename>bsdcat-3.5.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libarchive" release="5.ule3" version="3.5.2">
+                         <filename>libarchive-3.5.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libarchive-debugsource" release="5.ule3" version="3.5.2">
+                         <filename>libarchive-debugsource-3.5.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2125</id>
+          <title>An update for ceph is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0670" id="CVE-2022-0670" title="CVE-2022-0670" type="cve"></reference>
+          </references>
+          <description>A flaw was found in Openstack manilla owning a Ceph File system &#34;share&#34;, which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the &#34;volumes&#34; plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.(CVE-2022-0670)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="libcephsqlite" release="10.ule3" version="16.2.7">
+                         <filename>libcephsqlite-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-radosgw" release="10.ule3" version="16.2.7">
+                         <filename>ceph-radosgw-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-osd" release="10.ule3" version="16.2.7">
+                         <filename>ceph-osd-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-immutable-object-cache" release="10.ule3" version="16.2.7">
+                         <filename>ceph-immutable-object-cache-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-rados" release="10.ule3" version="16.2.7">
+                         <filename>python3-rados-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librados-devel" release="10.ule3" version="16.2.7">
+                         <filename>librados-devel-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rbd-nbd" release="10.ule3" version="16.2.7">
+                         <filename>rbd-nbd-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-debugsource" release="10.ule3" version="16.2.7">
+                         <filename>ceph-debugsource-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-test" release="10.ule3" version="16.2.7">
+                         <filename>ceph-test-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-mon" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mon-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librgw-devel" release="10.ule3" version="16.2.7">
+                         <filename>librgw-devel-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph" release="10.ule3" version="16.2.7">
+                         <filename>ceph-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-base" release="10.ule3" version="16.2.7">
+                         <filename>ceph-base-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-rbd" release="10.ule3" version="16.2.7">
+                         <filename>python3-rbd-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-fuse" release="10.ule3" version="16.2.7">
+                         <filename>ceph-fuse-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rbd-fuse" release="10.ule3" version="16.2.7">
+                         <filename>rbd-fuse-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-common" release="10.ule3" version="16.2.7">
+                         <filename>ceph-common-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-resource-agents" release="10.ule3" version="16.2.7">
+                         <filename>ceph-resource-agents-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-mgr" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mgr-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librados2" release="10.ule3" version="16.2.7">
+                         <filename>librados2-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libcephfs-devel" release="10.ule3" version="16.2.7">
+                         <filename>libcephfs-devel-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-rgw" release="10.ule3" version="16.2.7">
+                         <filename>python3-rgw-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libradosstriper-devel" release="10.ule3" version="16.2.7">
+                         <filename>libradosstriper-devel-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-cephfs" release="10.ule3" version="16.2.7">
+                         <filename>python3-cephfs-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libcephfs2" release="10.ule3" version="16.2.7">
+                         <filename>libcephfs2-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libradospp-devel" release="10.ule3" version="16.2.7">
+                         <filename>libradospp-devel-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-selinux" release="10.ule3" version="16.2.7">
+                         <filename>ceph-selinux-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librbd-devel" release="10.ule3" version="16.2.7">
+                         <filename>librbd-devel-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librgw2" release="10.ule3" version="16.2.7">
+                         <filename>librgw2-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-ceph-common" release="10.ule3" version="16.2.7">
+                         <filename>python3-ceph-common-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rbd-mirror" release="10.ule3" version="16.2.7">
+                         <filename>rbd-mirror-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="cephfs-mirror" release="10.ule3" version="16.2.7">
+                         <filename>cephfs-mirror-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rados-objclass-devel" release="10.ule3" version="16.2.7">
+                         <filename>rados-objclass-devel-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-mds" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mds-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libcephsqlite-devel" release="10.ule3" version="16.2.7">
+                         <filename>libcephsqlite-devel-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-debuginfo" release="10.ule3" version="16.2.7">
+                         <filename>ceph-debuginfo-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-ceph-argparse" release="10.ule3" version="16.2.7">
+                         <filename>python3-ceph-argparse-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libradosstriper1" release="10.ule3" version="16.2.7">
+                         <filename>libradosstriper1-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librbd1" release="10.ule3" version="16.2.7">
+                         <filename>librbd1-16.2.7-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-k8sevents" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mgr-k8sevents-16.2.7-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="cephadm" release="10.ule3" version="16.2.7">
+                         <filename>cephadm-16.2.7-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-prometheus-alerts" release="10.ule3" version="16.2.7">
+                         <filename>ceph-prometheus-alerts-16.2.7-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="cephfs-top" release="10.ule3" version="16.2.7">
+                         <filename>cephfs-top-16.2.7-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-dashboard" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mgr-dashboard-16.2.7-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-grafana-dashboards" release="10.ule3" version="16.2.7">
+                         <filename>ceph-grafana-dashboards-16.2.7-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-rook" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mgr-rook-16.2.7-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-diskprediction-local" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mgr-diskprediction-local-16.2.7-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-modules-core" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mgr-modules-core-16.2.7-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-cephadm" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mgr-cephadm-16.2.7-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-base" release="10.ule3" version="16.2.7">
+                         <filename>ceph-base-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-debugsource" release="10.ule3" version="16.2.7">
+                         <filename>ceph-debugsource-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librados2" release="10.ule3" version="16.2.7">
+                         <filename>librados2-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephfs-devel" release="10.ule3" version="16.2.7">
+                         <filename>libcephfs-devel-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-fuse" release="10.ule3" version="16.2.7">
+                         <filename>ceph-fuse-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-osd" release="10.ule3" version="16.2.7">
+                         <filename>ceph-osd-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-radosgw" release="10.ule3" version="16.2.7">
+                         <filename>ceph-radosgw-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-ceph-common" release="10.ule3" version="16.2.7">
+                         <filename>python3-ceph-common-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-rgw" release="10.ule3" version="16.2.7">
+                         <filename>python3-rgw-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librgw-devel" release="10.ule3" version="16.2.7">
+                         <filename>librgw-devel-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rados-objclass-devel" release="10.ule3" version="16.2.7">
+                         <filename>rados-objclass-devel-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-mgr" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mgr-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-ceph-argparse" release="10.ule3" version="16.2.7">
+                         <filename>python3-ceph-argparse-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libradosstriper1" release="10.ule3" version="16.2.7">
+                         <filename>libradosstriper1-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-test" release="10.ule3" version="16.2.7">
+                         <filename>ceph-test-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-rados" release="10.ule3" version="16.2.7">
+                         <filename>python3-rados-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-cephfs" release="10.ule3" version="16.2.7">
+                         <filename>python3-cephfs-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-debuginfo" release="10.ule3" version="16.2.7">
+                         <filename>ceph-debuginfo-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librgw2" release="10.ule3" version="16.2.7">
+                         <filename>librgw2-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rbd-fuse" release="10.ule3" version="16.2.7">
+                         <filename>rbd-fuse-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librados-devel" release="10.ule3" version="16.2.7">
+                         <filename>librados-devel-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librbd1" release="10.ule3" version="16.2.7">
+                         <filename>librbd1-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-mon" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mon-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-immutable-object-cache" release="10.ule3" version="16.2.7">
+                         <filename>ceph-immutable-object-cache-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephfs2" release="10.ule3" version="16.2.7">
+                         <filename>libcephfs2-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph" release="10.ule3" version="16.2.7">
+                         <filename>ceph-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rbd-nbd" release="10.ule3" version="16.2.7">
+                         <filename>rbd-nbd-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-rbd" release="10.ule3" version="16.2.7">
+                         <filename>python3-rbd-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-resource-agents" release="10.ule3" version="16.2.7">
+                         <filename>ceph-resource-agents-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-common" release="10.ule3" version="16.2.7">
+                         <filename>ceph-common-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephsqlite" release="10.ule3" version="16.2.7">
+                         <filename>libcephsqlite-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-mds" release="10.ule3" version="16.2.7">
+                         <filename>ceph-mds-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libradosstriper-devel" release="10.ule3" version="16.2.7">
+                         <filename>libradosstriper-devel-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-selinux" release="10.ule3" version="16.2.7">
+                         <filename>ceph-selinux-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librbd-devel" release="10.ule3" version="16.2.7">
+                         <filename>librbd-devel-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rbd-mirror" release="10.ule3" version="16.2.7">
+                         <filename>rbd-mirror-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libradospp-devel" release="10.ule3" version="16.2.7">
+                         <filename>libradospp-devel-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephsqlite-devel" release="10.ule3" version="16.2.7">
+                         <filename>libcephsqlite-devel-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="cephfs-mirror" release="10.ule3" version="16.2.7">
+                         <filename>cephfs-mirror-16.2.7-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2129</id>
+          <title>An update for libtar is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33640" id="CVE-2021-33640" title="CVE-2021-33640" type="cve"></reference>
+          </references>
+          <description>No description is available for this CVE.(CVE-2021-33640)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtar-devel" release="22.ule3" version="1.2.20">
+                         <filename>libtar-devel-1.2.20-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtar" release="22.ule3" version="1.2.20">
+                         <filename>libtar-1.2.20-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtar-help" release="22.ule3" version="1.2.20">
+                         <filename>libtar-help-1.2.20-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtar-debuginfo" release="22.ule3" version="1.2.20">
+                         <filename>libtar-debuginfo-1.2.20-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtar-debugsource" release="22.ule3" version="1.2.20">
+                         <filename>libtar-debugsource-1.2.20-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtar-debugsource" release="22.ule3" version="1.2.20">
+                         <filename>libtar-debugsource-1.2.20-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtar-help" release="22.ule3" version="1.2.20">
+                         <filename>libtar-help-1.2.20-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtar-debuginfo" release="22.ule3" version="1.2.20">
+                         <filename>libtar-debuginfo-1.2.20-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtar-devel" release="22.ule3" version="1.2.20">
+                         <filename>libtar-devel-1.2.20-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtar" release="22.ule3" version="1.2.20">
+                         <filename>libtar-1.2.20-22.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2130</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4139" id="CVE-2022-4139" title="CVE-2022-4139" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45934" id="CVE-2022-45934" title="CVE-2022-45934" type="cve"></reference>
+          </references>
+          <description>An incorrect TLB flush issue was found in the Linux kernel?s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.(CVE-2022-4139)An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.(CVE-2022-45934)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-debuginfo" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.70.0.94.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.70.0.94.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.70.0.94.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2131</id>
+          <title>An update for emacs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45939" id="CVE-2022-45939" title="CVE-2022-45939" type="cve"></reference>
+          </references>
+          <description>GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the &#34;ctags *&#34; command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.(CVE-2022-45939)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="emacs-debuginfo" release="8.ule3" version="27.2">
+                         <filename>emacs-debuginfo-27.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-devel" release="8.ule3" version="27.2">
+                         <filename>emacs-devel-27.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-debugsource" release="8.ule3" version="27.2">
+                         <filename>emacs-debugsource-27.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs" release="8.ule3" version="27.2">
+                         <filename>emacs-27.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-common" release="8.ule3" version="27.2">
+                         <filename>emacs-common-27.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-lucid" release="8.ule3" version="27.2">
+                         <filename>emacs-lucid-27.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-nox" release="8.ule3" version="27.2">
+                         <filename>emacs-nox-27.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-help" release="8.ule3" version="27.2">
+                         <filename>emacs-help-27.2-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-terminal" release="8.ule3" version="27.2">
+                         <filename>emacs-terminal-27.2-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-filesystem" release="8.ule3" version="27.2">
+                         <filename>emacs-filesystem-27.2-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs" release="8.ule3" version="27.2">
+                         <filename>emacs-27.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-devel" release="8.ule3" version="27.2">
+                         <filename>emacs-devel-27.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-lucid" release="8.ule3" version="27.2">
+                         <filename>emacs-lucid-27.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-debugsource" release="8.ule3" version="27.2">
+                         <filename>emacs-debugsource-27.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-common" release="8.ule3" version="27.2">
+                         <filename>emacs-common-27.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-debuginfo" release="8.ule3" version="27.2">
+                         <filename>emacs-debuginfo-27.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-nox" release="8.ule3" version="27.2">
+                         <filename>emacs-nox-27.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2132</id>
+          <title>An update for kubernetes is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-25743" id="CVE-2021-25743" title="CVE-2021-25743" type="cve"></reference>
+          </references>
+          <description>kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.(CVE-2021-25743)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kubernetes-master" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-master-1.20.2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-help" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-help-1.20.2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-client" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-client-1.20.2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-kubeadm" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-kubeadm-1.20.2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-node" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-node-1.20.2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-kubelet" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-kubelet-1.20.2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-1.20.2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-client" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-client-1.20.2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-kubelet" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-kubelet-1.20.2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-1.20.2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-node" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-node-1.20.2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-kubeadm" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-kubeadm-1.20.2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-master" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-master-1.20.2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-help" release="15.ule3" version="1.20.2">
+                         <filename>kubernetes-help-1.20.2-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2135</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4141" id="CVE-2022-4141" title="CVE-2022-4141" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3591" id="CVE-2022-3591" title="CVE-2022-3591" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3520" id="CVE-2022-3520" title="CVE-2022-3520" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3491" id="CVE-2022-3491" title="CVE-2022-3491" type="cve"></reference>
+          </references>
+          <description>Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.(CVE-2022-4141)Use After Free in GitHub repository vim/vim prior to 9.0.0789.(CVE-2022-3591)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.(CVE-2022-3520)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.(CVE-2022-3491)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="4.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="4.ule3" version="9.0">
+                         <filename>vim-common-9.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="4.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="4.ule3" version="9.0">
+                         <filename>vim-X11-9.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="4.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="4.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="4.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="4.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="4.ule3" version="9.0">
+                         <filename>vim-X11-9.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="4.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="4.ule3" version="9.0">
+                         <filename>vim-common-9.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="4.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="4.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2136</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4144" id="CVE-2022-4144" title="CVE-2022-4144" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.(CVE-2022-4144)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qemu" release="57.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-img" release="57.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-iscsi" release="57.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-system-aarch64" release="57.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-curl" release="57.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-hw-usb-host" release="57.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-system-x86_64" release="57.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-rbd" release="57.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-guest-agent" release="57.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-debuginfo" release="57.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-ssh" release="57.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-debugsource" release="57.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-system-arm" release="57.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-system-riscv" release="57.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-57.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="qemu-help" release="57.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-57.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-ssh" release="57.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-curl" release="57.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-rbd" release="57.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-aarch64" release="57.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-hw-usb-host" release="57.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-seabios" release="57.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-debuginfo" release="57.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-riscv" release="57.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu" release="57.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-debugsource" release="57.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-guest-agent" release="57.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-arm" release="57.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-x86_64" release="57.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-img" release="57.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-iscsi" release="57.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-57.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2137</id>
+          <title>An update for php is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-16"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37454" id="CVE-2022-37454" title="CVE-2022-37454" type="cve"></reference>
+          </references>
+          <description>The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.(CVE-2022-37454)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="php" release="1.ule3" version="8.0.26">
+                         <filename>php-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-pdo" release="1.ule3" version="8.0.26">
+                         <filename>php-pdo-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-gd" release="1.ule3" version="8.0.26">
+                         <filename>php-gd-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-dba" release="1.ule3" version="8.0.26">
+                         <filename>php-dba-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-mysqlnd" release="1.ule3" version="8.0.26">
+                         <filename>php-mysqlnd-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-xml" release="1.ule3" version="8.0.26">
+                         <filename>php-xml-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-process" release="1.ule3" version="8.0.26">
+                         <filename>php-process-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-dbg" release="1.ule3" version="8.0.26">
+                         <filename>php-dbg-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-debugsource" release="1.ule3" version="8.0.26">
+                         <filename>php-debugsource-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-enchant" release="1.ule3" version="8.0.26">
+                         <filename>php-enchant-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-cli" release="1.ule3" version="8.0.26">
+                         <filename>php-cli-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-help" release="1.ule3" version="8.0.26">
+                         <filename>php-help-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-gmp" release="1.ule3" version="8.0.26">
+                         <filename>php-gmp-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-embedded" release="1.ule3" version="8.0.26">
+                         <filename>php-embedded-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-ffi" release="1.ule3" version="8.0.26">
+                         <filename>php-ffi-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-soap" release="1.ule3" version="8.0.26">
+                         <filename>php-soap-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-opcache" release="1.ule3" version="8.0.26">
+                         <filename>php-opcache-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-ldap" release="1.ule3" version="8.0.26">
+                         <filename>php-ldap-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-bcmath" release="1.ule3" version="8.0.26">
+                         <filename>php-bcmath-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-tidy" release="1.ule3" version="8.0.26">
+                         <filename>php-tidy-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-debuginfo" release="1.ule3" version="8.0.26">
+                         <filename>php-debuginfo-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-common" release="1.ule3" version="8.0.26">
+                         <filename>php-common-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-intl" release="1.ule3" version="8.0.26">
+                         <filename>php-intl-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-snmp" release="1.ule3" version="8.0.26">
+                         <filename>php-snmp-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-mbstring" release="1.ule3" version="8.0.26">
+                         <filename>php-mbstring-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-devel" release="1.ule3" version="8.0.26">
+                         <filename>php-devel-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-pgsql" release="1.ule3" version="8.0.26">
+                         <filename>php-pgsql-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-odbc" release="1.ule3" version="8.0.26">
+                         <filename>php-odbc-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-fpm" release="1.ule3" version="8.0.26">
+                         <filename>php-fpm-8.0.26-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-dba" release="1.ule3" version="8.0.26">
+                         <filename>php-dba-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-cli" release="1.ule3" version="8.0.26">
+                         <filename>php-cli-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-dbg" release="1.ule3" version="8.0.26">
+                         <filename>php-dbg-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-bcmath" release="1.ule3" version="8.0.26">
+                         <filename>php-bcmath-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-devel" release="1.ule3" version="8.0.26">
+                         <filename>php-devel-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-debugsource" release="1.ule3" version="8.0.26">
+                         <filename>php-debugsource-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-tidy" release="1.ule3" version="8.0.26">
+                         <filename>php-tidy-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-ldap" release="1.ule3" version="8.0.26">
+                         <filename>php-ldap-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-gd" release="1.ule3" version="8.0.26">
+                         <filename>php-gd-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-soap" release="1.ule3" version="8.0.26">
+                         <filename>php-soap-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-mysqlnd" release="1.ule3" version="8.0.26">
+                         <filename>php-mysqlnd-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-pdo" release="1.ule3" version="8.0.26">
+                         <filename>php-pdo-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-xml" release="1.ule3" version="8.0.26">
+                         <filename>php-xml-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-common" release="1.ule3" version="8.0.26">
+                         <filename>php-common-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-embedded" release="1.ule3" version="8.0.26">
+                         <filename>php-embedded-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-intl" release="1.ule3" version="8.0.26">
+                         <filename>php-intl-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-mbstring" release="1.ule3" version="8.0.26">
+                         <filename>php-mbstring-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-odbc" release="1.ule3" version="8.0.26">
+                         <filename>php-odbc-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-fpm" release="1.ule3" version="8.0.26">
+                         <filename>php-fpm-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-process" release="1.ule3" version="8.0.26">
+                         <filename>php-process-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-enchant" release="1.ule3" version="8.0.26">
+                         <filename>php-enchant-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-debuginfo" release="1.ule3" version="8.0.26">
+                         <filename>php-debuginfo-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-help" release="1.ule3" version="8.0.26">
+                         <filename>php-help-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php" release="1.ule3" version="8.0.26">
+                         <filename>php-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-gmp" release="1.ule3" version="8.0.26">
+                         <filename>php-gmp-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-opcache" release="1.ule3" version="8.0.26">
+                         <filename>php-opcache-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-snmp" release="1.ule3" version="8.0.26">
+                         <filename>php-snmp-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-ffi" release="1.ule3" version="8.0.26">
+                         <filename>php-ffi-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-pgsql" release="1.ule3" version="8.0.26">
+                         <filename>php-pgsql-8.0.26-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2138</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4293" id="CVE-2022-4293" title="CVE-2022-4293" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4292" id="CVE-2022-4292" title="CVE-2022-4292" type="cve"></reference>
+          </references>
+          <description>Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.(CVE-2022-4293)Use After Free in GitHub repository vim/vim prior to 9.0.0882.(CVE-2022-4292)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="5.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="5.ule3" version="9.0">
+                         <filename>vim-common-9.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="5.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="5.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="5.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="5.ule3" version="9.0">
+                         <filename>vim-X11-9.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="5.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="5.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="5.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="5.ule3" version="9.0">
+                         <filename>vim-X11-9.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="5.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="5.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="5.ule3" version="9.0">
+                         <filename>vim-common-9.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2143</id>
+          <title>An update for containerd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23471" id="CVE-2022-23471" title="CVE-2022-23471" type="cve"></reference>
+          </references>
+          <description>containerd is an open source container runtime. A bug was found in containerd&#39;s CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user&#39;s process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd&#39;s CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.(CVE-2022-23471)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="containerd" release="307.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-307.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="containerd" release="307.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-307.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2145</id>
+          <title>An update for openjdk-1.8.0 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21271" id="CVE-2022-21271" title="CVE-2022-21271" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21426" id="CVE-2022-21426" title="CVE-2022-21426" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21271)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21426)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debuginfo" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debugsource" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.352.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-javadoc-1.8.0.352.b08-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc-zip" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-javadoc-zip-1.8.0.352.b08-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debugsource" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debuginfo" release="3.ule3" version="1.8.0.352.b08">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2146</id>
+          <title>An update for sqlite is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46908" id="CVE-2022-46908" title="CVE-2022-46908" type="cve"></reference>
+          </references>
+          <description>SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.(CVE-2022-46908)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sqlite-devel" release="4.ule3" version="3.37.2">
+                         <filename>sqlite-devel-3.37.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite-debuginfo" release="4.ule3" version="3.37.2">
+                         <filename>sqlite-debuginfo-3.37.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite-debugsource" release="4.ule3" version="3.37.2">
+                         <filename>sqlite-debugsource-3.37.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite" release="4.ule3" version="3.37.2">
+                         <filename>sqlite-3.37.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sqlite-help" release="4.ule3" version="3.37.2">
+                         <filename>sqlite-help-3.37.2-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-debuginfo" release="4.ule3" version="3.37.2">
+                         <filename>sqlite-debuginfo-3.37.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-devel" release="4.ule3" version="3.37.2">
+                         <filename>sqlite-devel-3.37.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-debugsource" release="4.ule3" version="3.37.2">
+                         <filename>sqlite-debugsource-3.37.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite" release="4.ule3" version="3.37.2">
+                         <filename>sqlite-3.37.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2149</id>
+          <title>An update for jetty is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-10241" id="CVE-2019-10241" title="CVE-2019-10241" type="cve"></reference>
+          </references>
+          <description>In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.(CVE-2019-10241)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="jetty-javadoc" release="1.ule3" version="9.4.16">
+                         <filename>jetty-javadoc-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http" release="1.ule3" version="9.4.16">
+                         <filename>jetty-http-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jmx" release="1.ule3" version="9.4.16">
+                         <filename>jetty-jmx-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-websocket-client" release="1.ule3" version="9.4.16">
+                         <filename>jetty-websocket-client-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jaspi" release="1.ule3" version="9.4.16">
+                         <filename>jetty-jaspi-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-osgi-alpn" release="1.ule3" version="9.4.16">
+                         <filename>jetty-osgi-alpn-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-osgi-boot-jsp" release="1.ule3" version="9.4.16">
+                         <filename>jetty-osgi-boot-jsp-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-cdi" release="1.ule3" version="9.4.16">
+                         <filename>jetty-cdi-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-alpn-server" release="1.ule3" version="9.4.16">
+                         <filename>jetty-alpn-server-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-unixsocket" release="1.ule3" version="9.4.16">
+                         <filename>jetty-unixsocket-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-javax-websocket-server-impl" release="1.ule3" version="9.4.16">
+                         <filename>jetty-javax-websocket-server-impl-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-alpn-client" release="1.ule3" version="9.4.16">
+                         <filename>jetty-alpn-client-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-javax-websocket-client-impl" release="1.ule3" version="9.4.16">
+                         <filename>jetty-javax-websocket-client-impl-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-maven-plugin" release="1.ule3" version="9.4.16">
+                         <filename>jetty-maven-plugin-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-deploy" release="1.ule3" version="9.4.16">
+                         <filename>jetty-deploy-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-proxy" release="1.ule3" version="9.4.16">
+                         <filename>jetty-proxy-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-server" release="1.ule3" version="9.4.16">
+                         <filename>jetty-server-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http2-common" release="1.ule3" version="9.4.16">
+                         <filename>jetty-http2-common-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jndi" release="1.ule3" version="9.4.16">
+                         <filename>jetty-jndi-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-util-ajax" release="1.ule3" version="9.4.16">
+                         <filename>jetty-util-ajax-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http2-http-client-transport" release="1.ule3" version="9.4.16">
+                         <filename>jetty-http2-http-client-transport-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-annotations" release="1.ule3" version="9.4.16">
+                         <filename>jetty-annotations-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-osgi-boot" release="1.ule3" version="9.4.16">
+                         <filename>jetty-osgi-boot-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-spring" release="1.ule3" version="9.4.16">
+                         <filename>jetty-spring-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-fcgi-client" release="1.ule3" version="9.4.16">
+                         <filename>jetty-fcgi-client-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-continuation" release="1.ule3" version="9.4.16">
+                         <filename>jetty-continuation-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-websocket-common" release="1.ule3" version="9.4.16">
+                         <filename>jetty-websocket-common-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-osgi-boot-warurl" release="1.ule3" version="9.4.16">
+                         <filename>jetty-osgi-boot-warurl-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http2-hpack" release="1.ule3" version="9.4.16">
+                         <filename>jetty-http2-hpack-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http2-server" release="1.ule3" version="9.4.16">
+                         <filename>jetty-http2-server-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-webapp" release="1.ule3" version="9.4.16">
+                         <filename>jetty-webapp-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-quickstart" release="1.ule3" version="9.4.16">
+                         <filename>jetty-quickstart-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-nosql" release="1.ule3" version="9.4.16">
+                         <filename>jetty-nosql-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty" release="1.ule3" version="9.4.16">
+                         <filename>jetty-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http2-client" release="1.ule3" version="9.4.16">
+                         <filename>jetty-http2-client-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-websocket-server" release="1.ule3" version="9.4.16">
+                         <filename>jetty-websocket-server-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-httpservice" release="1.ule3" version="9.4.16">
+                         <filename>jetty-httpservice-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-ant" release="1.ule3" version="9.4.16">
+                         <filename>jetty-ant-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jaas" release="1.ule3" version="9.4.16">
+                         <filename>jetty-jaas-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jsp" release="1.ule3" version="9.4.16">
+                         <filename>jetty-jsp-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-rewrite" release="1.ule3" version="9.4.16">
+                         <filename>jetty-rewrite-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-servlets" release="1.ule3" version="9.4.16">
+                         <filename>jetty-servlets-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-project" release="1.ule3" version="9.4.16">
+                         <filename>jetty-project-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-servlet" release="1.ule3" version="9.4.16">
+                         <filename>jetty-servlet-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-xml" release="1.ule3" version="9.4.16">
+                         <filename>jetty-xml-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jstl" release="1.ule3" version="9.4.16">
+                         <filename>jetty-jstl-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jspc-maven-plugin" release="1.ule3" version="9.4.16">
+                         <filename>jetty-jspc-maven-plugin-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http-spi" release="1.ule3" version="9.4.16">
+                         <filename>jetty-http-spi-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-util" release="1.ule3" version="9.4.16">
+                         <filename>jetty-util-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-io" release="1.ule3" version="9.4.16">
+                         <filename>jetty-io-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-client" release="1.ule3" version="9.4.16">
+                         <filename>jetty-client-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-infinispan" release="1.ule3" version="9.4.16">
+                         <filename>jetty-infinispan-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-plus" release="1.ule3" version="9.4.16">
+                         <filename>jetty-plus-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-fcgi-server" release="1.ule3" version="9.4.16">
+                         <filename>jetty-fcgi-server-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-security" release="1.ule3" version="9.4.16">
+                         <filename>jetty-security-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-websocket-api" release="1.ule3" version="9.4.16">
+                         <filename>jetty-websocket-api-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-websocket-servlet" release="1.ule3" version="9.4.16">
+                         <filename>jetty-websocket-servlet-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-start" release="1.ule3" version="9.4.16">
+                         <filename>jetty-start-9.4.16-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2150</id>
+          <title>An update for openjdk-latest is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21626" id="CVE-2022-21626" title="CVE-2022-21626" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21624" id="CVE-2022-21624" title="CVE-2022-21624" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21619" id="CVE-2022-21619" title="CVE-2022-21619" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21618" id="CVE-2022-21618" title="CVE-2022-21618" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21628" id="CVE-2022-21628" title="CVE-2022-21628" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39399" id="CVE-2022-39399" title="CVE-2022-39399" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21626)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21624)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21619)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21618)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21628)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-39399)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-jmods" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-jmods-19.0.0.36-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-demo" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-demo-19.0.0.36-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-src" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-src-19.0.0.36-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-headless" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-headless-19.0.0.36-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-javadoc-19.0.0.36-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-19.0.0.36-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-devel" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-devel-19.0.0.36-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc-zip" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-javadoc-zip-19.0.0.36-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-src" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-src-19.0.0.36-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-jmods" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-jmods-19.0.0.36-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc-zip" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-javadoc-zip-19.0.0.36-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-javadoc-19.0.0.36-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-headless" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-headless-19.0.0.36-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-demo" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-demo-19.0.0.36-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-devel" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-devel-19.0.0.36-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk" release="1.rolling.ule3" version="19.0.0.36">
+                         <filename>java-latest-openjdk-19.0.0.36-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2151</id>
+          <title>An update for openjdk-11 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21626" id="CVE-2022-21626" title="CVE-2022-21626" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21619" id="CVE-2022-21619" title="CVE-2022-21619" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21618" id="CVE-2022-21618" title="CVE-2022-21618" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21628" id="CVE-2022-21628" title="CVE-2022-21628" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39399" id="CVE-2022-39399" title="CVE-2022-39399" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21271" id="CVE-2022-21271" title="CVE-2022-21271" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21626)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21619)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21618)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21628)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-39399)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21271)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc-zip" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-devel-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-src-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debugsource" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-debugsource-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-javadoc-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-headless-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-jmods-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debuginfo" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-debuginfo-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-demo-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-slowdebug-11.0.17.8-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debuginfo" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-debuginfo-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-slowdebug-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc-zip" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-src-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-jmods-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-javadoc-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-demo-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-devel-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-headless-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debugsource" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-debugsource-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel-slowdebug" release="0.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.17.8-0.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2153</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44640" id="CVE-2022-44640" title="CVE-2022-44640" type="cve"></reference>
+          </references>
+          <description>[Invalid free in ASN.1 codec](CVE-2022-44640)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="samba-winbind" release="16.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="16.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="16.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="16.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="16.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="16.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-libs" release="16.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="16.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="16.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="16.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="16.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="16.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="16.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debugsource" release="16.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="16.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-clients" release="16.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient" release="16.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="16.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common" release="16.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ctdb" release="16.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient-devel" release="16.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="16.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="16.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="16.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common-tools" release="16.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="16.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="16.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="16.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="16.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="16.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="16.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="16.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="16.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="16.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="16.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="16.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="16.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="16.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="16.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="16.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="16.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="16.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="16.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="16.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="16.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="16.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="16.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="16.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="16.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="16.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="16.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="16.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="16.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="16.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2155</id>
+          <title>An update for openjdk-11 is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21624" id="CVE-2022-21624" title="CVE-2022-21624" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21624)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-devel-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-jmods-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-slowdebug-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-demo-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-javadoc-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-src-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debugsource" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-debugsource-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-headless-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debuginfo" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-debuginfo-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc-zip" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.17.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debugsource" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-debugsource-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-demo-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-slowdebug-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-headless-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debuginfo" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-debuginfo-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc-zip" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-jmods-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-javadoc-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-devel-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel-slowdebug" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src" release="1.ule3" version="11.0.17.8">
+                         <filename>java-11-openjdk-src-11.0.17.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2156</id>
+          <title>An update for ceph is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3650" id="CVE-2022-3650" title="CVE-2022-3650" type="cve"></reference>
+          </references>
+          <description>A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. This issue can lead to a denial of service, loss of confidentiality, integrity, and availability.(CVE-2022-3650)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="python3-rbd" release="11.ule3" version="16.2.7">
+                         <filename>python3-rbd-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-mgr" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mgr-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-rgw" release="11.ule3" version="16.2.7">
+                         <filename>python3-rgw-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-test" release="11.ule3" version="16.2.7">
+                         <filename>ceph-test-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librgw2" release="11.ule3" version="16.2.7">
+                         <filename>librgw2-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-osd" release="11.ule3" version="16.2.7">
+                         <filename>ceph-osd-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-cephfs" release="11.ule3" version="16.2.7">
+                         <filename>python3-cephfs-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-radosgw" release="11.ule3" version="16.2.7">
+                         <filename>ceph-radosgw-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libcephfs2" release="11.ule3" version="16.2.7">
+                         <filename>libcephfs2-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rbd-mirror" release="11.ule3" version="16.2.7">
+                         <filename>rbd-mirror-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rados-objclass-devel" release="11.ule3" version="16.2.7">
+                         <filename>rados-objclass-devel-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-mon" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mon-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libcephfs-devel" release="11.ule3" version="16.2.7">
+                         <filename>libcephfs-devel-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libcephsqlite-devel" release="11.ule3" version="16.2.7">
+                         <filename>libcephsqlite-devel-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph" release="11.ule3" version="16.2.7">
+                         <filename>ceph-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librbd1" release="11.ule3" version="16.2.7">
+                         <filename>librbd1-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-ceph-common" release="11.ule3" version="16.2.7">
+                         <filename>python3-ceph-common-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rbd-nbd" release="11.ule3" version="16.2.7">
+                         <filename>rbd-nbd-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-debuginfo" release="11.ule3" version="16.2.7">
+                         <filename>ceph-debuginfo-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-debugsource" release="11.ule3" version="16.2.7">
+                         <filename>ceph-debugsource-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libradosstriper-devel" release="11.ule3" version="16.2.7">
+                         <filename>libradosstriper-devel-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libradospp-devel" release="11.ule3" version="16.2.7">
+                         <filename>libradospp-devel-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-rados" release="11.ule3" version="16.2.7">
+                         <filename>python3-rados-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-mds" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mds-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-fuse" release="11.ule3" version="16.2.7">
+                         <filename>ceph-fuse-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-ceph-argparse" release="11.ule3" version="16.2.7">
+                         <filename>python3-ceph-argparse-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rbd-fuse" release="11.ule3" version="16.2.7">
+                         <filename>rbd-fuse-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librados-devel" release="11.ule3" version="16.2.7">
+                         <filename>librados-devel-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-common" release="11.ule3" version="16.2.7">
+                         <filename>ceph-common-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libcephsqlite" release="11.ule3" version="16.2.7">
+                         <filename>libcephsqlite-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="cephfs-mirror" release="11.ule3" version="16.2.7">
+                         <filename>cephfs-mirror-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librgw-devel" release="11.ule3" version="16.2.7">
+                         <filename>librgw-devel-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-selinux" release="11.ule3" version="16.2.7">
+                         <filename>ceph-selinux-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-immutable-object-cache" release="11.ule3" version="16.2.7">
+                         <filename>ceph-immutable-object-cache-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librbd-devel" release="11.ule3" version="16.2.7">
+                         <filename>librbd-devel-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libradosstriper1" release="11.ule3" version="16.2.7">
+                         <filename>libradosstriper1-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-base" release="11.ule3" version="16.2.7">
+                         <filename>ceph-base-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librados2" release="11.ule3" version="16.2.7">
+                         <filename>librados2-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-resource-agents" release="11.ule3" version="16.2.7">
+                         <filename>ceph-resource-agents-16.2.7-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-modules-core" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mgr-modules-core-16.2.7-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-cephadm" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mgr-cephadm-16.2.7-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-diskprediction-local" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mgr-diskprediction-local-16.2.7-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="cephadm" release="11.ule3" version="16.2.7">
+                         <filename>cephadm-16.2.7-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-rook" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mgr-rook-16.2.7-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-k8sevents" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mgr-k8sevents-16.2.7-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-mgr-dashboard" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mgr-dashboard-16.2.7-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="cephfs-top" release="11.ule3" version="16.2.7">
+                         <filename>cephfs-top-16.2.7-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-prometheus-alerts" release="11.ule3" version="16.2.7">
+                         <filename>ceph-prometheus-alerts-16.2.7-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="ceph-grafana-dashboards" release="11.ule3" version="16.2.7">
+                         <filename>ceph-grafana-dashboards-16.2.7-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephsqlite-devel" release="11.ule3" version="16.2.7">
+                         <filename>libcephsqlite-devel-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librbd1" release="11.ule3" version="16.2.7">
+                         <filename>librbd1-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-mds" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mds-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libradosstriper-devel" release="11.ule3" version="16.2.7">
+                         <filename>libradosstriper-devel-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephfs2" release="11.ule3" version="16.2.7">
+                         <filename>libcephfs2-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rbd-nbd" release="11.ule3" version="16.2.7">
+                         <filename>rbd-nbd-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libradosstriper1" release="11.ule3" version="16.2.7">
+                         <filename>libradosstriper1-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librgw2" release="11.ule3" version="16.2.7">
+                         <filename>librgw2-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephfs-devel" release="11.ule3" version="16.2.7">
+                         <filename>libcephfs-devel-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-rados" release="11.ule3" version="16.2.7">
+                         <filename>python3-rados-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libradospp-devel" release="11.ule3" version="16.2.7">
+                         <filename>libradospp-devel-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="cephfs-mirror" release="11.ule3" version="16.2.7">
+                         <filename>cephfs-mirror-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librados2" release="11.ule3" version="16.2.7">
+                         <filename>librados2-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-resource-agents" release="11.ule3" version="16.2.7">
+                         <filename>ceph-resource-agents-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-selinux" release="11.ule3" version="16.2.7">
+                         <filename>ceph-selinux-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-osd" release="11.ule3" version="16.2.7">
+                         <filename>ceph-osd-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-immutable-object-cache" release="11.ule3" version="16.2.7">
+                         <filename>ceph-immutable-object-cache-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librbd-devel" release="11.ule3" version="16.2.7">
+                         <filename>librbd-devel-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-mgr" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mgr-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-fuse" release="11.ule3" version="16.2.7">
+                         <filename>ceph-fuse-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rados-objclass-devel" release="11.ule3" version="16.2.7">
+                         <filename>rados-objclass-devel-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-test" release="11.ule3" version="16.2.7">
+                         <filename>ceph-test-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-cephfs" release="11.ule3" version="16.2.7">
+                         <filename>python3-cephfs-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph" release="11.ule3" version="16.2.7">
+                         <filename>ceph-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-common" release="11.ule3" version="16.2.7">
+                         <filename>ceph-common-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-base" release="11.ule3" version="16.2.7">
+                         <filename>ceph-base-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephsqlite" release="11.ule3" version="16.2.7">
+                         <filename>libcephsqlite-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-rgw" release="11.ule3" version="16.2.7">
+                         <filename>python3-rgw-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-mon" release="11.ule3" version="16.2.7">
+                         <filename>ceph-mon-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-debugsource" release="11.ule3" version="16.2.7">
+                         <filename>ceph-debugsource-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-ceph-argparse" release="11.ule3" version="16.2.7">
+                         <filename>python3-ceph-argparse-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-ceph-common" release="11.ule3" version="16.2.7">
+                         <filename>python3-ceph-common-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-rbd" release="11.ule3" version="16.2.7">
+                         <filename>python3-rbd-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rbd-mirror" release="11.ule3" version="16.2.7">
+                         <filename>rbd-mirror-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rbd-fuse" release="11.ule3" version="16.2.7">
+                         <filename>rbd-fuse-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librados-devel" release="11.ule3" version="16.2.7">
+                         <filename>librados-devel-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-debuginfo" release="11.ule3" version="16.2.7">
+                         <filename>ceph-debuginfo-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librgw-devel" release="11.ule3" version="16.2.7">
+                         <filename>librgw-devel-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-radosgw" release="11.ule3" version="16.2.7">
+                         <filename>ceph-radosgw-16.2.7-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2159</id>
+          <title>An update for libksba is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47629" id="CVE-2022-47629" title="CVE-2022-47629" type="cve"></reference>
+          </references>
+          <description>Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.(CVE-2022-47629)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libksba" release="3.ule3" version="1.6.0">
+                         <filename>libksba-1.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libksba-debuginfo" release="3.ule3" version="1.6.0">
+                         <filename>libksba-debuginfo-1.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libksba-devel" release="3.ule3" version="1.6.0">
+                         <filename>libksba-devel-1.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libksba-debugsource" release="3.ule3" version="1.6.0">
+                         <filename>libksba-debugsource-1.6.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libksba-help" release="3.ule3" version="1.6.0">
+                         <filename>libksba-help-1.6.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libksba-debugsource" release="3.ule3" version="1.6.0">
+                         <filename>libksba-debugsource-1.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libksba" release="3.ule3" version="1.6.0">
+                         <filename>libksba-1.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libksba-debuginfo" release="3.ule3" version="1.6.0">
+                         <filename>libksba-debuginfo-1.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libksba-devel" release="3.ule3" version="1.6.0">
+                         <filename>libksba-devel-1.6.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2162</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4095" id="CVE-2022-4095" title="CVE-2022-4095" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41858" id="CVE-2022-41858" title="CVE-2022-41858" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4129" id="CVE-2022-4129" title="CVE-2022-4129" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20568" id="CVE-2022-20568" title="CVE-2022-20568" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20566" id="CVE-2022-20566" title="CVE-2022-20566" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3643" id="CVE-2022-3643" title="CVE-2022-3643" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-20572" id="CVE-2022-20572" title="CVE-2022-20572" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4378" id="CVE-2022-4378" title="CVE-2022-4378" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41218" id="CVE-2022-41218" title="CVE-2022-41218" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42328" id="CVE-2022-42328" title="CVE-2022-42328" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42329" id="CVE-2022-42329" title="CVE-2022-42329" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47518" id="CVE-2022-47518" title="CVE-2022-47518" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47519" id="CVE-2022-47519" title="CVE-2022-47519" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47520" id="CVE-2022-47520" title="CVE-2022-47520" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47521" id="CVE-2022-47521" title="CVE-2022-47521" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3108" id="CVE-2022-3108" title="CVE-2022-3108" type="cve"></reference>
+          </references>
+          <description>A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.(CVE-2022-4095)There are null-ptr-deref vulnerabilities in drivers/net/slip of linux that allow attacker tocrash linux kernel by simulating slip network card from user-space of linux.------------------------------------------[Root cause]When a slip driver is detaching, the slip_close() will act tocleanup necessary resources and sl-&gt;tty is set to NULL inslip_close(). Meanwhile, the packet we transmit is blocked,sl_tx_timeout() will be called. Although slip_close() andsl_tx_timeout() use sl-&gt;lock to synchronize, we don`t judgewhether sl-&gt;tty equals to NULL in sl_tx_timeout() and thenull pointer dereference bug will happen.(Thread 1) | (Thread 2)| slip_close()| spin_lock_bh(&amp;sl-&gt;lock)| ...... | sl-&gt;tty = NULL //(1)sl_tx_timeout() | spin_unlock_bh(&amp;sl-&gt;lock)spin_lock(&amp;sl-&gt;lock); |... | ...tty_chars_in_buffer(sl-&gt;tty)|if (tty-&gt;ops-&gt;..) //(2) |... | synchronize_rcu()We set NULL to sl-&gt;tty in position (1) and dereference sl-&gt;ttyin position (2).------------------------------------------(CVE-2022-41858)A flaw was found in the Linux kernel&#39;s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.(CVE-2022-4129)In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernel(CVE-2022-20568)In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel(CVE-2022-20566)Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.(CVE-2022-3643)In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel(CVE-2022-20572)A stack overflow flaw was found in the Linux kernel&#39;s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-4378)In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.(CVE-2022-41218)Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).(CVE-2022-42328)Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).(CVE-2022-42329)An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.(CVE-2022-47518)An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.(CVE-2022-47519)An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.(CVE-2022-47520)An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.(CVE-2022-47521)An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().(CVE-2022-3108)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-headers" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2163</id>
+          <title>An update for xorg-x11-server is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46342" id="CVE-2022-46342" title="CVE-2022-46342" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46344" id="CVE-2022-46344" title="CVE-2022-46344" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46340" id="CVE-2022-46340" title="CVE-2022-46340" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46341" id="CVE-2022-46341" title="CVE-2022-46341" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46343" id="CVE-2022-46343" title="CVE-2022-46343" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4283" id="CVE-2022-4283" title="CVE-2022-4283" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se(CVE-2022-46342)A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-46344)A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.(CVE-2022-46340)A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-46341)A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-46343)A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-4283)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xorg-x11-server-Xvfb" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debuginfo" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-devel" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xdmx" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debugsource" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xnest" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xephyr" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-common" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-source" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-source-1.20.11-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-help" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-help-1.20.11-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xephyr" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xvfb" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debugsource" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xnest" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-common" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debuginfo" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-devel" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xdmx" release="13.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2022-2165</id>
+          <title>An update for freeradius is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2022-12-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41860" id="CVE-2022-41860" title="CVE-2022-41860" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41861" id="CVE-2022-41861" title="CVE-2022-41861" type="cve"></reference>
+          </references>
+          <description>When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.References:https://freeradius.org/security/Upstream fix:https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a(CVE-2022-41860)A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.References:https://freeradius.org/security/Upstream fix:https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e(CVE-2022-41861)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="freeradius-ldap" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-ldap-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-postgresql" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-postgresql-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-devel" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-devel-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-utils" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-utils-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-krb5" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-krb5-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-sqlite" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-sqlite-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-freeradius" release="2.ule3" version="3.0.25">
+                         <filename>python3-freeradius-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-debugsource" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-debugsource-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-perl" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-perl-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-mysql" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-mysql-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-debuginfo" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-debuginfo-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-help" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-help-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-perl" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-perl-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-sqlite" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-sqlite-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-debuginfo" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-debuginfo-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-utils" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-utils-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-debugsource" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-debugsource-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-krb5" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-krb5-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-mysql" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-mysql-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-postgresql" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-postgresql-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-freeradius" release="2.ule3" version="3.0.25">
+                         <filename>python3-freeradius-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-devel" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-devel-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-help" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-help-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-ldap" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-ldap-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1001</id>
+          <title>An update for patchelf is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44940" id="CVE-2022-44940" title="CVE-2022-44940" type="cve"></reference>
+          </references>
+          <description>Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.(CVE-2022-44940)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="patchelf" release="1.ule3" version="0.16.0">
+                         <filename>patchelf-0.16.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="patchelf-debuginfo" release="1.ule3" version="0.16.0">
+                         <filename>patchelf-debuginfo-0.16.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="patchelf-debugsource" release="1.ule3" version="0.16.0">
+                         <filename>patchelf-debugsource-0.16.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="patchelf-debuginfo" release="1.ule3" version="0.16.0">
+                         <filename>patchelf-debuginfo-0.16.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="patchelf-debugsource" release="1.ule3" version="0.16.0">
+                         <filename>patchelf-debugsource-0.16.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="patchelf" release="1.ule3" version="0.16.0">
+                         <filename>patchelf-0.16.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1003</id>
+          <title>An update for ruby is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33621" id="CVE-2021-33621" title="CVE-2021-33621" type="cve"></reference>
+          </references>
+          <description>The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.(CVE-2021-33621)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ruby-debugsource" release="128.ule3" version="3.0.3">
+                         <filename>ruby-debugsource-3.0.3-128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-io-console" release="128.ule3" version="0.5.7">
+                         <filename>rubygem-io-console-0.5.7-128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-bigdecimal" release="128.ule3" version="3.0.0">
+                         <filename>rubygem-bigdecimal-3.0.0-128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-psych" release="128.ule3" version="3.3.2">
+                         <filename>rubygem-psych-3.3.2-128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-devel" release="128.ule3" version="3.0.3">
+                         <filename>ruby-devel-3.0.3-128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-openssl" release="128.ule3" version="2.2.1">
+                         <filename>rubygem-openssl-2.2.1-128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-json" release="128.ule3" version="2.5.1">
+                         <filename>rubygem-json-2.5.1-128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby" release="128.ule3" version="3.0.3">
+                         <filename>ruby-3.0.3-128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-debuginfo" release="128.ule3" version="3.0.3">
+                         <filename>ruby-debuginfo-3.0.3-128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-power_assert" release="128.ule3" version="1.2.0">
+                         <filename>rubygem-power_assert-1.2.0-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ruby-irb" release="128.ule3" version="3.0.3">
+                         <filename>ruby-irb-3.0.3-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-did_you_mean" release="128.ule3" version="1.5.0">
+                         <filename>rubygem-did_you_mean-1.5.0-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rdoc" release="128.ule3" version="6.3.3">
+                         <filename>rubygem-rdoc-6.3.3-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygems" release="128.ule3" version="3.2.32">
+                         <filename>rubygems-3.2.32-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ruby-help" release="128.ule3" version="3.0.3">
+                         <filename>ruby-help-3.0.3-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rss" release="128.ule3" version="0.2.9">
+                         <filename>rubygem-rss-0.2.9-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rexml" release="128.ule3" version="3.2.5">
+                         <filename>rubygem-rexml-3.2.5-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rbs" release="128.ule3" version="1.4.0">
+                         <filename>rubygem-rbs-1.4.0-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-typeprof" release="128.ule3" version="0.15.2">
+                         <filename>rubygem-typeprof-0.15.2-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-bundler" release="128.ule3" version="2.2.32">
+                         <filename>rubygem-bundler-2.2.32-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-minitest" release="128.ule3" version="5.14.2">
+                         <filename>rubygem-minitest-5.14.2-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rake" release="128.ule3" version="13.0.3">
+                         <filename>rubygem-rake-13.0.3-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygems-devel" release="128.ule3" version="3.2.32">
+                         <filename>rubygems-devel-3.2.32-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-test-unit" release="128.ule3" version="3.3.7">
+                         <filename>rubygem-test-unit-3.3.7-128.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-debugsource" release="128.ule3" version="3.0.3">
+                         <filename>ruby-debugsource-3.0.3-128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-psych" release="128.ule3" version="3.3.2">
+                         <filename>rubygem-psych-3.3.2-128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-io-console" release="128.ule3" version="0.5.7">
+                         <filename>rubygem-io-console-0.5.7-128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-bigdecimal" release="128.ule3" version="3.0.0">
+                         <filename>rubygem-bigdecimal-3.0.0-128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-openssl" release="128.ule3" version="2.2.1">
+                         <filename>rubygem-openssl-2.2.1-128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-json" release="128.ule3" version="2.5.1">
+                         <filename>rubygem-json-2.5.1-128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-debuginfo" release="128.ule3" version="3.0.3">
+                         <filename>ruby-debuginfo-3.0.3-128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby" release="128.ule3" version="3.0.3">
+                         <filename>ruby-3.0.3-128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-devel" release="128.ule3" version="3.0.3">
+                         <filename>ruby-devel-3.0.3-128.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1004</id>
+          <title>An update for setuptools is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40897" id="CVE-2022-40897" title="CVE-2022-40897" type="cve"></reference>
+          </references>
+          <description>Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.(CVE-2022-40897)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-setuptools" release="5.ule3" version="59.4.0">
+                         <filename>python3-setuptools-59.4.0-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-setuptools" release="5.ule3" version="59.4.0">
+                         <filename>python-setuptools-59.4.0-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-setuptools-help" release="5.ule3" version="59.4.0">
+                         <filename>python-setuptools-help-59.4.0-5.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1007</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-43552" id="CVE-2022-43552" title="CVE-2022-43552" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-43551" id="CVE-2022-43551" title="CVE-2022-43551" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.(CVE-2022-43552)A vulnerability exists in curl &lt;7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.(CVE-2022-43551)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="curl-debuginfo" release="13.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="13.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="13.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl" release="13.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="13.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="13.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="13.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="13.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="13.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="13.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="13.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1010</id>
+          <title>An update for net-snmp is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44793" id="CVE-2022-44793" title="CVE-2022-44793" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44792" id="CVE-2022-44792" title="CVE-2022-44792" type="cve"></reference>
+          </references>
+          <description>handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2022-44793)handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2022-44792)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="net-snmp-gui" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-gui-5.9.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp-debugsource" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-debugsource-5.9.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-5.9.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp-devel" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-devel-5.9.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp-libs" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-libs-5.9.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp-debuginfo" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-debuginfo-5.9.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="net-snmp-perl" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-perl-5.9.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="python3-net-snmp" release="5.ule3" version="5.9.1">
+                         <filename>python3-net-snmp-5.9.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="net-snmp-help" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-help-5.9.1-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-perl" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-perl-5.9.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-gui" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-gui-5.9.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-libs" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-libs-5.9.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-devel" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-devel-5.9.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-debuginfo" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-debuginfo-5.9.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="python3-net-snmp" release="5.ule3" version="5.9.1">
+                         <filename>python3-net-snmp-5.9.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-5.9.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="net-snmp-debugsource" release="5.ule3" version="5.9.1">
+                         <filename>net-snmp-debugsource-5.9.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1012</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47938" id="CVE-2022-47938" title="CVE-2022-47938" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47941" id="CVE-2022-47941" title="CVE-2022-47941" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47939" id="CVE-2022-47939" title="CVE-2022-47939" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.(CVE-2022-47938)An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.(CVE-2022-47941)An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.(CVE-2022-47939)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.74.0.98.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.74.0.98.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.74.0.98.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1015</id>
+          <title>An update for ppp is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4603" id="CVE-2022-4603" title="CVE-2022-4603" type="cve"></reference>
+          </references>
+          <description>** DISPUTED ** A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.(CVE-2022-4603)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ppp" release="3.ule3" version="2.4.9">
+                         <filename>ppp-2.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ppp-debuginfo" release="3.ule3" version="2.4.9">
+                         <filename>ppp-debuginfo-2.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ppp-devel" release="3.ule3" version="2.4.9">
+                         <filename>ppp-devel-2.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ppp-debugsource" release="3.ule3" version="2.4.9">
+                         <filename>ppp-debugsource-2.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ppp-help" release="3.ule3" version="2.4.9">
+                         <filename>ppp-help-2.4.9-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ppp-devel" release="3.ule3" version="2.4.9">
+                         <filename>ppp-devel-2.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ppp-debugsource" release="3.ule3" version="2.4.9">
+                         <filename>ppp-debugsource-2.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ppp" release="3.ule3" version="2.4.9">
+                         <filename>ppp-2.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ppp-debuginfo" release="3.ule3" version="2.4.9">
+                         <filename>ppp-debuginfo-2.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1018</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45141" id="CVE-2022-45141" title="CVE-2022-45141" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37966" id="CVE-2022-37966" title="CVE-2022-37966" type="cve"></reference>
+          </references>
+          <description>Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).(CVE-2022-45141)Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.(CVE-2022-37966)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ctdb" release="18.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="18.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common" release="18.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="18.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="18.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="18.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient" release="18.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient-devel" release="18.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="18.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-libs" release="18.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="18.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="18.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common-tools" release="18.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="18.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-clients" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debugsource" release="18.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="18.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="18.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="18.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="18.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="18.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="18.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="18.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="18.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="18.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="18.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="18.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="18.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="18.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="18.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="18.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="18.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="18.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="18.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="18.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1025</id>
+          <title>An update for openvswitch is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4338" id="CVE-2022-4338" title="CVE-2022-4338" type="cve"></reference>
+          </references>
+          <description>An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.(CVE-2022-4338)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openvswitch" release="2.ule3" version="2.12.4">
+                         <filename>openvswitch-2.12.4-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-help" release="2.ule3" version="2.12.4">
+                         <filename>openvswitch-help-2.12.4-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-devel" release="2.ule3" version="2.12.4">
+                         <filename>openvswitch-devel-2.12.4-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-debugsource" release="2.ule3" version="2.12.4">
+                         <filename>openvswitch-debugsource-2.12.4-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-debuginfo" release="2.ule3" version="2.12.4">
+                         <filename>openvswitch-debuginfo-2.12.4-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-help" release="2.ule3" version="2.12.4">
+                         <filename>openvswitch-help-2.12.4-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debugsource" release="2.ule3" version="2.12.4">
+                         <filename>openvswitch-debugsource-2.12.4-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debuginfo" release="2.ule3" version="2.12.4">
+                         <filename>openvswitch-debuginfo-2.12.4-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch" release="2.ule3" version="2.12.4">
+                         <filename>openvswitch-2.12.4-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-devel" release="2.ule3" version="2.12.4">
+                         <filename>openvswitch-devel-2.12.4-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1026</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0049" id="CVE-2023-0049" title="CVE-2023-0049" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0051" id="CVE-2023-0051" title="CVE-2023-0051" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0054" id="CVE-2023-0054" title="CVE-2023-0054" type="cve"></reference>
+          </references>
+          <description>Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.(CVE-2023-0049)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.(CVE-2023-0051)Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.(CVE-2023-0054)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="7.ule3" version="9.0">
+                         <filename>vim-common-9.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="7.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="7.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="7.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="7.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="7.ule3" version="9.0">
+                         <filename>vim-X11-9.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="7.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="7.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="7.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="7.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="7.ule3" version="9.0">
+                         <filename>vim-X11-9.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="7.ule3" version="9.0">
+                         <filename>vim-common-9.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="7.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1028</id>
+          <title>An update for systemd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4415" id="CVE-2022-4415" title="CVE-2022-4415" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.(CVE-2022-4415)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="systemd-devel" release="44.ule3" version="249">
+                         <filename>systemd-devel-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-container" release="44.ule3" version="249">
+                         <filename>systemd-container-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-timesyncd" release="44.ule3" version="249">
+                         <filename>systemd-timesyncd-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-debuginfo" release="44.ule3" version="249">
+                         <filename>systemd-debuginfo-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd" release="44.ule3" version="249">
+                         <filename>systemd-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-resolved" release="44.ule3" version="249">
+                         <filename>systemd-resolved-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-udev" release="44.ule3" version="249">
+                         <filename>systemd-udev-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-nspawn" release="44.ule3" version="249">
+                         <filename>systemd-nspawn-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-pam" release="44.ule3" version="249">
+                         <filename>systemd-pam-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-debugsource" release="44.ule3" version="249">
+                         <filename>systemd-debugsource-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-libs" release="44.ule3" version="249">
+                         <filename>systemd-libs-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-networkd" release="44.ule3" version="249">
+                         <filename>systemd-networkd-249-44.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="systemd-help" release="44.ule3" version="249">
+                         <filename>systemd-help-249-44.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-timesyncd" release="44.ule3" version="249">
+                         <filename>systemd-timesyncd-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-libs" release="44.ule3" version="249">
+                         <filename>systemd-libs-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-nspawn" release="44.ule3" version="249">
+                         <filename>systemd-nspawn-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-udev" release="44.ule3" version="249">
+                         <filename>systemd-udev-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-container" release="44.ule3" version="249">
+                         <filename>systemd-container-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd" release="44.ule3" version="249">
+                         <filename>systemd-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-debugsource" release="44.ule3" version="249">
+                         <filename>systemd-debugsource-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-debuginfo" release="44.ule3" version="249">
+                         <filename>systemd-debuginfo-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-resolved" release="44.ule3" version="249">
+                         <filename>systemd-resolved-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-pam" release="44.ule3" version="249">
+                         <filename>systemd-pam-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-devel" release="44.ule3" version="249">
+                         <filename>systemd-devel-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-networkd" release="44.ule3" version="249">
+                         <filename>systemd-networkd-249-44.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1029</id>
+          <title>An update for SDL2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4743" id="CVE-2022-4743" title="CVE-2022-4743" type="cve"></reference>
+          </references>
+          <description>A memory leak issue was discovered in SDL2 version &gt;= SDL2-2.0.8See the link below for details:https://github.com/libsdl-org/SDL/pull/6269https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b(CVE-2022-4743)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="SDL2-debuginfo" release="6.ule3" version="2.0.12">
+                         <filename>SDL2-debuginfo-2.0.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2-static" release="6.ule3" version="2.0.12">
+                         <filename>SDL2-static-2.0.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2" release="6.ule3" version="2.0.12">
+                         <filename>SDL2-2.0.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2-devel" release="6.ule3" version="2.0.12">
+                         <filename>SDL2-devel-2.0.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="SDL2-debugsource" release="6.ule3" version="2.0.12">
+                         <filename>SDL2-debugsource-2.0.12-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-debugsource" release="6.ule3" version="2.0.12">
+                         <filename>SDL2-debugsource-2.0.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2" release="6.ule3" version="2.0.12">
+                         <filename>SDL2-2.0.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-debuginfo" release="6.ule3" version="2.0.12">
+                         <filename>SDL2-debuginfo-2.0.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-static" release="6.ule3" version="2.0.12">
+                         <filename>SDL2-static-2.0.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="SDL2-devel" release="6.ule3" version="2.0.12">
+                         <filename>SDL2-devel-2.0.12-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1032</id>
+          <title>An update for jetty is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2048" id="CVE-2022-2048" title="CVE-2022-2048" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2047" id="CVE-2022-2047" title="CVE-2022-2047" type="cve"></reference>
+          </references>
+          <description>In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.(CVE-2022-2048)In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.(CVE-2022-2047)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="jetty-alpn-client" release="3.ule3" version="9.4.16">
+                         <filename>jetty-alpn-client-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jaspi" release="3.ule3" version="9.4.16">
+                         <filename>jetty-jaspi-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-plus" release="3.ule3" version="9.4.16">
+                         <filename>jetty-plus-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-websocket-api" release="3.ule3" version="9.4.16">
+                         <filename>jetty-websocket-api-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-util" release="3.ule3" version="9.4.16">
+                         <filename>jetty-util-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-rewrite" release="3.ule3" version="9.4.16">
+                         <filename>jetty-rewrite-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-websocket-common" release="3.ule3" version="9.4.16">
+                         <filename>jetty-websocket-common-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-spring" release="3.ule3" version="9.4.16">
+                         <filename>jetty-spring-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty" release="3.ule3" version="9.4.16">
+                         <filename>jetty-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-project" release="3.ule3" version="9.4.16">
+                         <filename>jetty-project-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-websocket-client" release="3.ule3" version="9.4.16">
+                         <filename>jetty-websocket-client-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http2-client" release="3.ule3" version="9.4.16">
+                         <filename>jetty-http2-client-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http2-server" release="3.ule3" version="9.4.16">
+                         <filename>jetty-http2-server-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jaas" release="3.ule3" version="9.4.16">
+                         <filename>jetty-jaas-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http" release="3.ule3" version="9.4.16">
+                         <filename>jetty-http-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-websocket-server" release="3.ule3" version="9.4.16">
+                         <filename>jetty-websocket-server-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http2-common" release="3.ule3" version="9.4.16">
+                         <filename>jetty-http2-common-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-start" release="3.ule3" version="9.4.16">
+                         <filename>jetty-start-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-websocket-servlet" release="3.ule3" version="9.4.16">
+                         <filename>jetty-websocket-servlet-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-maven-plugin" release="3.ule3" version="9.4.16">
+                         <filename>jetty-maven-plugin-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jndi" release="3.ule3" version="9.4.16">
+                         <filename>jetty-jndi-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http-spi" release="3.ule3" version="9.4.16">
+                         <filename>jetty-http-spi-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-util-ajax" release="3.ule3" version="9.4.16">
+                         <filename>jetty-util-ajax-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jsp" release="3.ule3" version="9.4.16">
+                         <filename>jetty-jsp-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-deploy" release="3.ule3" version="9.4.16">
+                         <filename>jetty-deploy-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-ant" release="3.ule3" version="9.4.16">
+                         <filename>jetty-ant-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-javax-websocket-client-impl" release="3.ule3" version="9.4.16">
+                         <filename>jetty-javax-websocket-client-impl-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-osgi-boot" release="3.ule3" version="9.4.16">
+                         <filename>jetty-osgi-boot-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-webapp" release="3.ule3" version="9.4.16">
+                         <filename>jetty-webapp-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-httpservice" release="3.ule3" version="9.4.16">
+                         <filename>jetty-httpservice-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-proxy" release="3.ule3" version="9.4.16">
+                         <filename>jetty-proxy-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-io" release="3.ule3" version="9.4.16">
+                         <filename>jetty-io-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-cdi" release="3.ule3" version="9.4.16">
+                         <filename>jetty-cdi-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jspc-maven-plugin" release="3.ule3" version="9.4.16">
+                         <filename>jetty-jspc-maven-plugin-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-osgi-boot-jsp" release="3.ule3" version="9.4.16">
+                         <filename>jetty-osgi-boot-jsp-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-quickstart" release="3.ule3" version="9.4.16">
+                         <filename>jetty-quickstart-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-nosql" release="3.ule3" version="9.4.16">
+                         <filename>jetty-nosql-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-unixsocket" release="3.ule3" version="9.4.16">
+                         <filename>jetty-unixsocket-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-security" release="3.ule3" version="9.4.16">
+                         <filename>jetty-security-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-annotations" release="3.ule3" version="9.4.16">
+                         <filename>jetty-annotations-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-servlet" release="3.ule3" version="9.4.16">
+                         <filename>jetty-servlet-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http2-http-client-transport" release="3.ule3" version="9.4.16">
+                         <filename>jetty-http2-http-client-transport-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-fcgi-server" release="3.ule3" version="9.4.16">
+                         <filename>jetty-fcgi-server-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-http2-hpack" release="3.ule3" version="9.4.16">
+                         <filename>jetty-http2-hpack-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-javax-websocket-server-impl" release="3.ule3" version="9.4.16">
+                         <filename>jetty-javax-websocket-server-impl-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-alpn-server" release="3.ule3" version="9.4.16">
+                         <filename>jetty-alpn-server-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jstl" release="3.ule3" version="9.4.16">
+                         <filename>jetty-jstl-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-osgi-boot-warurl" release="3.ule3" version="9.4.16">
+                         <filename>jetty-osgi-boot-warurl-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-servlets" release="3.ule3" version="9.4.16">
+                         <filename>jetty-servlets-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-client" release="3.ule3" version="9.4.16">
+                         <filename>jetty-client-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-osgi-alpn" release="3.ule3" version="9.4.16">
+                         <filename>jetty-osgi-alpn-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-fcgi-client" release="3.ule3" version="9.4.16">
+                         <filename>jetty-fcgi-client-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-xml" release="3.ule3" version="9.4.16">
+                         <filename>jetty-xml-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-infinispan" release="3.ule3" version="9.4.16">
+                         <filename>jetty-infinispan-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-jmx" release="3.ule3" version="9.4.16">
+                         <filename>jetty-jmx-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-server" release="3.ule3" version="9.4.16">
+                         <filename>jetty-server-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-continuation" release="3.ule3" version="9.4.16">
+                         <filename>jetty-continuation-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jetty-javadoc" release="3.ule3" version="9.4.16">
+                         <filename>jetty-javadoc-9.4.16-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1033</id>
+          <title>An update for byacc is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33641" id="CVE-2021-33641" title="CVE-2021-33641" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33642" id="CVE-2021-33642" title="CVE-2021-33642" type="cve"></reference>
+          </references>
+          <description>No description is available for this CVE.(CVE-2021-33641)No description is available for this CVE.(CVE-2021-33642)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="byacc" release="4.ule3" version="2.0.20210808">
+                         <filename>byacc-2.0.20210808-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="byacc-debugsource" release="4.ule3" version="2.0.20210808">
+                         <filename>byacc-debugsource-2.0.20210808-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="byacc-debuginfo" release="4.ule3" version="2.0.20210808">
+                         <filename>byacc-debuginfo-2.0.20210808-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="byacc-help" release="4.ule3" version="2.0.20210808">
+                         <filename>byacc-help-2.0.20210808-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="byacc" release="4.ule3" version="2.0.20210808">
+                         <filename>byacc-2.0.20210808-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="byacc-debuginfo" release="4.ule3" version="2.0.20210808">
+                         <filename>byacc-debuginfo-2.0.20210808-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="byacc-debugsource" release="4.ule3" version="2.0.20210808">
+                         <filename>byacc-debugsource-2.0.20210808-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1035</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2873" id="CVE-2022-2873" title="CVE-2022-2873" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3903" id="CVE-2022-3903" title="CVE-2022-3903" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3104" id="CVE-2022-3104" title="CVE-2022-3104" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3111" id="CVE-2022-3111" title="CVE-2022-3111" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3107" id="CVE-2022-3107" title="CVE-2022-3107" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3112" id="CVE-2022-3112" title="CVE-2022-3112" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3113" id="CVE-2022-3113" title="CVE-2022-3113" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3115" id="CVE-2022-3115" title="CVE-2022-3115" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3114" id="CVE-2022-3114" title="CVE-2022-3114" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2196" id="CVE-2022-2196" title="CVE-2022-2196" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47942" id="CVE-2022-47942" title="CVE-2022-47942" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47940" id="CVE-2022-47940" title="CVE-2022-47940" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47943" id="CVE-2022-47943" title="CVE-2022-47943" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.(CVE-2022-2873)An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.(CVE-2022-3903)An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.(CVE-2022-3104)An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().(CVE-2022-3111)An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.(CVE-2022-3107)An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.(CVE-2022-3112)An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.(CVE-2022-3113)An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.(CVE-2022-3115)An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.(CVE-2022-3114)A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn&#39;t need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a(CVE-2022-2196)An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.(CVE-2022-47942)An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.(CVE-2022-47940)An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.(CVE-2022-47943)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.77.0.101.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.77.0.101.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.77.0.101.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1038</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-01-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3424" id="CVE-2022-3424" title="CVE-2022-3424" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4662" id="CVE-2022-4662" title="CVE-2022-4662" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47946" id="CVE-2022-47946" title="CVE-2022-47946" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4842" id="CVE-2022-4842" title="CVE-2022-4842" type="cve"></reference>
+          </references>
+          <description>A use-after-free flaw was found in the Linux kernel?s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-3424)A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.(CVE-2022-4662)An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.(CVE-2022-47946)A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system.(CVE-2022-4842)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.78.0.102.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.78.0.102.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.78.0.102.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1044</id>
+          <title>An update for git is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23521" id="CVE-2022-23521" title="CVE-2022-23521" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41903" id="CVE-2022-41903" title="CVE-2022-41903" type="cve"></reference>
+          </references>
+          <description>Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2022-23521)Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.(CVE-2022-41903)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="git-daemon" release="7.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git" release="7.ule3" version="2.33.0">
+                         <filename>git-2.33.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debuginfo" release="7.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debugsource" release="7.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git" release="7.ule3" version="2.33.0">
+                         <filename>perl-Git-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git-SVN" release="7.ule3" version="2.33.0">
+                         <filename>perl-Git-SVN-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-help" release="7.ule3" version="2.33.0">
+                         <filename>git-help-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-email" release="7.ule3" version="2.33.0">
+                         <filename>git-email-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-web" release="7.ule3" version="2.33.0">
+                         <filename>git-web-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-svn" release="7.ule3" version="2.33.0">
+                         <filename>git-svn-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-gui" release="7.ule3" version="2.33.0">
+                         <filename>git-gui-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gitk" release="7.ule3" version="2.33.0">
+                         <filename>gitk-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debugsource" release="7.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debuginfo" release="7.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-daemon" release="7.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git" release="7.ule3" version="2.33.0">
+                         <filename>git-2.33.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1045</id>
+          <title>An update for python3 is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37454" id="CVE-2022-37454" title="CVE-2022-37454" type="cve"></reference>
+          </references>
+          <description>The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.(CVE-2022-37454)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3" release="21.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debugsource" release="21.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debuginfo" release="21.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debug" release="21.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unversioned-command" release="21.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-devel" release="21.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-help" release="21.ule3" version="3.9.9">
+                         <filename>python3-help-3.9.9-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unversioned-command" release="21.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-devel" release="21.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3" release="21.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debugsource" release="21.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debuginfo" release="21.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debug" release="21.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1046</id>
+          <title>An update for pkgconf is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24056" id="CVE-2023-24056" title="CVE-2023-24056" type="cve"></reference>
+          </references>
+          <description>In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.(CVE-2023-24056)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="pkgconf-devel" release="3.ule3" version="1.8.0">
+                         <filename>pkgconf-devel-1.8.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pkgconf-debugsource" release="3.ule3" version="1.8.0">
+                         <filename>pkgconf-debugsource-1.8.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pkgconf" release="3.ule3" version="1.8.0">
+                         <filename>pkgconf-1.8.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pkgconf-debuginfo" release="3.ule3" version="1.8.0">
+                         <filename>pkgconf-debuginfo-1.8.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="pkgconf-help" release="3.ule3" version="1.8.0">
+                         <filename>pkgconf-help-1.8.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pkgconf-debugsource" release="3.ule3" version="1.8.0">
+                         <filename>pkgconf-debugsource-1.8.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pkgconf" release="3.ule3" version="1.8.0">
+                         <filename>pkgconf-1.8.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pkgconf-devel" release="3.ule3" version="1.8.0">
+                         <filename>pkgconf-devel-1.8.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pkgconf-debuginfo" release="3.ule3" version="1.8.0">
+                         <filename>pkgconf-debuginfo-1.8.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1047</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48281" id="CVE-2022-48281" title="CVE-2022-48281" type="cve"></reference>
+          </references>
+          <description>processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., &#34;WRITE of size 307203&#34;) via a crafted TIFF image.(CVE-2022-48281)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-static" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-22.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="22.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1048</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38023" id="CVE-2022-38023" title="CVE-2022-38023" type="cve"></reference>
+          </references>
+          <description>Netlogon RPC Elevation of Privilege Vulnerability.(CVE-2022-38023)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libwbclient" release="18.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="18.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-clients" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debugsource" release="18.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="18.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="18.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="18.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="18.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient-devel" release="18.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="18.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-libs" release="18.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ctdb" release="18.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common" release="18.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="18.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="18.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="18.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common-tools" release="18.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="18.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="18.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="18.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="18.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="18.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="18.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="18.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="18.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="18.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="18.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="18.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="18.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="18.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="18.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="18.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="18.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="18.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="18.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="18.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="18.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="18.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1049</id>
+          <title>An update for sudo is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22809" id="CVE-2023-22809" title="CVE-2023-22809" type="cve"></reference>
+          </references>
+          <description>In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a &#34;--&#34; argument that defeats a protection mechanism, e.g., an EDITOR=&#39;vim -- /path/to/extra/file&#39; value.(CVE-2023-22809)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sudo" release="9.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debuginfo" release="9.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-devel" release="9.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debugsource" release="9.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sudo-help" release="9.ule3" version="1.9.8p2">
+                         <filename>sudo-help-1.9.8p2-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debuginfo" release="9.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-devel" release="9.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo" release="9.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debugsource" release="9.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1051</id>
+          <title>An update for batik is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41704" id="CVE-2022-41704" title="CVE-2022-41704" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42890" id="CVE-2022-42890" title="CVE-2022-42890" type="cve"></reference>
+          </references>
+          <description>A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.(CVE-2022-41704)A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.(CVE-2022-42890)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="batik" release="7.ule3" version="1.10">
+                         <filename>batik-1.10-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="batik-help" release="7.ule3" version="1.10">
+                         <filename>batik-help-1.10-7.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1052</id>
+          <title>An update for httpd is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36760" id="CVE-2022-36760" title="CVE-2022-36760" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37436" id="CVE-2022-37436" title="CVE-2022-37436" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2006-20001" id="CVE-2006-20001" title="CVE-2006-20001" type="cve"></reference>
+          </references>
+          <description>Inconsistent Interpretation of HTTP Requests (&#39;HTTP Request Smuggling&#39;) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.(CVE-2022-36760)Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.(CVE-2022-37436)A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.(CVE-2006-20001)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="httpd" release="12.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_md" release="12.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_session" release="12.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-devel" release="12.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-tools" release="12.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_ldap" release="12.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-debuginfo" release="12.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-debugsource" release="12.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mod_ssl" release="12.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mod_proxy_html" release="12.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-help" release="12.ule3" version="2.4.51">
+                         <filename>httpd-help-2.4.51-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-filesystem" release="12.ule3" version="2.4.51">
+                         <filename>httpd-filesystem-2.4.51-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_session" release="12.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-devel" release="12.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-tools" release="12.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_ldap" release="12.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_proxy_html" release="12.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_ssl" release="12.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd" release="12.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_md" release="12.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debugsource" release="12.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debuginfo" release="12.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1056</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-20928" id="CVE-2023-20928" title="CVE-2023-20928" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0210" id="CVE-2023-0210" title="CVE-2023-0210" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23559" id="CVE-2023-23559" title="CVE-2023-23559" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4696" id="CVE-2022-4696" title="CVE-2022-4696" type="cve"></reference>
+          </references>
+          <description>In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel(CVE-2023-20928)A heap overflow bug in ksmbd_decode_ntlmssp_auth_blob in which nt_len can be less than CIFS_ENCPWD_SIZE. This results in a negative blen argument for ksmbd_auth_ntlmv2, where it calls memcpy using blen on memory allocated by kmalloc(blen + CIFS_CRYPTO_KEY_SIZE). Note that CIFS_ENCPWD_SIZE is 16 and CIFS_CRYPTO_KEY_SIZE is 8. We believe this bug can only result in a remote DOS and not privilege escalation nor RCE, as the heap overflow occurs when blen is in range (-8, -1].”Reference:https://securityonline.info/cve-2023-0210-flaw-in-linux-kernel-allows-unauthenticated-remote-dos-attacks/https://www.spinics.net/lists/stable-commits/msg282893.html(CVE-2023-0210)In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.(CVE-2023-23559)There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won&#39;t use current-&gt;nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current-&gt;nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above(CVE-2022-4696)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1058</id>
+          <title>An update for tomcat is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42252" id="CVE-2022-42252" title="CVE-2022-42252" type="cve"></reference>
+          </references>
+          <description>If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.(CVE-2022-42252)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="tomcat-help" release="27.ule3" version="9.0.10">
+                         <filename>tomcat-help-9.0.10-27.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat-jsvc" release="27.ule3" version="9.0.10">
+                         <filename>tomcat-jsvc-9.0.10-27.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat" release="27.ule3" version="9.0.10">
+                         <filename>tomcat-9.0.10-27.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1059</id>
+          <title>An update for git is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41953" id="CVE-2022-41953" title="CVE-2022-41953" type="cve"></reference>
+          </references>
+          <description>Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources.(CVE-2022-41953)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="git-daemon" release="7.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debugsource" release="7.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git" release="7.ule3" version="2.33.0">
+                         <filename>git-2.33.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debuginfo" release="7.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git-SVN" release="7.ule3" version="2.33.0">
+                         <filename>perl-Git-SVN-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git" release="7.ule3" version="2.33.0">
+                         <filename>perl-Git-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-help" release="7.ule3" version="2.33.0">
+                         <filename>git-help-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-svn" release="7.ule3" version="2.33.0">
+                         <filename>git-svn-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-email" release="7.ule3" version="2.33.0">
+                         <filename>git-email-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gitk" release="7.ule3" version="2.33.0">
+                         <filename>gitk-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-web" release="7.ule3" version="2.33.0">
+                         <filename>git-web-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-gui" release="7.ule3" version="2.33.0">
+                         <filename>git-gui-2.33.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-daemon" release="7.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debugsource" release="7.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debuginfo" release="7.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git" release="7.ule3" version="2.33.0">
+                         <filename>git-2.33.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1061</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0288" id="CVE-2023-0288" title="CVE-2023-0288" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47024" id="CVE-2022-47024" title="CVE-2022-47024" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.(CVE-2023-0288)A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.(CVE-2022-47024)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="8.ule3" version="9.0">
+                         <filename>vim-common-9.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="8.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="8.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="8.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="8.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="8.ule3" version="9.0">
+                         <filename>vim-X11-9.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="8.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="8.ule3" version="9.0">
+                         <filename>vim-X11-9.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="8.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="8.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="8.ule3" version="9.0">
+                         <filename>vim-common-9.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="8.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="8.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1062</id>
+          <title>An update for opusfile is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47021" id="CVE-2022-47021" title="CVE-2022-47021" type="cve"></reference>
+          </references>
+          <description>A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.(CVE-2022-47021)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="opusfile" release="5.ule3" version="0.11">
+                         <filename>opusfile-0.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="opusfile-debugsource" release="5.ule3" version="0.11">
+                         <filename>opusfile-debugsource-0.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="opusfile-debuginfo" release="5.ule3" version="0.11">
+                         <filename>opusfile-debuginfo-0.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="opusfile-devel" release="5.ule3" version="0.11">
+                         <filename>opusfile-devel-0.11-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="opusfile-debugsource" release="5.ule3" version="0.11">
+                         <filename>opusfile-debugsource-0.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="opusfile-devel" release="5.ule3" version="0.11">
+                         <filename>opusfile-devel-0.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="opusfile-debuginfo" release="5.ule3" version="0.11">
+                         <filename>opusfile-debuginfo-0.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="opusfile" release="5.ule3" version="0.11">
+                         <filename>opusfile-0.11-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1063</id>
+          <title>An update for openssh is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25136" id="CVE-2023-25136" title="CVE-2023-25136" type="cve"></reference>
+          </references>
+          <description>OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration. One third-party report states &#34;remote code execution is theoretically possible.&#34;(CVE-2023-25136)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openssh-askpass" release="17.ule3" version="8.8p1">
+                         <filename>openssh-askpass-8.8p1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-clients" release="17.ule3" version="8.8p1">
+                         <filename>openssh-clients-8.8p1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-debuginfo" release="17.ule3" version="8.8p1">
+                         <filename>openssh-debuginfo-8.8p1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-server" release="17.ule3" version="8.8p1">
+                         <filename>openssh-server-8.8p1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-debugsource" release="17.ule3" version="8.8p1">
+                         <filename>openssh-debugsource-8.8p1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh" release="17.ule3" version="8.8p1">
+                         <filename>openssh-8.8p1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pam_ssh_agent_auth" release="4.17.ule3" version="0.10.4">
+                         <filename>pam_ssh_agent_auth-0.10.4-4.17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-keycat" release="17.ule3" version="8.8p1">
+                         <filename>openssh-keycat-8.8p1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="openssh-help" release="16.ule3" version="8.8p1">
+                         <filename>openssh-help-8.8p1-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="openssh-help" release="17.ule3" version="8.8p1">
+                         <filename>openssh-help-8.8p1-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="openssh-debuginfo" release="16.ule3" version="8.8p1">
+                         <filename>openssh-debuginfo-8.8p1-16.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="openssh-keycat" release="16.ule3" version="8.8p1">
+                         <filename>openssh-keycat-8.8p1-16.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="openssh" release="16.ule3" version="8.8p1">
+                         <filename>openssh-8.8p1-16.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="pam_ssh_agent_auth" release="4.16.ule3" version="0.10.4">
+                         <filename>pam_ssh_agent_auth-0.10.4-4.16.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="openssh-server" release="16.ule3" version="8.8p1">
+                         <filename>openssh-server-8.8p1-16.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="openssh-clients" release="16.ule3" version="8.8p1">
+                         <filename>openssh-clients-8.8p1-16.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="openssh-askpass" release="16.ule3" version="8.8p1">
+                         <filename>openssh-askpass-8.8p1-16.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="openssh-debugsource" release="16.ule3" version="8.8p1">
+                         <filename>openssh-debugsource-8.8p1-16.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-askpass" release="17.ule3" version="8.8p1">
+                         <filename>openssh-askpass-8.8p1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-server" release="17.ule3" version="8.8p1">
+                         <filename>openssh-server-8.8p1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pam_ssh_agent_auth" release="4.17.ule3" version="0.10.4">
+                         <filename>pam_ssh_agent_auth-0.10.4-4.17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh" release="17.ule3" version="8.8p1">
+                         <filename>openssh-8.8p1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-keycat" release="17.ule3" version="8.8p1">
+                         <filename>openssh-keycat-8.8p1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-debuginfo" release="17.ule3" version="8.8p1">
+                         <filename>openssh-debuginfo-8.8p1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-debugsource" release="17.ule3" version="8.8p1">
+                         <filename>openssh-debugsource-8.8p1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-clients" release="17.ule3" version="8.8p1">
+                         <filename>openssh-clients-8.8p1-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1065</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44267" id="CVE-2022-44267" title="CVE-2022-44267" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44268" id="CVE-2022-44268" title="CVE-2022-44268" type="cve"></reference>
+          </references>
+          <description>ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.(CVE-2022-44267)ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).(CVE-2022-44268)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-devel-7.1.0.28-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debuginfo-7.1.0.28-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-c++-7.1.0.28-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-perl-7.1.0.28-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-devel-7.1.0.28-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-help-7.1.0.28-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-debugsource-7.1.0.28-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="6.ule3" version="7.1.0.28">
+                         <filename>ImageMagick-7.1.0.28-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1066</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0433" id="CVE-2023-0433" title="CVE-2023-0433" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.(CVE-2023-0433)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="9.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="9.ule3" version="9.0">
+                         <filename>vim-X11-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="9.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="9.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="9.ule3" version="9.0">
+                         <filename>vim-common-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="9.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="9.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="9.ule3" version="9.0">
+                         <filename>vim-X11-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="9.ule3" version="9.0">
+                         <filename>vim-common-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="9.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="9.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="9.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="9.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1066</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0433" id="CVE-2023-0433" title="CVE-2023-0433" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.(CVE-2023-0433)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="9.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="9.ule3" version="9.0">
+                         <filename>vim-X11-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="9.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="9.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="9.ule3" version="9.0">
+                         <filename>vim-common-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="9.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="9.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="9.ule3" version="9.0">
+                         <filename>vim-X11-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="9.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="9.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="9.ule3" version="9.0">
+                         <filename>vim-common-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="9.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="9.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="9.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="9.ule3" version="9.0">
+                         <filename>vim-X11-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="9.ule3" version="9.0">
+                         <filename>vim-common-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="9.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="9.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="9.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="9.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="9.ule3" version="9.0">
+                         <filename>vim-X11-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="9.ule3" version="9.0">
+                         <filename>vim-common-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="9.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="9.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="9.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="9.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1067</id>
+          <title>An update for bind is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3094" id="CVE-2022-3094" title="CVE-2022-3094" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3736" id="CVE-2022-3736" title="CVE-2022-3736" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3924" id="CVE-2022-3924" title="CVE-2022-3924" type="cve"></reference>
+          </references>
+          <description>Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don&#39;t intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.(CVE-2022-3094)BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.(CVE-2022-3736)This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.(CVE-2022-3924)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bind-dnssec-doc" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-doc-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-bind" release="14.ule3" version="9.16.23">
+                         <filename>python3-bind-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bind-license" release="14.ule3" version="9.16.23">
+                         <filename>bind-license-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bind-dnssec-doc" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-doc-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-bind" release="14.ule3" version="9.16.23">
+                         <filename>python3-bind-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bind-license" release="14.ule3" version="9.16.23">
+                         <filename>bind-license-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1067</id>
+          <title>An update for bind is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3094" id="CVE-2022-3094" title="CVE-2022-3094" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3736" id="CVE-2022-3736" title="CVE-2022-3736" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3924" id="CVE-2022-3924" title="CVE-2022-3924" type="cve"></reference>
+          </references>
+          <description>Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don&#39;t intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.(CVE-2022-3094)BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.(CVE-2022-3736)This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.(CVE-2022-3924)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bind-dnssec-doc" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-doc-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-bind" release="14.ule3" version="9.16.23">
+                         <filename>python3-bind-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bind-license" release="14.ule3" version="9.16.23">
+                         <filename>bind-license-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bind-dnssec-doc" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-doc-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-bind" release="14.ule3" version="9.16.23">
+                         <filename>python3-bind-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bind-license" release="14.ule3" version="9.16.23">
+                         <filename>bind-license-9.16.23-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-debuginfo" release="14.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind" release="14.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-dnssec-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-chroot" release="14.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-libs" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-debugsource" release="14.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-devel" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bind-pkcs11-utils" release="14.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1069</id>
+          <title>An update for tmux is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47016" id="CVE-2022-47016" title="CVE-2022-47016" type="cve"></reference>
+          </references>
+          <description>A null pointer dereference issue was discovered in function window_pane_set_event in window.c in tmux 3.0 thru 3.3 and later, allows attackers to cause denial of service or other unspecified impacts.(CVE-2022-47016)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="tmux-help" release="3.ule3" version="3.2a">
+                         <filename>tmux-help-3.2a-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="tmux-help" release="3.ule3" version="3.2a">
+                         <filename>tmux-help-3.2a-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1069</id>
+          <title>An update for tmux is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47016" id="CVE-2022-47016" title="CVE-2022-47016" type="cve"></reference>
+          </references>
+          <description>A null pointer dereference issue was discovered in function window_pane_set_event in window.c in tmux 3.0 thru 3.3 and later, allows attackers to cause denial of service or other unspecified impacts.(CVE-2022-47016)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="tmux-help" release="3.ule3" version="3.2a">
+                         <filename>tmux-help-3.2a-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="tmux-help" release="3.ule3" version="3.2a">
+                         <filename>tmux-help-3.2a-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux" release="3.ule3" version="3.2a">
+                         <filename>tmux-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux-debuginfo" release="3.ule3" version="3.2a">
+                         <filename>tmux-debuginfo-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tmux-debugsource" release="3.ule3" version="3.2a">
+                         <filename>tmux-debugsource-3.2a-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1071</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0179" id="CVE-2023-0179" title="CVE-2023-0179" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23455" id="CVE-2023-23455" title="CVE-2023-23455" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23454" id="CVE-2023-23454" title="CVE-2023-23454" type="cve"></reference>
+          </references>
+          <description>A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.(CVE-2023-0179)atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23455)cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23454)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-headers" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1071</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0179" id="CVE-2023-0179" title="CVE-2023-0179" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23455" id="CVE-2023-23455" title="CVE-2023-23455" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23454" id="CVE-2023-23454" title="CVE-2023-23454" type="cve"></reference>
+          </references>
+          <description>A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.(CVE-2023-0179)atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23455)cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23454)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-headers" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.79.0.103.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.79.0.103.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.79.0.103.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1076</id>
+          <title>An update for lxc is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47952" id="CVE-2022-47952" title="CVE-2022-47952" type="cve"></reference>
+          </references>
+          <description>lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because &#34;Failed to open&#34; often indicates that a file does not exist, whereas &#34;does not refer to a network namespace path&#34; often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that &#34;we will report back to the user that the open() failed but the user has no way of knowing why it failed&#34;; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.(CVE-2022-47952)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="lxc-debuginfo" release="2022102408.ule3" version="4.0.3">
+                         <filename>lxc-debuginfo-4.0.3-2022102408.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lxc-debugsource" release="2022102408.ule3" version="4.0.3">
+                         <filename>lxc-debugsource-4.0.3-2022102408.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lxc-devel" release="2022102408.ule3" version="4.0.3">
+                         <filename>lxc-devel-4.0.3-2022102408.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lxc" release="2022102408.ule3" version="4.0.3">
+                         <filename>lxc-4.0.3-2022102408.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lxc-libs" release="2022102408.ule3" version="4.0.3">
+                         <filename>lxc-libs-4.0.3-2022102408.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="lxc-help" release="2022102408.ule3" version="4.0.3">
+                         <filename>lxc-help-4.0.3-2022102408.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lxc-libs" release="2022102408.ule3" version="4.0.3">
+                         <filename>lxc-libs-4.0.3-2022102408.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lxc-devel" release="2022102408.ule3" version="4.0.3">
+                         <filename>lxc-devel-4.0.3-2022102408.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lxc" release="2022102408.ule3" version="4.0.3">
+                         <filename>lxc-4.0.3-2022102408.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lxc-debuginfo" release="2022102408.ule3" version="4.0.3">
+                         <filename>lxc-debuginfo-4.0.3-2022102408.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lxc-debugsource" release="2022102408.ule3" version="4.0.3">
+                         <filename>lxc-debugsource-4.0.3-2022102408.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1078</id>
+          <title>An update for libXpm is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4883" id="CVE-2022-4883" title="CVE-2022-4883" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44617" id="CVE-2022-44617" title="CVE-2022-44617" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46285" id="CVE-2022-46285" title="CVE-2022-46285" type="cve"></reference>
+          </references>
+          <description>A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.(CVE-2022-4883)A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.(CVE-2022-44617)A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.(CVE-2022-46285)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libXpm-debuginfo" release="4.ule3" version="3.5.13">
+                         <filename>libXpm-debuginfo-3.5.13-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libXpm-devel" release="4.ule3" version="3.5.13">
+                         <filename>libXpm-devel-3.5.13-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libXpm-debugsource" release="4.ule3" version="3.5.13">
+                         <filename>libXpm-debugsource-3.5.13-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libXpm" release="4.ule3" version="3.5.13">
+                         <filename>libXpm-3.5.13-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libXpm-help" release="4.ule3" version="3.5.13">
+                         <filename>libXpm-help-3.5.13-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libXpm-devel" release="4.ule3" version="3.5.13">
+                         <filename>libXpm-devel-3.5.13-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libXpm" release="4.ule3" version="3.5.13">
+                         <filename>libXpm-3.5.13-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libXpm-debugsource" release="4.ule3" version="3.5.13">
+                         <filename>libXpm-debugsource-3.5.13-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libXpm-debuginfo" release="4.ule3" version="3.5.13">
+                         <filename>libXpm-debuginfo-3.5.13-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1079</id>
+          <title>An update for tpm2-tss is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22745" id="CVE-2023-22745" title="CVE-2023-22745" type="cve"></reference>
+          </references>
+          <description>tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege.(CVE-2023-22745)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="tpm2-tss-debuginfo" release="3.ule3" version="3.1.0">
+                         <filename>tpm2-tss-debuginfo-3.1.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tpm2-tss-debugsource" release="3.ule3" version="3.1.0">
+                         <filename>tpm2-tss-debugsource-3.1.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tpm2-tss" release="3.ule3" version="3.1.0">
+                         <filename>tpm2-tss-3.1.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tpm2-tss-devel" release="3.ule3" version="3.1.0">
+                         <filename>tpm2-tss-devel-3.1.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="tpm2-tss-help" release="3.ule3" version="3.1.0">
+                         <filename>tpm2-tss-help-3.1.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tpm2-tss-debuginfo" release="3.ule3" version="3.1.0">
+                         <filename>tpm2-tss-debuginfo-3.1.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tpm2-tss-devel" release="3.ule3" version="3.1.0">
+                         <filename>tpm2-tss-devel-3.1.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tpm2-tss-debugsource" release="3.ule3" version="3.1.0">
+                         <filename>tpm2-tss-debugsource-3.1.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tpm2-tss" release="3.ule3" version="3.1.0">
+                         <filename>tpm2-tss-3.1.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1082</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41717" id="CVE-2022-41717" title="CVE-2022-41717" type="cve"></reference>
+          </references>
+          <description>An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.(CVE-2022-41717)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="14.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="14.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="14.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="14.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1083</id>
+          <title>An update for harfbuzz is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25193" id="CVE-2023-25193" title="CVE-2023-25193" type="cve"></reference>
+          </references>
+          <description>hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.(CVE-2023-25193)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="harfbuzz-devel" release="4.ule3" version="2.8.2">
+                         <filename>harfbuzz-devel-2.8.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="harfbuzz-debuginfo" release="4.ule3" version="2.8.2">
+                         <filename>harfbuzz-debuginfo-2.8.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="harfbuzz" release="4.ule3" version="2.8.2">
+                         <filename>harfbuzz-2.8.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="harfbuzz-debugsource" release="4.ule3" version="2.8.2">
+                         <filename>harfbuzz-debugsource-2.8.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="harfbuzz-help" release="3.ule3" version="2.8.2">
+                         <filename>harfbuzz-help-2.8.2-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="harfbuzz-help" release="4.ule3" version="2.8.2">
+                         <filename>harfbuzz-help-2.8.2-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="harfbuzz" release="4.ule3" version="2.8.2">
+                         <filename>harfbuzz-2.8.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="harfbuzz-debuginfo" release="4.ule3" version="2.8.2">
+                         <filename>harfbuzz-debuginfo-2.8.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="harfbuzz-devel" release="4.ule3" version="2.8.2">
+                         <filename>harfbuzz-devel-2.8.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="harfbuzz-debugsource" release="4.ule3" version="2.8.2">
+                         <filename>harfbuzz-debugsource-2.8.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1084</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3707" id="CVE-2022-3707" title="CVE-2022-3707" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0394" id="CVE-2023-0394" title="CVE-2023-0394" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0590" id="CVE-2023-0590" title="CVE-2023-0590" type="cve"></reference>
+          </references>
+          <description>A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.(CVE-2022-3707)A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.(CVE-2023-0394)A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem leading to a denial-of-service problem. Reference:https://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/Crash:    BUG: KASAN: use-after-free in __tcf_qdisc_find.part.0+0xa3a/0xac0 net/sched/cls_api.c:1066    Read of size 4 at addr ffff88802065e038 by task syz-executor.4/21027        CPU: 0 PID: 21027 Comm: syz-executor.4 Not tainted 6.0.0-rc3-syzkaller-00363-g7726d4c3e60b #0    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022    Call Trace:    &lt;TASK&gt;    __dump_stack lib/dump_stack.c:88 [inline]    dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106    print_address_description mm/kasan/report.c:317 [inline]    print_report.cold+0x2ba/0x719 mm/kasan/report.c:433    kasan_report+0xb1/0x1e0 mm/kasan/report.c:495    __tcf_qdisc_find.part.0+0xa3a/0xac0 net/sched/cls_api.c:1066    __tcf_qdisc_find net/sched/cls_api.c:1051 [inline]    tc_new_tfilter+0x34f/0x2200 net/sched/cls_api.c:2018    rtnetlink_rcv_msg+0x955/0xca0 net/core/rtnetlink.c:6081    netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2501    netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]    netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345    netlink_sendmsg+0x917/0xe10 net/netlink/af_netlink.c:1921    sock_sendmsg_nosec net/socket.c:714 [inline]    sock_sendmsg+0xcf/0x120 net/socket.c:734    ____sys_sendmsg+0x6eb/0x810 net/socket.c:2482    ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536    __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565    do_syscall_x64 arch/x86/entry/common.c:50 [inline]    do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80    entry_SYSCALL_64_after_hwframe+0x63/0xcd    RIP: 0033:0x7f5efaa89279(CVE-2023-0590)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-headers" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.80.0.104.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.80.0.104.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.80.0.104.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1088</id>
+          <title>An update for python-cryptography is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23931" id="CVE-2023-23931" title="CVE-2023-23931" type="cve"></reference>
+          </references>
+          <description>cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.(CVE-2023-23931)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-cryptography" release="5.ule3" version="3.3.1">
+                         <filename>python3-cryptography-3.3.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-cryptography-debuginfo" release="5.ule3" version="3.3.1">
+                         <filename>python-cryptography-debuginfo-3.3.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-cryptography-debugsource" release="5.ule3" version="3.3.1">
+                         <filename>python-cryptography-debugsource-3.3.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-cryptography-help" release="5.ule3" version="3.3.1">
+                         <filename>python-cryptography-help-3.3.1-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-cryptography-debuginfo" release="5.ule3" version="3.3.1">
+                         <filename>python-cryptography-debuginfo-3.3.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-cryptography-debugsource" release="5.ule3" version="3.3.1">
+                         <filename>python-cryptography-debugsource-3.3.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-cryptography" release="5.ule3" version="3.3.1">
+                         <filename>python3-cryptography-3.3.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1091</id>
+          <title>An update for c-ares is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4904" id="CVE-2022-4904" title="CVE-2022-4904" type="cve"></reference>
+          </references>
+          <description>In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse the input str and initialize a sortlist configuration. However, ares_set_sortlist has not any checks about the validity of the input str. It is very easy to create an arbitrary length stack overflow with the unchecked memcpy(ipbuf, str, q-str); and memcpy(ipbufpfx, str, q-str); statements in the config_sortlist call, which could potentially cause severe security impact in practical programs.(CVE-2022-4904)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="c-ares-devel" release="4.ule3" version="1.18.1">
+                         <filename>c-ares-devel-1.18.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares-debugsource" release="4.ule3" version="1.18.1">
+                         <filename>c-ares-debugsource-1.18.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares" release="4.ule3" version="1.18.1">
+                         <filename>c-ares-1.18.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares-debuginfo" release="4.ule3" version="1.18.1">
+                         <filename>c-ares-debuginfo-1.18.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="c-ares-help" release="4.ule3" version="1.18.1">
+                         <filename>c-ares-help-1.18.1-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares" release="4.ule3" version="1.18.1">
+                         <filename>c-ares-1.18.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-devel" release="4.ule3" version="1.18.1">
+                         <filename>c-ares-devel-1.18.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-debugsource" release="4.ule3" version="1.18.1">
+                         <filename>c-ares-debugsource-1.18.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-debuginfo" release="4.ule3" version="1.18.1">
+                         <filename>c-ares-debuginfo-1.18.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1092</id>
+          <title>An update for openssl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0215" id="CVE-2023-0215" title="CVE-2023-0215" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4304" id="CVE-2022-4304" title="CVE-2022-4304" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4450" id="CVE-2022-4450" title="CVE-2022-4450" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0286" id="CVE-2023-0286" title="CVE-2023-0286" type="cve"></reference>
+          </references>
+          <description>The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.(CVE-2023-0215)A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.(CVE-2022-4304)The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the &#34;name&#34; (e.g. &#34;CERTIFICATE&#34;), any header data and the payload data. If the function succeeds then the &#34;name_out&#34;, &#34;header&#34; and &#34;data&#34; arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.(CVE-2022-4450)There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="openssl" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-perl" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-devel" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-libs" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debuginfo" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debugsource" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="openssl-help" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-help-1.1.1m-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-perl" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debuginfo" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-devel" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-libs" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debugsource" release="18.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1094</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3724" id="CVE-2022-3724" title="CVE-2022-3724" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4344" id="CVE-2022-4344" title="CVE-2022-4344" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4345" id="CVE-2022-4345" title="CVE-2022-4345" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0413" id="CVE-2023-0413" title="CVE-2023-0413" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0417" id="CVE-2023-0417" title="CVE-2023-0417" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0415" id="CVE-2023-0415" title="CVE-2023-0415" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0411" id="CVE-2023-0411" title="CVE-2023-0411" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0412" id="CVE-2023-0412" title="CVE-2023-0412" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0416" id="CVE-2023-0416" title="CVE-2023-0416" type="cve"></reference>
+          </references>
+          <description>Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows(CVE-2022-3724)Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file(CVE-2022-4344)Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file(CVE-2022-4345)Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0413)Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0417)iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0415)Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0411)TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0412)GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0416)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="1.ule3" version="3.6.11">
+                         <filename>wireshark-help-3.6.11-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="1.ule3" version="3.6.11">
+                         <filename>wireshark-debugsource-3.6.11-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="1.ule3" version="3.6.11">
+                         <filename>wireshark-devel-3.6.11-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="1.ule3" version="3.6.11">
+                         <filename>wireshark-debuginfo-3.6.11-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="1.ule3" version="3.6.11">
+                         <filename>wireshark-3.6.11-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="1.ule3" version="3.6.11">
+                         <filename>wireshark-debuginfo-3.6.11-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="1.ule3" version="3.6.11">
+                         <filename>wireshark-help-3.6.11-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="1.ule3" version="3.6.11">
+                         <filename>wireshark-debugsource-3.6.11-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="1.ule3" version="3.6.11">
+                         <filename>wireshark-devel-3.6.11-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="1.ule3" version="3.6.11">
+                         <filename>wireshark-3.6.11-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1099</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23969" id="CVE-2023-23969" title="CVE-2023-23969" type="cve"></reference>
+          </references>
+          <description>In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.(CVE-2023-23969)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-django-help" release="3.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-Django" release="3.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1102</id>
+          <title>An update for rubygem-globalid is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22799" id="CVE-2023-22799" title="CVE-2023-22799" type="cve"></reference>
+          </references>
+          <description>A ReDoS based DoS vulnerability in the GlobalID &lt;1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22799)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="rubygem-globalid" release="4.ule3" version="0.4.2">
+                         <filename>rubygem-globalid-0.4.2-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-globalid-doc" release="4.ule3" version="0.4.2">
+                         <filename>rubygem-globalid-doc-0.4.2-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1104</id>
+          <title>An update for tar is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48303" id="CVE-2022-48303" title="CVE-2022-48303" type="cve"></reference>
+          </references>
+          <description>GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.(CVE-2022-48303)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="tar-debuginfo" release="4.ule3" version="1.34">
+                         <filename>tar-debuginfo-1.34-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="tar-debugsource" release="4.ule3" version="1.34">
+                         <filename>tar-debugsource-1.34-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="tar" release="4.ule3" version="1.34">
+                         <filename>tar-1.34-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="tar-help" release="4.ule3" version="1.34">
+                         <filename>tar-help-1.34-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tar-debugsource" release="4.ule3" version="1.34">
+                         <filename>tar-debugsource-1.34-4.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tar" release="4.ule3" version="1.34">
+                         <filename>tar-1.34-4.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="tar-debuginfo" release="4.ule3" version="1.34">
+                         <filename>tar-debuginfo-1.34-4.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="tar-debugsource" release="4.ule3" version="1.34">
+                         <filename>tar-debugsource-1.34-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="tar-debuginfo" release="4.ule3" version="1.34">
+                         <filename>tar-debuginfo-1.34-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="tar" release="4.ule3" version="1.34">
+                         <filename>tar-1.34-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1105</id>
+          <title>An update for apr-util is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25147" id="CVE-2022-25147" title="CVE-2022-25147" type="cve"></reference>
+          </references>
+          <description>Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.(CVE-2022-25147)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="apr-util-debuginfo" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-debuginfo-1.6.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="apr-util-pgsql" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-pgsql-1.6.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="apr-util-devel" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-devel-1.6.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="apr-util-odbc" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-odbc-1.6.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="apr-util" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-1.6.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="apr-util-debugsource" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-debugsource-1.6.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="apr-util-debuginfo" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-debuginfo-1.6.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="apr-util-pgsql" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-pgsql-1.6.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="apr-util-odbc" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-odbc-1.6.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="apr-util-debugsource" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-debugsource-1.6.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="apr-util-devel" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-devel-1.6.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="apr-util" release="14.ule3" version="1.6.1">
+                         <filename>apr-util-1.6.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1116</id>
+          <title>An update for gssntlmssp is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25564" id="CVE-2023-25564" title="CVE-2023-25564" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25565" id="CVE-2023-25565" title="CVE-2023-25565" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25567" id="CVE-2023-25567" title="CVE-2023-25567" type="cve"></reference>
+          </references>
+          <description>GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0.(CVE-2023-25564)GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0.(CVE-2023-25565)GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.(CVE-2023-25567)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gssntlmssp-debugsource" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debugsource-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-help" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-help-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-debuginfo" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debuginfo-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-devel" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-devel-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-debugsource" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debugsource-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-help" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-help-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-debuginfo" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debuginfo-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-devel" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-devel-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-help" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-help-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-devel" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-devel-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-debuginfo" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debuginfo-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-debugsource" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debugsource-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-help" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-help-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-devel" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-devel-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-debuginfo" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debuginfo-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-debugsource" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debugsource-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1116</id>
+          <title>An update for gssntlmssp is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25564" id="CVE-2023-25564" title="CVE-2023-25564" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25565" id="CVE-2023-25565" title="CVE-2023-25565" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25567" id="CVE-2023-25567" title="CVE-2023-25567" type="cve"></reference>
+          </references>
+          <description>GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0.(CVE-2023-25564)GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0.(CVE-2023-25565)GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.(CVE-2023-25567)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gssntlmssp-debugsource" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debugsource-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-help" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-help-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-debuginfo" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debuginfo-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-devel" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-devel-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-debugsource" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debugsource-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-help" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-help-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-debuginfo" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debuginfo-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gssntlmssp-devel" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-devel-0.7.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-help" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-help-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-devel" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-devel-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-debuginfo" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debuginfo-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-debugsource" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debugsource-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-help" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-help-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-devel" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-devel-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-debuginfo" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debuginfo-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gssntlmssp-debugsource" release="9.ule3" version="0.7.0">
+                         <filename>gssntlmssp-debugsource-0.7.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1118</id>
+          <title>An update for apr is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24963" id="CVE-2022-24963" title="CVE-2022-24963" type="cve"></reference>
+          </references>
+          <description>Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.(CVE-2022-24963)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="apr-debugsource" release="6.ule3" version="1.7.0">
+                         <filename>apr-debugsource-1.7.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="apr" release="6.ule3" version="1.7.0">
+                         <filename>apr-1.7.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="apr-debuginfo" release="6.ule3" version="1.7.0">
+                         <filename>apr-debuginfo-1.7.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="apr-devel" release="6.ule3" version="1.7.0">
+                         <filename>apr-devel-1.7.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="apr-help" release="6.ule3" version="1.7.0">
+                         <filename>apr-help-1.7.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="apr-devel" release="6.ule3" version="1.7.0">
+                         <filename>apr-devel-1.7.0-6.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="apr-debugsource" release="6.ule3" version="1.7.0">
+                         <filename>apr-debugsource-1.7.0-6.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="apr-debuginfo" release="6.ule3" version="1.7.0">
+                         <filename>apr-debuginfo-1.7.0-6.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="apr" release="6.ule3" version="1.7.0">
+                         <filename>apr-1.7.0-6.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="apr-debugsource" release="6.ule3" version="1.7.0">
+                         <filename>apr-debugsource-1.7.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="apr" release="6.ule3" version="1.7.0">
+                         <filename>apr-1.7.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="apr-devel" release="6.ule3" version="1.7.0">
+                         <filename>apr-devel-1.7.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="apr-debuginfo" release="6.ule3" version="1.7.0">
+                         <filename>apr-debuginfo-1.7.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1119</id>
+          <title>An update for pesign is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3560" id="CVE-2022-3560" title="CVE-2022-3560" type="cve"></reference>
+          </references>
+          <description>A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the &#39;pesign&#39; group. However, the script doesn&#39;t check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.(CVE-2022-3560)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="pesign-help" release="6.ule3" version="0.113">
+                         <filename>pesign-help-0.113-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pesign" release="6.ule3" version="0.113">
+                         <filename>pesign-0.113-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pesign-debuginfo" release="6.ule3" version="0.113">
+                         <filename>pesign-debuginfo-0.113-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pesign-debugsource" release="6.ule3" version="0.113">
+                         <filename>pesign-debugsource-0.113-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pesign-debuginfo" release="6.ule3" version="0.113">
+                         <filename>pesign-debuginfo-0.113-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pesign" release="6.ule3" version="0.113">
+                         <filename>pesign-0.113-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pesign-debugsource" release="6.ule3" version="0.113">
+                         <filename>pesign-debugsource-0.113-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pesign-help" release="6.ule3" version="0.113">
+                         <filename>pesign-help-0.113-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1120</id>
+          <title>An update for git is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22490" id="CVE-2023-22490" title="CVE-2023-22490" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23946" id="CVE-2023-23946" title="CVE-2023-23946" type="cve"></reference>
+          </references>
+          <description>Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim&#39;s filesystem within the malicious repository&#39;s working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs.(CVE-2023-22490)Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.(CVE-2023-23946)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="git" release="8.ule3" version="2.33.0">
+                         <filename>git-2.33.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-daemon" release="8.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debuginfo" release="8.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debugsource" release="8.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git" release="8.ule3" version="2.33.0">
+                         <filename>perl-Git-2.33.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-gui" release="8.ule3" version="2.33.0">
+                         <filename>git-gui-2.33.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-svn" release="8.ule3" version="2.33.0">
+                         <filename>git-svn-2.33.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git-SVN" release="8.ule3" version="2.33.0">
+                         <filename>perl-Git-SVN-2.33.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gitk" release="8.ule3" version="2.33.0">
+                         <filename>gitk-2.33.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-help" release="8.ule3" version="2.33.0">
+                         <filename>git-help-2.33.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-web" release="8.ule3" version="2.33.0">
+                         <filename>git-web-2.33.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-email" release="8.ule3" version="2.33.0">
+                         <filename>git-email-2.33.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debuginfo" release="8.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debugsource" release="8.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-daemon" release="8.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git" release="8.ule3" version="2.33.0">
+                         <filename>git-2.33.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1121</id>
+          <title>An update for shim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0286" id="CVE-2023-0286" title="CVE-2023-0286" type="cve"></reference>
+          </references>
+          <description>There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="shim" release="8.ule3" version="15.4">
+                         <filename>shim-15.4-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debugsource" release="8.ule3" version="15.4">
+                         <filename>shim-debugsource-15.4-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debuginfo" release="8.ule3" version="15.4">
+                         <filename>shim-debuginfo-15.4-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shim" release="8.ule3" version="15.4">
+                         <filename>shim-15.4-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1124</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23915" id="CVE-2023-23915" title="CVE-2023-23915" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23914" id="CVE-2023-23914" title="CVE-2023-23914" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23916" id="CVE-2023-23916" title="CVE-2023-23916" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity.(CVE-2023-23915)A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity.(CVE-2023-23914)curl supports &#34;chained&#34; HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable &#34;links&#34; in this &#34;decompression chain&#34; was capped, but the cap was implemented on a per-header basis allowing a malicious server to insert a virtually unlimited number of compression steps simply by using many headers. The use of such a decompression chain could result in a &#34;malloc bomb&#34;, making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.(CVE-2023-23916)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libcurl" release="14.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="14.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl" release="14.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="14.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="14.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="14.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="14.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="14.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="14.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="14.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="14.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1126</id>
+          <title>An update for gnutls is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0361" id="CVE-2023-0361" title="CVE-2023-0361" type="cve"></reference>
+          </references>
+          <description>A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.(CVE-2023-0361)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gnutls-utils" release="7.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debugsource" release="7.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-devel" release="7.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls" release="7.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debuginfo" release="7.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gnutls-help" release="6.ule3" version="3.7.2">
+                         <filename>gnutls-help-3.7.2-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gnutls-help" release="7.ule3" version="3.7.2">
+                         <filename>gnutls-help-3.7.2-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-devel" release="7.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls" release="7.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-utils" release="7.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debugsource" release="7.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debuginfo" release="7.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1127</id>
+          <title>An update for xorg-x11-server is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0494" id="CVE-2023-0494" title="CVE-2023-0494" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.(CVE-2023-0494)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xorg-x11-server-Xnest" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xephyr" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xdmx" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-devel" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-common" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debugsource" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debuginfo" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xvfb" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-help" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-help-1.20.11-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-source" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-source-1.20.11-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-common" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debuginfo" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xnest" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xvfb" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xdmx" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-devel" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xephyr" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debugsource" release="16.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1128</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0801" id="CVE-2023-0801" title="CVE-2023-0801" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0797" id="CVE-2023-0797" title="CVE-2023-0797" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0796" id="CVE-2023-0796" title="CVE-2023-0796" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0799" id="CVE-2023-0799" title="CVE-2023-0799" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0804" id="CVE-2023-0804" title="CVE-2023-0804" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0802" id="CVE-2023-0802" title="CVE-2023-0802" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0795" id="CVE-2023-0795" title="CVE-2023-0795" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0803" id="CVE-2023-0803" title="CVE-2023-0803" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0800" id="CVE-2023-0800" title="CVE-2023-0800" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0798" id="CVE-2023-0798" title="CVE-2023-0798" type="cve"></reference>
+          </references>
+          <description>LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0801)LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0797)LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0796)LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0799)LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0804)LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0802)LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0795)LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0803)LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0800)LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0798)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-devel" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-24.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="24.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-24.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1129</id>
+          <title>An update for less is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-02-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46663" id="CVE-2022-46663" title="CVE-2022-46663" type="cve"></reference>
+          </references>
+          <description>In GNU Less before 609, crafted data can result in &#34;less -R&#34; not filtering ANSI escape sequences sent to the terminal.(CVE-2022-46663)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="less" release="4.ule3" version="590">
+                         <filename>less-590-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="less-debuginfo" release="4.ule3" version="590">
+                         <filename>less-debuginfo-590-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="less-debugsource" release="4.ule3" version="590">
+                         <filename>less-debugsource-590-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="less-help" release="4.ule3" version="590">
+                         <filename>less-help-590-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="less-debugsource" release="4.ule3" version="590">
+                         <filename>less-debugsource-590-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="less" release="4.ule3" version="590">
+                         <filename>less-590-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="less-debuginfo" release="4.ule3" version="590">
+                         <filename>less-debuginfo-590-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1131</id>
+          <title>An update for glibc is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0687" id="CVE-2023-0687" title="CVE-2023-0687" type="cve"></reference>
+          </references>
+          <description>** DISPUTED ** A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It&#39;s basically trusted input or input that needs an actual security flaw to be compromised or controlled.(CVE-2023-0687)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="glibc-locale-archive" release="112.ule3" version="2.34">
+                         <filename>glibc-locale-archive-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc" release="112.ule3" version="2.34">
+                         <filename>glibc-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-debugutils" release="112.ule3" version="2.34">
+                         <filename>glibc-debugutils-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-nss-devel" release="112.ule3" version="2.34">
+                         <filename>glibc-nss-devel-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libnsl" release="112.ule3" version="2.34">
+                         <filename>libnsl-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-debuginfo" release="112.ule3" version="2.34">
+                         <filename>glibc-debuginfo-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nss_modules" release="112.ule3" version="2.34">
+                         <filename>nss_modules-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-devel" release="112.ule3" version="2.34">
+                         <filename>glibc-devel-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-all-langpacks" release="112.ule3" version="2.34">
+                         <filename>glibc-all-langpacks-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-debugsource" release="112.ule3" version="2.34">
+                         <filename>glibc-debugsource-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-locale-source" release="112.ule3" version="2.34">
+                         <filename>glibc-locale-source-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nscd" release="112.ule3" version="2.34">
+                         <filename>nscd-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-common" release="112.ule3" version="2.34">
+                         <filename>glibc-common-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-compat-2.17" release="112.ule3" version="2.34">
+                         <filename>glibc-compat-2.17-2.34-112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="glibc-help" release="112.ule3" version="2.34">
+                         <filename>glibc-help-2.34-112.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-locale-archive" release="112.ule3" version="2.34">
+                         <filename>glibc-locale-archive-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-debugutils" release="112.ule3" version="2.34">
+                         <filename>glibc-debugutils-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-nss-devel" release="112.ule3" version="2.34">
+                         <filename>glibc-nss-devel-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc" release="112.ule3" version="2.34">
+                         <filename>glibc-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-locale-source" release="112.ule3" version="2.34">
+                         <filename>glibc-locale-source-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nss_modules" release="112.ule3" version="2.34">
+                         <filename>nss_modules-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-debugsource" release="112.ule3" version="2.34">
+                         <filename>glibc-debugsource-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-all-langpacks" release="112.ule3" version="2.34">
+                         <filename>glibc-all-langpacks-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libnsl" release="112.ule3" version="2.34">
+                         <filename>libnsl-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-debuginfo" release="112.ule3" version="2.34">
+                         <filename>glibc-debuginfo-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-compat-2.17" release="112.ule3" version="2.34">
+                         <filename>glibc-compat-2.17-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-common" release="112.ule3" version="2.34">
+                         <filename>glibc-common-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nscd" release="112.ule3" version="2.34">
+                         <filename>nscd-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-devel" release="112.ule3" version="2.34">
+                         <filename>glibc-devel-2.34-112.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1132</id>
+          <title>An update for rubygem-activerecord is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44566" id="CVE-2022-44566" title="CVE-2022-44566" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22794" id="CVE-2023-22794" title="CVE-2023-22794" type="cve"></reference>
+          </references>
+          <description>A denial of service vulnerability present in ActiveRecord&#39;s PostgreSQL adapter &lt;7.0.4.1 and &lt;6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.(CVE-2022-44566)A vulnerability in ActiveRecord &lt;6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.(CVE-2023-22794)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="rubygem-activerecord-doc" release="2.ule3" version="6.1.4.1">
+                         <filename>rubygem-activerecord-doc-6.1.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="rubygem-activerecord" release="2.ule3" version="6.1.4.1">
+                         <filename>rubygem-activerecord-6.1.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1134</id>
+          <title>An update for leptonica is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38266" id="CVE-2022-38266" title="CVE-2022-38266" type="cve"></reference>
+          </references>
+          <description>An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.(CVE-2022-38266)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="leptonica-debugsource" release="3.ule3" version="1.79.0">
+                         <filename>leptonica-debugsource-1.79.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="leptonica-tools" release="3.ule3" version="1.79.0">
+                         <filename>leptonica-tools-1.79.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="leptonica" release="3.ule3" version="1.79.0">
+                         <filename>leptonica-1.79.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="leptonica-debuginfo" release="3.ule3" version="1.79.0">
+                         <filename>leptonica-debuginfo-1.79.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="leptonica-devel" release="3.ule3" version="1.79.0">
+                         <filename>leptonica-devel-1.79.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="leptonica-devel" release="3.ule3" version="1.79.0">
+                         <filename>leptonica-devel-1.79.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="leptonica" release="3.ule3" version="1.79.0">
+                         <filename>leptonica-1.79.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="leptonica-tools" release="3.ule3" version="1.79.0">
+                         <filename>leptonica-tools-1.79.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="leptonica-debugsource" release="3.ule3" version="1.79.0">
+                         <filename>leptonica-debugsource-1.79.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="leptonica-debuginfo" release="3.ule3" version="1.79.0">
+                         <filename>leptonica-debuginfo-1.79.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1135</id>
+          <title>An update for edk2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0215" id="CVE-2023-0215" title="CVE-2023-0215" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0286" id="CVE-2023-0286" title="CVE-2023-0286" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0401" id="CVE-2023-0401" title="CVE-2023-0401" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4450" id="CVE-2022-4450" title="CVE-2022-4450" type="cve"></reference>
+          </references>
+          <description>The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.(CVE-2023-0215)There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.(CVE-2023-0401)The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the &#34;name&#34; (e.g. &#34;CERTIFICATE&#34;), any header data and the payload data. If the function succeeds then the &#34;name_out&#34;, &#34;header&#34; and &#34;data&#34; arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.(CVE-2022-4450)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="edk2-debugsource" release="11.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-debuginfo" release="11.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-devel" release="11.ule3" version="202011">
+                         <filename>edk2-devel-202011-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-edk2-devel" release="11.ule3" version="202011">
+                         <filename>python3-edk2-devel-202011-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-aarch64" release="11.ule3" version="202011">
+                         <filename>edk2-aarch64-202011-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-ovmf" release="11.ule3" version="202011">
+                         <filename>edk2-ovmf-202011-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-help" release="11.ule3" version="202011">
+                         <filename>edk2-help-202011-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debugsource" release="11.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debuginfo" release="11.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-devel" release="11.ule3" version="202011">
+                         <filename>edk2-devel-202011-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1136</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24580" id="CVE-2023-24580" title="CVE-2023-24580" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.(CVE-2023-24580)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-django-help" release="4.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-Django" release="4.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1137</id>
+          <title>An update for mujs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44789" id="CVE-2022-44789" title="CVE-2022-44789" type="cve"></reference>
+          </references>
+          <description>A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.(CVE-2022-44789)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mujs-debuginfo" release="3.ule3" version="1.2.0">
+                         <filename>mujs-debuginfo-1.2.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mujs-debugsource" release="3.ule3" version="1.2.0">
+                         <filename>mujs-debugsource-1.2.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mujs-devel" release="3.ule3" version="1.2.0">
+                         <filename>mujs-devel-1.2.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mujs" release="3.ule3" version="1.2.0">
+                         <filename>mujs-1.2.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mujs-devel" release="3.ule3" version="1.2.0">
+                         <filename>mujs-devel-1.2.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mujs-debugsource" release="3.ule3" version="1.2.0">
+                         <filename>mujs-debugsource-1.2.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mujs-debuginfo" release="3.ule3" version="1.2.0">
+                         <filename>mujs-debuginfo-1.2.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mujs" release="3.ule3" version="1.2.0">
+                         <filename>mujs-1.2.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1139</id>
+          <title>An update for epiphany is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26081" id="CVE-2023-26081" title="CVE-2023-26081" type="cve"></reference>
+          </references>
+          <description>In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.(CVE-2023-26081)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="epiphany-debuginfo" release="3.ule3" version="40.6">
+                         <filename>epiphany-debuginfo-40.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="epiphany-debugsource" release="3.ule3" version="40.6">
+                         <filename>epiphany-debugsource-40.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="epiphany-runtime" release="3.ule3" version="40.6">
+                         <filename>epiphany-runtime-40.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="epiphany" release="3.ule3" version="40.6">
+                         <filename>epiphany-40.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany-debuginfo" release="3.ule3" version="40.6">
+                         <filename>epiphany-debuginfo-40.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany-debugsource" release="3.ule3" version="40.6">
+                         <filename>epiphany-debugsource-40.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany" release="3.ule3" version="40.6">
+                         <filename>epiphany-40.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="epiphany-runtime" release="3.ule3" version="40.6">
+                         <filename>epiphany-runtime-40.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1140</id>
+          <title>An update for rubygem-activesupport is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22796" id="CVE-2023-22796" title="CVE-2023-22796" type="cve"></reference>
+          </references>
+          <description>A regular expression based DoS vulnerability in Active Support &lt;6.1.7.1 and &lt;7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.(CVE-2023-22796)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="rubygem-activesupport-doc" release="2.ule3" version="6.1.4.1">
+                         <filename>rubygem-activesupport-doc-6.1.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="rubygem-activesupport" release="2.ule3" version="6.1.4.1">
+                         <filename>rubygem-activesupport-6.1.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1141</id>
+          <title>An update for haproxy is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0056" id="CVE-2023-0056" title="CVE-2023-0056" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25725" id="CVE-2023-25725" title="CVE-2023-25725" type="cve"></reference>
+          </references>
+          <description>Initial description: Router PODs frequently getting restarted and haproxy process is receiving the segfault but it is not generating coredump even though the core file size is unlimited.Upstream bug: https://github.com/haproxy/haproxy/issues/1972(CVE-2023-0056)HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka &#34;request smuggling.&#34; The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.(CVE-2023-25725)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="haproxy-debuginfo" release="3.ule3" version="2.4.8">
+                         <filename>haproxy-debuginfo-2.4.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="haproxy" release="3.ule3" version="2.4.8">
+                         <filename>haproxy-2.4.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="haproxy-debugsource" release="3.ule3" version="2.4.8">
+                         <filename>haproxy-debugsource-2.4.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="haproxy-help" release="3.ule3" version="2.4.8">
+                         <filename>haproxy-help-2.4.8-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy" release="3.ule3" version="2.4.8">
+                         <filename>haproxy-2.4.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy-debuginfo" release="3.ule3" version="2.4.8">
+                         <filename>haproxy-debuginfo-2.4.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy-debugsource" release="3.ule3" version="2.4.8">
+                         <filename>haproxy-debugsource-2.4.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1142</id>
+          <title>An update for nodejs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0215" id="CVE-2023-0215" title="CVE-2023-0215" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0286" id="CVE-2023-0286" title="CVE-2023-0286" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4304" id="CVE-2022-4304" title="CVE-2022-4304" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4450" id="CVE-2022-4450" title="CVE-2022-4450" type="cve"></reference>
+          </references>
+          <description>The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.(CVE-2023-0215)There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.(CVE-2022-4304)The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the &#34;name&#34; (e.g. &#34;CERTIFICATE&#34;), any header data and the payload data. If the function succeeds then the &#34;name_out&#34;, &#34;header&#34; and &#34;data&#34; arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.(CVE-2022-4450)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="nodejs-full-i18n" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-full-i18n-12.22.11-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-debugsource" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-debugsource-12.22.11-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-12.22.11-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-debuginfo" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-debuginfo-12.22.11-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="npm" release="1.12.22.11.4.ule3" version="6.14.16">
+                         <filename>npm-6.14.16-1.12.22.11.4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="v8-devel" release="1.12.22.11.4.ule3" version="7.8.279.23">
+                         <filename>v8-devel-7.8.279.23-1.12.22.11.4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-libs" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-libs-12.22.11-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-devel" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-devel-12.22.11-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="nodejs-docs" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-docs-12.22.11-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-12.22.11-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-debugsource" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-debugsource-12.22.11-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="v8-devel" release="1.12.22.11.4.ule3" version="7.8.279.23">
+                         <filename>v8-devel-7.8.279.23-1.12.22.11.4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-libs" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-libs-12.22.11-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="npm" release="1.12.22.11.4.ule3" version="6.14.16">
+                         <filename>npm-6.14.16-1.12.22.11.4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-debuginfo" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-debuginfo-12.22.11-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-full-i18n" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-full-i18n-12.22.11-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-devel" release="4.ule3" version="12.22.11">
+                         <filename>nodejs-devel-12.22.11-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1144</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0240" id="CVE-2023-0240" title="CVE-2023-0240" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0615" id="CVE-2023-0615" title="CVE-2023-0615" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0045" id="CVE-2023-0045" title="CVE-2023-0045" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33639" id="CVE-2021-33639" title="CVE-2021-33639" type="cve"></reference>
+          </references>
+          <description>There is a logic error in io_uring&#39;s implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161.(CVE-2023-0240)A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled.(CVE-2023-0615)The Linux kernel does not correctly mitigate SMT attacks, as discoveredthrough a strange pattern in the kernel API using STIBP as a mitigation[1&lt;https://docs.kernel.org/userspace-api/spec_ctrl.html&gt;], leaving theprocess exposed for a short period of time after a syscall. The kernel alsodoes not issue an IBPB immediately during the syscall.The ib_prctl_set [2&lt;https://elixir.bootlin.com/linux/v5.15.56/source/arch/x86/kernel/cpu/bugs.c#L1467&gt;]functionupdates the Thread Information Flags (TIFs) for the task and updates theSPEC_CTRL MSR on the function __speculation_ctrl_update [3&lt;https://elixir.bootlin.com/linux/v5.15.56/source/arch/x86/kernel/process.c#L557&gt;],but the IBPB is only issued on the next schedule, when the TIF bits arechecked. This leaves the victim vulnerable to values already injected onthe BTB, prior to the prctl syscall.The behavior is only corrected after a reschedule of the task happens.Furthermore, the kernel entrance (due to the syscall itself), does notissue an IBPB in the default scenarios (i.e., when the kernel protectsitself via retpoline or eIBRS).(CVE-2023-0045)REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified..(CVE-2021-33639)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-devel" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.83.0.107.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.83.0.107.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.83.0.107.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1147</id>
+          <title>An update for containerd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25153" id="CVE-2023-25153" title="CVE-2023-25153" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25173" id="CVE-2023-25173" title="CVE-2023-25173" type="cve"></reference>
+          </references>
+          <description>containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.(CVE-2023-25153)containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd&#39;s client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `&#34;USER $USERNAME&#34;` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [&#34;su&#34;, &#34;-&#34;, &#34;user&#34;]` to allow `su` to properly set up supplementary groups.(CVE-2023-25173)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="containerd" release="310.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-310.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="containerd" release="310.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-310.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1148</id>
+          <title>An update for emacs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-04"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48339" id="CVE-2022-48339" title="CVE-2022-48339" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48338" id="CVE-2022-48338" title="CVE-2022-48338" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48337" id="CVE-2022-48337" title="CVE-2022-48337" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.(CVE-2022-48339)An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.(CVE-2022-48338)GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the &#34;etags -u *&#34; command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.(CVE-2022-48337)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="emacs" release="9.ule3" version="27.2">
+                         <filename>emacs-27.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-debugsource" release="9.ule3" version="27.2">
+                         <filename>emacs-debugsource-27.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-nox" release="9.ule3" version="27.2">
+                         <filename>emacs-nox-27.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-lucid" release="9.ule3" version="27.2">
+                         <filename>emacs-lucid-27.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-debuginfo" release="9.ule3" version="27.2">
+                         <filename>emacs-debuginfo-27.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-devel" release="9.ule3" version="27.2">
+                         <filename>emacs-devel-27.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-common" release="9.ule3" version="27.2">
+                         <filename>emacs-common-27.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-terminal" release="9.ule3" version="27.2">
+                         <filename>emacs-terminal-27.2-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-filesystem" release="9.ule3" version="27.2">
+                         <filename>emacs-filesystem-27.2-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-help" release="9.ule3" version="27.2">
+                         <filename>emacs-help-27.2-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-lucid" release="9.ule3" version="27.2">
+                         <filename>emacs-lucid-27.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-nox" release="9.ule3" version="27.2">
+                         <filename>emacs-nox-27.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-devel" release="9.ule3" version="27.2">
+                         <filename>emacs-devel-27.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs" release="9.ule3" version="27.2">
+                         <filename>emacs-27.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-debuginfo" release="9.ule3" version="27.2">
+                         <filename>emacs-debuginfo-27.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-debugsource" release="9.ule3" version="27.2">
+                         <filename>emacs-debugsource-27.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-common" release="9.ule3" version="27.2">
+                         <filename>emacs-common-27.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1149</id>
+          <title>An update for amanda is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37705" id="CVE-2022-37705" title="CVE-2022-37705" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37704" id="CVE-2022-37704" title="CVE-2022-37704" type="cve"></reference>
+          </references>
+          <description>A flaw was found in Amanda. The `runtar` SUID binary executes /usr/bin/tar as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user &#34;amandabackup&#34; to root.(CVE-2022-37705)A flaw was found in Amanda. The `rundump` SUID binary executes /usr/sbin/dump as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user &#34;amandabackup&#34; to root.(CVE-2022-37704)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="amanda-debuginfo" release="21.ule3" version="3.5.1">
+                         <filename>amanda-debuginfo-3.5.1-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="amanda-debugsource" release="21.ule3" version="3.5.1">
+                         <filename>amanda-debugsource-3.5.1-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="amanda" release="21.ule3" version="3.5.1">
+                         <filename>amanda-3.5.1-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="amanda-help" release="21.ule3" version="3.5.1">
+                         <filename>amanda-help-3.5.1-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="amanda-debuginfo" release="21.ule3" version="3.5.1">
+                         <filename>amanda-debuginfo-3.5.1-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="amanda" release="21.ule3" version="3.5.1">
+                         <filename>amanda-3.5.1-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="amanda-debugsource" release="21.ule3" version="3.5.1">
+                         <filename>amanda-debugsource-3.5.1-21.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1150</id>
+          <title>An update for libreswan is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23009" id="CVE-2023-23009" title="CVE-2023-23009" type="cve"></reference>
+          </references>
+          <description>Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.(CVE-2023-23009)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libreswan-help" release="3.ule3" version="4.5">
+                         <filename>libreswan-help-4.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan-debuginfo" release="3.ule3" version="4.5">
+                         <filename>libreswan-debuginfo-4.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan-debugsource" release="3.ule3" version="4.5">
+                         <filename>libreswan-debugsource-4.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan" release="3.ule3" version="4.5">
+                         <filename>libreswan-4.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="libreswan-debuginfo" release="3.ule3" version="4.5">
+                         <filename>libreswan-debuginfo-4.5-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="libreswan" release="3.ule3" version="4.5">
+                         <filename>libreswan-4.5-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="libreswan-help" release="3.ule3" version="4.5">
+                         <filename>libreswan-help-4.5-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="sw_64" name="libreswan-debugsource" release="3.ule3" version="4.5">
+                         <filename>libreswan-debugsource-4.5-3.ule3.sw_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-help" release="3.ule3" version="4.5">
+                         <filename>libreswan-help-4.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan" release="3.ule3" version="4.5">
+                         <filename>libreswan-4.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-debuginfo" release="3.ule3" version="4.5">
+                         <filename>libreswan-debuginfo-4.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-debugsource" release="3.ule3" version="4.5">
+                         <filename>libreswan-debugsource-4.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1152</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23586" id="CVE-2023-23586" title="CVE-2023-23586" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26607" id="CVE-2023-26607" title="CVE-2023-26607" type="cve"></reference>
+          </references>
+          <description>Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring&#39;s io_worker threads, thus it is possible to insert a time namespace&#39;s vvar page to process&#39;s memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process&#39; memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring(CVE-2023-23586)In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.(CVE-2023-26607)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-headers" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="kernel-tools-devel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1155</id>
+          <title>An update for apache-commons-fileupload is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24998" id="CVE-2023-24998" title="CVE-2023-24998" type="cve"></reference>
+          </references>
+          <description>Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.(CVE-2023-24998)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="apache-commons-fileupload" release="2.ule3" version="1.4">
+                         <filename>apache-commons-fileupload-1.4-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="apache-commons-fileupload-help" release="2.ule3" version="1.4">
+                         <filename>apache-commons-fileupload-help-1.4-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1161</id>
+          <title>An update for httpd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-27522" id="CVE-2023-27522" title="CVE-2023-27522" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25690" id="CVE-2023-25690" title="CVE-2023-25690" type="cve"></reference>
+          </references>
+          <description>HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.(CVE-2023-27522)Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule &#34;^/here/(.*)&#34; &#34;http://example.com:8080/elsewhere?$1&#34;; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.(CVE-2023-25690)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="httpd-debuginfo" release="15.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-tools" release="15.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-debugsource" release="15.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mod_ssl" release="15.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mod_proxy_html" release="15.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_ldap" release="15.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_md" release="15.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd" release="15.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-devel" release="15.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_session" release="15.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-help" release="15.ule3" version="2.4.51">
+                         <filename>httpd-help-2.4.51-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-filesystem" release="15.ule3" version="2.4.51">
+                         <filename>httpd-filesystem-2.4.51-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_proxy_html" release="15.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-devel" release="15.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd" release="15.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debuginfo" release="15.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_ssl" release="15.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_session" release="15.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_md" release="15.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_ldap" release="15.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-tools" release="15.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debugsource" release="15.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1162</id>
+          <title>An update for snakeyaml is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25857" id="CVE-2022-25857" title="CVE-2022-25857" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38749" id="CVE-2022-38749" title="CVE-2022-38749" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38750" id="CVE-2022-38750" title="CVE-2022-38750" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38751" id="CVE-2022-38751" title="CVE-2022-38751" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38752" id="CVE-2022-38752" title="CVE-2022-38752" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41854" id="CVE-2022-41854" title="CVE-2022-41854" type="cve"></reference>
+          </references>
+          <description>The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.(CVE-2022-25857)Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38749)Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38750)Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38751)Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.(CVE-2022-38752)Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.(CVE-2022-41854)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="snakeyaml-javadoc" release="1.ule3" version="1.32">
+                         <filename>snakeyaml-javadoc-1.32-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="snakeyaml" release="1.ule3" version="1.32">
+                         <filename>snakeyaml-1.32-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1168</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1170" id="CVE-2023-1170" title="CVE-2023-1170" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1175" id="CVE-2023-1175" title="CVE-2023-1175" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.(CVE-2023-1170)Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.(CVE-2023-1175)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="11.ule3" version="9.0">
+                         <filename>vim-X11-9.0-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="11.ule3" version="9.0">
+                         <filename>vim-common-9.0-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="11.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="11.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="11.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="11.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="11.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="11.ule3" version="9.0">
+                         <filename>vim-common-9.0-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="11.ule3" version="9.0">
+                         <filename>vim-X11-9.0-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="11.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="11.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="11.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="11.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1169</id>
+          <title>An update for clamav is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-20032" id="CVE-2023-20032" title="CVE-2023-20032" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-20052" id="CVE-2023-20052" title="CVE-2023-20052" type="cve"></reference>
+          </references>
+          <description>On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog [&#34;https://blog.clamav.net/&#34;].(CVE-2023-20032)On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.(CVE-2023-20052)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="clamav-help" release="1.ule3" version="0.103.8">
+                         <filename>clamav-help-0.103.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamd" release="1.ule3" version="0.103.8">
+                         <filename>clamd-0.103.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-update" release="1.ule3" version="0.103.8">
+                         <filename>clamav-update-0.103.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-debugsource" release="1.ule3" version="0.103.8">
+                         <filename>clamav-debugsource-0.103.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-devel" release="1.ule3" version="0.103.8">
+                         <filename>clamav-devel-0.103.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-milter" release="1.ule3" version="0.103.8">
+                         <filename>clamav-milter-0.103.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-debuginfo" release="1.ule3" version="0.103.8">
+                         <filename>clamav-debuginfo-0.103.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav" release="1.ule3" version="0.103.8">
+                         <filename>clamav-0.103.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="clamav-data" release="1.ule3" version="0.103.8">
+                         <filename>clamav-data-0.103.8-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="clamav-filesystem" release="1.ule3" version="0.103.8">
+                         <filename>clamav-filesystem-0.103.8-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-help" release="1.ule3" version="0.103.8">
+                         <filename>clamav-help-0.103.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-debugsource" release="1.ule3" version="0.103.8">
+                         <filename>clamav-debugsource-0.103.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-devel" release="1.ule3" version="0.103.8">
+                         <filename>clamav-devel-0.103.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-update" release="1.ule3" version="0.103.8">
+                         <filename>clamav-update-0.103.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamd" release="1.ule3" version="0.103.8">
+                         <filename>clamd-0.103.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-milter" release="1.ule3" version="0.103.8">
+                         <filename>clamav-milter-0.103.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav" release="1.ule3" version="0.103.8">
+                         <filename>clamav-0.103.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-debuginfo" release="1.ule3" version="0.103.8">
+                         <filename>clamav-debuginfo-0.103.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1170</id>
+          <title>An update for glusterfs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26253" id="CVE-2023-26253" title="CVE-2023-26253" type="cve"></reference>
+          </references>
+          <description>In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.(CVE-2023-26253)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libgfapi-devel" release="8.ule3" version="10.0">
+                         <filename>libgfapi-devel-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfrpc-devel" release="8.ule3" version="10.0">
+                         <filename>libgfrpc-devel-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libglusterfs0" release="8.ule3" version="10.0">
+                         <filename>libglusterfs0-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-help" release="8.ule3" version="10.0">
+                         <filename>glusterfs-help-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-geo-replication" release="8.ule3" version="10.0">
+                         <filename>glusterfs-geo-replication-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-server" release="8.ule3" version="10.0">
+                         <filename>glusterfs-server-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfapi0" release="8.ule3" version="10.0">
+                         <filename>libgfapi0-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfxdr-devel" release="8.ule3" version="10.0">
+                         <filename>libgfxdr-devel-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libglusterd0" release="8.ule3" version="10.0">
+                         <filename>libglusterd0-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-debugsource" release="8.ule3" version="10.0">
+                         <filename>glusterfs-debugsource-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-cli" release="8.ule3" version="10.0">
+                         <filename>glusterfs-cli-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-fuse" release="8.ule3" version="10.0">
+                         <filename>glusterfs-fuse-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-gluster" release="8.ule3" version="10.0">
+                         <filename>python3-gluster-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libglusterfs-devel" release="8.ule3" version="10.0">
+                         <filename>libglusterfs-devel-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs" release="8.ule3" version="10.0">
+                         <filename>glusterfs-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-debuginfo" release="8.ule3" version="10.0">
+                         <filename>glusterfs-debuginfo-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-thin-arbiter" release="8.ule3" version="10.0">
+                         <filename>glusterfs-thin-arbiter-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfchangelog-devel" release="8.ule3" version="10.0">
+                         <filename>libgfchangelog-devel-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-extra-xlators" release="8.ule3" version="10.0">
+                         <filename>glusterfs-extra-xlators-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-events" release="8.ule3" version="10.0">
+                         <filename>glusterfs-events-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-client-xlators" release="8.ule3" version="10.0">
+                         <filename>glusterfs-client-xlators-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-cloudsync-plugins" release="8.ule3" version="10.0">
+                         <filename>glusterfs-cloudsync-plugins-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfxdr0" release="8.ule3" version="10.0">
+                         <filename>libgfxdr0-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfrpc0" release="8.ule3" version="10.0">
+                         <filename>libgfrpc0-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfchangelog0" release="8.ule3" version="10.0">
+                         <filename>libgfchangelog0-10.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="glusterfs-resource-agents" release="8.ule3" version="10.0">
+                         <filename>glusterfs-resource-agents-10.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-cloudsync-plugins" release="8.ule3" version="10.0">
+                         <filename>glusterfs-cloudsync-plugins-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libglusterd0" release="8.ule3" version="10.0">
+                         <filename>libglusterd0-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-gluster" release="8.ule3" version="10.0">
+                         <filename>python3-gluster-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-help" release="8.ule3" version="10.0">
+                         <filename>glusterfs-help-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfchangelog0" release="8.ule3" version="10.0">
+                         <filename>libgfchangelog0-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libglusterfs-devel" release="8.ule3" version="10.0">
+                         <filename>libglusterfs-devel-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfchangelog-devel" release="8.ule3" version="10.0">
+                         <filename>libgfchangelog-devel-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfrpc0" release="8.ule3" version="10.0">
+                         <filename>libgfrpc0-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfapi0" release="8.ule3" version="10.0">
+                         <filename>libgfapi0-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-server" release="8.ule3" version="10.0">
+                         <filename>glusterfs-server-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-geo-replication" release="8.ule3" version="10.0">
+                         <filename>glusterfs-geo-replication-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-cli" release="8.ule3" version="10.0">
+                         <filename>glusterfs-cli-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-fuse" release="8.ule3" version="10.0">
+                         <filename>glusterfs-fuse-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfxdr-devel" release="8.ule3" version="10.0">
+                         <filename>libgfxdr-devel-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs" release="8.ule3" version="10.0">
+                         <filename>glusterfs-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libglusterfs0" release="8.ule3" version="10.0">
+                         <filename>libglusterfs0-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-debugsource" release="8.ule3" version="10.0">
+                         <filename>glusterfs-debugsource-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-extra-xlators" release="8.ule3" version="10.0">
+                         <filename>glusterfs-extra-xlators-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfxdr0" release="8.ule3" version="10.0">
+                         <filename>libgfxdr0-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-thin-arbiter" release="8.ule3" version="10.0">
+                         <filename>glusterfs-thin-arbiter-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-debuginfo" release="8.ule3" version="10.0">
+                         <filename>glusterfs-debuginfo-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfapi-devel" release="8.ule3" version="10.0">
+                         <filename>libgfapi-devel-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-client-xlators" release="8.ule3" version="10.0">
+                         <filename>glusterfs-client-xlators-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-events" release="8.ule3" version="10.0">
+                         <filename>glusterfs-events-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfrpc-devel" release="8.ule3" version="10.0">
+                         <filename>libgfrpc-devel-10.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1171</id>
+          <title>An update for libmicrohttpd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-27371" id="CVE-2023-27371" title="CVE-2023-27371" type="cve"></reference>
+          </references>
+          <description>GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more &#39;\0&#39; bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.(CVE-2023-27371)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="libmicrohttpd-devel" release="2.ule3" version="0.9.75">
+                         <filename>libmicrohttpd-devel-0.9.75-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="libmicrohttpd-debuginfo" release="2.ule3" version="0.9.75">
+                         <filename>libmicrohttpd-debuginfo-0.9.75-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="libmicrohttpd-debugsource" release="2.ule3" version="0.9.75">
+                         <filename>libmicrohttpd-debugsource-0.9.75-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="libmicrohttpd" release="2.ule3" version="0.9.75">
+                         <filename>libmicrohttpd-0.9.75-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="libmicrohttpd-help" release="2.ule3" version="0.9.75">
+                         <filename>libmicrohttpd-help-0.9.75-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libmicrohttpd" release="2.ule3" version="0.9.75">
+                         <filename>libmicrohttpd-0.9.75-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libmicrohttpd-debuginfo" release="2.ule3" version="0.9.75">
+                         <filename>libmicrohttpd-debuginfo-0.9.75-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libmicrohttpd-debugsource" release="2.ule3" version="0.9.75">
+                         <filename>libmicrohttpd-debugsource-0.9.75-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libmicrohttpd-devel" release="2.ule3" version="0.9.75">
+                         <filename>libmicrohttpd-devel-0.9.75-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1172</id>
+          <title>An update for sudo is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-27320" id="CVE-2023-27320" title="CVE-2023-27320" type="cve"></reference>
+          </references>
+          <description>Sudo before 1.9.13p2 has a double free in the per-command chroot feature.(CVE-2023-27320)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sudo-devel" release="10.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debugsource" release="10.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo" release="10.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debuginfo" release="10.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sudo-help" release="10.ule3" version="1.9.8p2">
+                         <filename>sudo-help-1.9.8p2-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-devel" release="10.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debugsource" release="10.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debuginfo" release="10.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo" release="10.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1176</id>
+          <title>An update for future is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40899" id="CVE-2022-40899" title="CVE-2022-40899" type="cve"></reference>
+          </references>
+          <description>An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.(CVE-2022-40899)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-future" release="2.ule3" version="0.18.2">
+                         <filename>python3-future-0.18.2-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1177</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-20938" id="CVE-2023-20938" title="CVE-2023-20938" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0461" id="CVE-2023-0461" title="CVE-2023-0461" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1075" id="CVE-2023-1075" title="CVE-2023-1075" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1078" id="CVE-2023-1078" title="CVE-2023-1078" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1076" id="CVE-2023-1076" title="CVE-2023-1076" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22995" id="CVE-2023-22995" title="CVE-2023-22995" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1118" id="CVE-2023-1118" title="CVE-2023-1118" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26545" id="CVE-2023-26545" title="CVE-2023-26545" type="cve"></reference>
+          </references>
+          <description>In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel(CVE-2023-20938)There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c(CVE-2023-0461)A flaw in the Linux Kernel found. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec-&gt;tx_ready.Reference:https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ffe2a22562444720b05bdfeb999c03e810d84cbb(CVE-2023-1075)A flaw found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user.It is known how to trigger this, which causes an OOB access, and a lock corruption.Reference:https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d(CVE-2023-1078)A flaw found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function.While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability.This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.References:https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=66b2c338adce580dfce2199591e65e2bab889cffhttps://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a096ccca6e503a5c575717ff8a36ace27510ab0a(CVE-2023-1076)In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.(CVE-2023-22995)A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.(CVE-2023-1118)In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.(CVE-2023-26545)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.84.0.108.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="kernel-source" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.84.0.108.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.84.0.108.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1179</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1264" id="CVE-2023-1264" title="CVE-2023-1264" type="cve"></reference>
+          </references>
+          <description>NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.(CVE-2023-1264)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="12.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="12.ule3" version="9.0">
+                         <filename>vim-common-9.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="12.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="12.ule3" version="9.0">
+                         <filename>vim-X11-9.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="12.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="12.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="12.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="12.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="12.ule3" version="9.0">
+                         <filename>vim-common-9.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="12.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="12.ule3" version="9.0">
+                         <filename>vim-X11-9.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="12.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="12.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1183</id>
+          <title>An update for poppler is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27337" id="CVE-2022-27337" title="CVE-2022-27337" type="cve"></reference>
+          </references>
+          <description>A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.(CVE-2022-27337)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="poppler" release="4.ule3" version="0.90.0">
+                         <filename>poppler-0.90.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-debugsource" release="4.ule3" version="0.90.0">
+                         <filename>poppler-debugsource-0.90.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-debuginfo" release="4.ule3" version="0.90.0">
+                         <filename>poppler-debuginfo-0.90.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-cpp-devel" release="4.ule3" version="0.90.0">
+                         <filename>poppler-cpp-devel-0.90.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-qt5-devel" release="4.ule3" version="0.90.0">
+                         <filename>poppler-qt5-devel-0.90.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-devel" release="4.ule3" version="0.90.0">
+                         <filename>poppler-devel-0.90.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-utils" release="4.ule3" version="0.90.0">
+                         <filename>poppler-utils-0.90.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-cpp" release="4.ule3" version="0.90.0">
+                         <filename>poppler-cpp-0.90.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-glib-devel" release="4.ule3" version="0.90.0">
+                         <filename>poppler-glib-devel-0.90.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-glib" release="4.ule3" version="0.90.0">
+                         <filename>poppler-glib-0.90.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-qt5" release="4.ule3" version="0.90.0">
+                         <filename>poppler-qt5-0.90.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="poppler-glib-doc" release="4.ule3" version="0.90.0">
+                         <filename>poppler-glib-doc-0.90.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="poppler-help" release="4.ule3" version="0.90.0">
+                         <filename>poppler-help-0.90.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler" release="4.ule3" version="0.90.0">
+                         <filename>poppler-0.90.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-qt5" release="4.ule3" version="0.90.0">
+                         <filename>poppler-qt5-0.90.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-debugsource" release="4.ule3" version="0.90.0">
+                         <filename>poppler-debugsource-0.90.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-cpp" release="4.ule3" version="0.90.0">
+                         <filename>poppler-cpp-0.90.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-qt5-devel" release="4.ule3" version="0.90.0">
+                         <filename>poppler-qt5-devel-0.90.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-glib" release="4.ule3" version="0.90.0">
+                         <filename>poppler-glib-0.90.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-utils" release="4.ule3" version="0.90.0">
+                         <filename>poppler-utils-0.90.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-glib-devel" release="4.ule3" version="0.90.0">
+                         <filename>poppler-glib-devel-0.90.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-debuginfo" release="4.ule3" version="0.90.0">
+                         <filename>poppler-debuginfo-0.90.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-devel" release="4.ule3" version="0.90.0">
+                         <filename>poppler-devel-0.90.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-cpp-devel" release="4.ule3" version="0.90.0">
+                         <filename>poppler-cpp-devel-0.90.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1184</id>
+          <title>An update for redis is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-31"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36021" id="CVE-2022-36021" title="CVE-2022-36021" type="cve"></reference>
+          </references>
+          <description>Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.(CVE-2022-36021)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="redis" release="4.ule3" version="4.0.14">
+                         <filename>redis-4.0.14-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis-debuginfo" release="4.ule3" version="4.0.14">
+                         <filename>redis-debuginfo-4.0.14-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis-debugsource" release="4.ule3" version="4.0.14">
+                         <filename>redis-debugsource-4.0.14-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis" release="4.ule3" version="4.0.14">
+                         <filename>redis-4.0.14-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis-debugsource" release="4.ule3" version="4.0.14">
+                         <filename>redis-debugsource-4.0.14-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis-debuginfo" release="4.ule3" version="4.0.14">
+                         <filename>redis-debuginfo-4.0.14-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1185</id>
+          <title>An update for emacs is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-31"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28617" id="CVE-2023-28617" title="CVE-2023-28617" type="cve"></reference>
+          </references>
+          <description>org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.(CVE-2023-28617)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="emacs-common" release="10.ule3" version="27.2">
+                         <filename>emacs-common-27.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-nox" release="10.ule3" version="27.2">
+                         <filename>emacs-nox-27.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-debuginfo" release="10.ule3" version="27.2">
+                         <filename>emacs-debuginfo-27.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-debugsource" release="10.ule3" version="27.2">
+                         <filename>emacs-debugsource-27.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs" release="10.ule3" version="27.2">
+                         <filename>emacs-27.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-lucid" release="10.ule3" version="27.2">
+                         <filename>emacs-lucid-27.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-devel" release="10.ule3" version="27.2">
+                         <filename>emacs-devel-27.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-help" release="10.ule3" version="27.2">
+                         <filename>emacs-help-27.2-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-terminal" release="10.ule3" version="27.2">
+                         <filename>emacs-terminal-27.2-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-filesystem" release="10.ule3" version="27.2">
+                         <filename>emacs-filesystem-27.2-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-nox" release="10.ule3" version="27.2">
+                         <filename>emacs-nox-27.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs" release="10.ule3" version="27.2">
+                         <filename>emacs-27.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-debuginfo" release="10.ule3" version="27.2">
+                         <filename>emacs-debuginfo-27.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-devel" release="10.ule3" version="27.2">
+                         <filename>emacs-devel-27.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-common" release="10.ule3" version="27.2">
+                         <filename>emacs-common-27.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-lucid" release="10.ule3" version="27.2">
+                         <filename>emacs-lucid-27.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-debugsource" release="10.ule3" version="27.2">
+                         <filename>emacs-debugsource-27.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1186</id>
+          <title>An update for libfastjson is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-31"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-12762" id="CVE-2020-12762" title="CVE-2020-12762" type="cve"></reference>
+          </references>
+          <description>json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.(CVE-2020-12762)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libfastjson" release="3.ule3" version="0.99.9">
+                         <filename>libfastjson-0.99.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libfastjson-debuginfo" release="3.ule3" version="0.99.9">
+                         <filename>libfastjson-debuginfo-0.99.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libfastjson-devel" release="3.ule3" version="0.99.9">
+                         <filename>libfastjson-devel-0.99.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libfastjson-debugsource" release="3.ule3" version="0.99.9">
+                         <filename>libfastjson-debugsource-0.99.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libfastjson-debugsource" release="3.ule3" version="0.99.9">
+                         <filename>libfastjson-debugsource-0.99.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libfastjson" release="3.ule3" version="0.99.9">
+                         <filename>libfastjson-0.99.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libfastjson-debuginfo" release="3.ule3" version="0.99.9">
+                         <filename>libfastjson-debuginfo-0.99.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libfastjson-devel" release="3.ule3" version="0.99.9">
+                         <filename>libfastjson-devel-0.99.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1188</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-31"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-27672" id="CVE-2022-27672" title="CVE-2022-27672" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1079" id="CVE-2023-1079" title="CVE-2023-1079" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23004" id="CVE-2023-23004" title="CVE-2023-23004" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1249" id="CVE-2023-1249" title="CVE-2023-1249" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1382" id="CVE-2023-1382" title="CVE-2023-1382" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28466" id="CVE-2023-28466" title="CVE-2023-28466" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48424" id="CVE-2022-48424" title="CVE-2022-48424" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48423" id="CVE-2022-48423" title="CVE-2022-48423" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48425" id="CVE-2022-48425" title="CVE-2022-48425" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1281" id="CVE-2023-1281" title="CVE-2023-1281" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22999" id="CVE-2023-22999" title="CVE-2023-22999" type="cve"></reference>
+          </references>
+          <description>When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.(CVE-2022-27672)A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.(CVE-2023-1079)In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).(CVE-2023-23004)A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 (&#34;coredump: Use the vma snapshot in fill_files_note&#34;) not applied yet, then kernel could be affected.(CVE-2023-1249)Kernel: denial of service in tipc_conn_close(CVE-2023-1382)do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).(CVE-2023-28466)In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.(CVE-2022-48424)In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.(CVE-2022-48423)In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.(CVE-2022-48425)Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when &#39;tcf_exts_exec()&#39; is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.(CVE-2023-1281)In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).(CVE-2023-22999)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bpftool" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="perf-debuginfo" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.87.0.111.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.87.0.111.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.87.0.111.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1189</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-31"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1161" id="CVE-2023-1161" title="CVE-2023-1161" type="cve"></reference>
+          </references>
+          <description>ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file(CVE-2023-1161)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="2.ule3" version="3.6.11">
+                         <filename>wireshark-debuginfo-3.6.11-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="2.ule3" version="3.6.11">
+                         <filename>wireshark-devel-3.6.11-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="2.ule3" version="3.6.11">
+                         <filename>wireshark-3.6.11-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="2.ule3" version="3.6.11">
+                         <filename>wireshark-help-3.6.11-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="2.ule3" version="3.6.11">
+                         <filename>wireshark-debugsource-3.6.11-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="2.ule3" version="3.6.11">
+                         <filename>wireshark-help-3.6.11-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="2.ule3" version="3.6.11">
+                         <filename>wireshark-debuginfo-3.6.11-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="2.ule3" version="3.6.11">
+                         <filename>wireshark-debugsource-3.6.11-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="2.ule3" version="3.6.11">
+                         <filename>wireshark-3.6.11-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="2.ule3" version="3.6.11">
+                         <filename>wireshark-devel-3.6.11-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1191</id>
+          <title>An update for liblouis is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-31"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26769" id="CVE-2023-26769" title="CVE-2023-26769" type="cve"></reference>
+          </references>
+          <description>Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.(CVE-2023-26769)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="liblouis-utils" release="5.ule3" version="3.7.0">
+                         <filename>liblouis-utils-3.7.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="liblouis" release="5.ule3" version="3.7.0">
+                         <filename>liblouis-3.7.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="liblouis-debugsource" release="5.ule3" version="3.7.0">
+                         <filename>liblouis-debugsource-3.7.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="liblouis-debuginfo" release="5.ule3" version="3.7.0">
+                         <filename>liblouis-debuginfo-3.7.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="liblouis-devel" release="5.ule3" version="3.7.0">
+                         <filename>liblouis-devel-3.7.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-louis" release="5.ule3" version="3.7.0">
+                         <filename>python3-louis-3.7.0-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="liblouis-help" release="5.ule3" version="3.7.0">
+                         <filename>liblouis-help-3.7.0-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblouis-debugsource" release="5.ule3" version="3.7.0">
+                         <filename>liblouis-debugsource-3.7.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblouis-devel" release="5.ule3" version="3.7.0">
+                         <filename>liblouis-devel-3.7.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblouis-debuginfo" release="5.ule3" version="3.7.0">
+                         <filename>liblouis-debuginfo-3.7.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblouis-utils" release="5.ule3" version="3.7.0">
+                         <filename>liblouis-utils-3.7.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblouis" release="5.ule3" version="3.7.0">
+                         <filename>liblouis-3.7.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1192</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-31"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41723" id="CVE-2022-41723" title="CVE-2022-41723" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41724" id="CVE-2022-41724" title="CVE-2022-41724" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41725" id="CVE-2022-41725" title="CVE-2022-41725" type="cve"></reference>
+          </references>
+          <description>A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723)Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth &gt;= RequestClientCert).(CVE-2022-41724)A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing &#34;up to maxMemory bytes +10MB (reserved for non-file parts) in memory&#34;. File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type&#39;s documentation states, &#34;If stored on disk, the File&#39;s underlying concrete type will be an *os.File.&#34;. This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.(CVE-2022-41725)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="15.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="15.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="15.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="15.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1196</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-03-31"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-27535" id="CVE-2023-27535" title="CVE-2023-27535" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-27538" id="CVE-2023-27538" title="CVE-2023-27538" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-27536" id="CVE-2023-27536" title="CVE-2023-27536" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-27533" id="CVE-2023-27533" title="CVE-2023-27533" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-27534" id="CVE-2023-27534" title="CVE-2023-27534" type="cve"></reference>
+          </references>
+          <description>libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The settings in questions are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.(CVE-2023-27535)libcurl would reuse a previously created connection even when an SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, two SSH settings were left out from the configuration match checks, making them match too easily.(CVE-2023-27538)libcurl would reuse a previously created connection even when the GSS delegation (`CURLOPT_GSSAPI_DELEGATION`) option had been changed that could have changed the user&#39;s permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.(CVE-2023-27536)curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and &#34;telnet options&#34; for the servernegotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on user name and telnet options to the server as provided. This could allow users to pass in carefully crafted content that pass on content or do option negotiation without the application intending to do so. In particular if an application for example allows users to provide the data or parts of the data.(CVE-2023-27533)curl supports SFTP transfers. curl&#39;s SFTP implementation offers a special feature in the path component of URLs: a tilde (`~`) character as the firstpath element in the path to denotes a path relative to the user&#39;s home directory. This is supported because of wording in the [once proposedto-become RFC draft](https://datatracker.ietf.org/doc/html/draft-ietf-secsh-scp-sftp-ssh-uri-04) that was to dictate how SFTP URLs work. Due to a bug, the handling of the tilde in SFTP path did however not only replace it when it is used stand-alone as the first path element but also wrongly when used as a mere prefix in the first element. Using a path like `/~2/foo` when accessing a server using the user `dan` (with home directory `/home/dan`) would then quite suprisingly access the file `/home/dan2/foo`. This can be taken advantage of to circumvent filtering or worse.(CVE-2023-27534)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libcurl-devel" release="15.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="15.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="15.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="15.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl" release="15.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="15.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="15.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="15.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="15.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="15.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="15.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1199</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0266" id="CVE-2023-0266" title="CVE-2023-0266" type="cve"></reference>
+          </references>
+          <description>A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e(CVE-2023-0266)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-source" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-tools-devel" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.88.0.112.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.88.0.112.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.88.0.112.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1202</id>
+          <title>An update for undertow is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-07"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1108" id="CVE-2023-1108" title="CVE-2023-1108" type="cve"></reference>
+          </references>
+          <description>A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.(CVE-2023-1108)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="undertow" release="5.ule3" version="1.4.0">
+                         <filename>undertow-1.4.0-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="undertow-javadoc" release="5.ule3" version="1.4.0">
+                         <filename>undertow-javadoc-1.4.0-5.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1205</id>
+          <title>An update for sudo is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28487" id="CVE-2023-28487" title="CVE-2023-28487" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28486" id="CVE-2023-28486" title="CVE-2023-28486" type="cve"></reference>
+          </references>
+          <description>Sudo before 1.9.13 does not escape control characters in sudoreplay output.(CVE-2023-28487)Sudo before 1.9.13 does not escape control characters in log messages.(CVE-2023-28486)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sudo-debuginfo" release="11.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-devel" release="11.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo" release="11.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debugsource" release="11.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sudo-help" release="11.ule3" version="1.9.8p2">
+                         <filename>sudo-help-1.9.8p2-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debuginfo" release="11.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo" release="11.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-devel" release="11.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debugsource" release="11.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1206</id>
+          <title>An update for glib2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25180" id="CVE-2023-25180" title="CVE-2023-25180" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24593" id="CVE-2023-24593" title="CVE-2023-24593" type="cve"></reference>
+          </references>
+          <description>glib: DoS caused by malicious serialised variant(CVE-2023-25180)glib: DoS caused by handling a malicious text-form variant(CVE-2023-24593)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="glib2" release="17.ule3" version="2.68.1">
+                         <filename>glib2-2.68.1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glib2-debugsource" release="17.ule3" version="2.68.1">
+                         <filename>glib2-debugsource-2.68.1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glib2-devel" release="17.ule3" version="2.68.1">
+                         <filename>glib2-devel-2.68.1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glib2-debuginfo" release="17.ule3" version="2.68.1">
+                         <filename>glib2-debuginfo-2.68.1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="glib2-help" release="17.ule3" version="2.68.1">
+                         <filename>glib2-help-2.68.1-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glib2" release="17.ule3" version="2.68.1">
+                         <filename>glib2-2.68.1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glib2-debugsource" release="17.ule3" version="2.68.1">
+                         <filename>glib2-debugsource-2.68.1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glib2-debuginfo" release="17.ule3" version="2.68.1">
+                         <filename>glib2-debuginfo-2.68.1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glib2-devel" release="17.ule3" version="2.68.1">
+                         <filename>glib2-devel-2.68.1-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1207</id>
+          <title>An update for openssl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0464" id="CVE-2023-0464" title="CVE-2023-0464" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0465" id="CVE-2023-0465" title="CVE-2023-0465" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0466" id="CVE-2023-0466" title="CVE-2023-0466" type="cve"></reference>
+          </references>
+          <description>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy&#39; argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()&#39; function.(CVE-2023-0464)Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy&#39; argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()&#39; function.(CVE-2023-0465)The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.(CVE-2023-0466)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="openssl" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-libs" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debuginfo" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debugsource" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-perl" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-devel" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="openssl-help" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-help-1.1.1m-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-perl" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debuginfo" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-libs" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debugsource" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-devel" release="19.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1208</id>
+          <title>An update for hdf5 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-14031" id="CVE-2018-14031" title="CVE-2018-14031" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-16438" id="CVE-2018-16438" title="CVE-2018-16438" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.(CVE-2018-14031)An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.(CVE-2018-16438)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="hdf5-debugsource" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-debugsource-1.8.20-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-devel" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-devel-1.8.20-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-mpich-devel" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-mpich-devel-1.8.20-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-debuginfo" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-debuginfo-1.8.20-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-mpich-static" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-mpich-static-1.8.20-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-mpich" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-mpich-1.8.20-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-openmpi-static" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-openmpi-static-1.8.20-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-openmpi-devel" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-openmpi-devel-1.8.20-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-openmpi" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-openmpi-1.8.20-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-1.8.20-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-mpich-devel" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-mpich-devel-1.8.20-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-1.8.20-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-mpich-static" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-mpich-static-1.8.20-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-mpich" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-mpich-1.8.20-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-openmpi" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-openmpi-1.8.20-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-debugsource" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-debugsource-1.8.20-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-devel" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-devel-1.8.20-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-debuginfo" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-debuginfo-1.8.20-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-openmpi-static" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-openmpi-static-1.8.20-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-openmpi-devel" release="17.ule3" version="1.8.20">
+                         <filename>hdf5-openmpi-devel-1.8.20-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1210</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29901" id="CVE-2022-29901" title="CVE-2022-29901" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4269" id="CVE-2022-4269" title="CVE-2022-4269" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28327" id="CVE-2023-28327" title="CVE-2023-28327" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28328" id="CVE-2023-28328" title="CVE-2023-28328" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1380" id="CVE-2023-1380" title="CVE-2023-1380" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1513" id="CVE-2023-1513" title="CVE-2023-1513" type="cve"></reference>
+          </references>
+          <description>Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.(CVE-2022-29901)A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action &#34;mirred&#34;) a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.(CVE-2022-4269)A null pointer dereference issue was found in the unix protocol in net/unix/diag.c in Linux before 6.0. In unix_diag_get_exact, the newly allocated skb does not have sk, leading to null pointer. A local user could use this flaw to crash the system or potentially cause a denial of service.Reference:https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/https://lore.kernel.org/netdev/20221127012412.37969-3-kuniyu@amazon.com/T/(CVE-2023-28327)Kernel: A denial of service issue in  az6027 driver indrivers/media/usb/dev-usb/az6027.c(CVE-2023-28328)A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info-&gt;req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.(CVE-2023-1380)A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.(CVE-2023-1513)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-devel" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.89.0.113.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.89.0.113.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.89.0.113.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1214</id>
+          <title>An update for zstd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4899" id="CVE-2022-4899" title="CVE-2022-4899" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.(CVE-2022-4899)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="zstd-debugsource" release="4.ule3" version="1.5.0">
+                         <filename>zstd-debugsource-1.5.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zstd-devel" release="4.ule3" version="1.5.0">
+                         <filename>zstd-devel-1.5.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zstd-debuginfo" release="4.ule3" version="1.5.0">
+                         <filename>zstd-debuginfo-1.5.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zstd" release="4.ule3" version="1.5.0">
+                         <filename>zstd-1.5.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="zstd-help" release="4.ule3" version="1.5.0">
+                         <filename>zstd-help-1.5.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zstd-devel" release="4.ule3" version="1.5.0">
+                         <filename>zstd-devel-1.5.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zstd-debuginfo" release="4.ule3" version="1.5.0">
+                         <filename>zstd-debuginfo-1.5.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zstd" release="4.ule3" version="1.5.0">
+                         <filename>zstd-1.5.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zstd-debugsource" release="4.ule3" version="1.5.0">
+                         <filename>zstd-debugsource-1.5.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1221</id>
+          <title>An update for libldb is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0614" id="CVE-2023-0614" title="CVE-2023-0614" type="cve"></reference>
+          </references>
+          <description>The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.(CVE-2023-0614)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libldb" release="3.ule3" version="2.4.1">
+                         <filename>libldb-2.4.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libldb-devel" release="3.ule3" version="2.4.1">
+                         <filename>libldb-devel-2.4.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libldb-debugsource" release="3.ule3" version="2.4.1">
+                         <filename>libldb-debugsource-2.4.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-ldb" release="3.ule3" version="2.4.1">
+                         <filename>python3-ldb-2.4.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-ldb-devel-common" release="3.ule3" version="2.4.1">
+                         <filename>python-ldb-devel-common-2.4.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-ldb-devel" release="3.ule3" version="2.4.1">
+                         <filename>python3-ldb-devel-2.4.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libldb-debuginfo" release="3.ule3" version="2.4.1">
+                         <filename>libldb-debuginfo-2.4.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libldb-help" release="3.ule3" version="2.4.1">
+                         <filename>libldb-help-2.4.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libldb-devel" release="3.ule3" version="2.4.1">
+                         <filename>libldb-devel-2.4.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-ldb" release="3.ule3" version="2.4.1">
+                         <filename>python3-ldb-2.4.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-ldb-devel-common" release="3.ule3" version="2.4.1">
+                         <filename>python-ldb-devel-common-2.4.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libldb" release="3.ule3" version="2.4.1">
+                         <filename>libldb-2.4.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libldb-debuginfo" release="3.ule3" version="2.4.1">
+                         <filename>libldb-debuginfo-2.4.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libldb-debugsource" release="3.ule3" version="2.4.1">
+                         <filename>libldb-debugsource-2.4.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-ldb-devel" release="3.ule3" version="2.4.1">
+                         <filename>python3-ldb-devel-2.4.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1224</id>
+          <title>An update for json-smart is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1370" id="CVE-2023-1370" title="CVE-2023-1370" type="cve"></reference>
+          </references>
+          <description>[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.(CVE-2023-1370)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="json-smart" release="2.ule3" version="2.2">
+                         <filename>json-smart-2.2-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="json-smart-javadoc" release="2.ule3" version="2.2">
+                         <filename>json-smart-javadoc-2.2-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1226</id>
+          <title>An update for ruby is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28756" id="CVE-2023-28756" title="CVE-2023-28756" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28755" id="CVE-2023-28755" title="CVE-2023-28755" type="cve"></reference>
+          </references>
+          <description>A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.(CVE-2023-28756)A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.(CVE-2023-28755)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ruby-devel" release="129.ule3" version="3.0.3">
+                         <filename>ruby-devel-3.0.3-129.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-openssl" release="129.ule3" version="2.2.1">
+                         <filename>rubygem-openssl-2.2.1-129.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-bigdecimal" release="129.ule3" version="3.0.0">
+                         <filename>rubygem-bigdecimal-3.0.0-129.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-debuginfo" release="129.ule3" version="3.0.3">
+                         <filename>ruby-debuginfo-3.0.3-129.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-io-console" release="129.ule3" version="0.5.7">
+                         <filename>rubygem-io-console-0.5.7-129.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-debugsource" release="129.ule3" version="3.0.3">
+                         <filename>ruby-debugsource-3.0.3-129.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-json" release="129.ule3" version="2.5.1">
+                         <filename>rubygem-json-2.5.1-129.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-psych" release="129.ule3" version="3.3.2">
+                         <filename>rubygem-psych-3.3.2-129.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby" release="129.ule3" version="3.0.3">
+                         <filename>ruby-3.0.3-129.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rss" release="129.ule3" version="0.2.9">
+                         <filename>rubygem-rss-0.2.9-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rdoc" release="129.ule3" version="6.3.3">
+                         <filename>rubygem-rdoc-6.3.3-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-typeprof" release="129.ule3" version="0.15.2">
+                         <filename>rubygem-typeprof-0.15.2-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ruby-irb" release="129.ule3" version="3.0.3">
+                         <filename>ruby-irb-3.0.3-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ruby-help" release="129.ule3" version="3.0.3">
+                         <filename>ruby-help-3.0.3-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygems-devel" release="129.ule3" version="3.2.32">
+                         <filename>rubygems-devel-3.2.32-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-power_assert" release="129.ule3" version="1.2.0">
+                         <filename>rubygem-power_assert-1.2.0-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-test-unit" release="129.ule3" version="3.3.7">
+                         <filename>rubygem-test-unit-3.3.7-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-minitest" release="129.ule3" version="5.14.2">
+                         <filename>rubygem-minitest-5.14.2-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rbs" release="129.ule3" version="1.4.0">
+                         <filename>rubygem-rbs-1.4.0-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-bundler" release="129.ule3" version="2.2.32">
+                         <filename>rubygem-bundler-2.2.32-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-did_you_mean" release="129.ule3" version="1.5.0">
+                         <filename>rubygem-did_you_mean-1.5.0-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rake" release="129.ule3" version="13.0.3">
+                         <filename>rubygem-rake-13.0.3-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygems" release="129.ule3" version="3.2.32">
+                         <filename>rubygems-3.2.32-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rexml" release="129.ule3" version="3.2.5">
+                         <filename>rubygem-rexml-3.2.5-129.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-psych" release="129.ule3" version="3.3.2">
+                         <filename>rubygem-psych-3.3.2-129.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-openssl" release="129.ule3" version="2.2.1">
+                         <filename>rubygem-openssl-2.2.1-129.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-bigdecimal" release="129.ule3" version="3.0.0">
+                         <filename>rubygem-bigdecimal-3.0.0-129.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-io-console" release="129.ule3" version="0.5.7">
+                         <filename>rubygem-io-console-0.5.7-129.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-json" release="129.ule3" version="2.5.1">
+                         <filename>rubygem-json-2.5.1-129.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-devel" release="129.ule3" version="3.0.3">
+                         <filename>ruby-devel-3.0.3-129.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-debuginfo" release="129.ule3" version="3.0.3">
+                         <filename>ruby-debuginfo-3.0.3-129.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-debugsource" release="129.ule3" version="3.0.3">
+                         <filename>ruby-debugsource-3.0.3-129.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby" release="129.ule3" version="3.0.3">
+                         <filename>ruby-3.0.3-129.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1227</id>
+          <title>An update for python3 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24329" id="CVE-2023-24329" title="CVE-2023-24329" type="cve"></reference>
+          </references>
+          <description>An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.(CVE-2023-24329)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3" release="24.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debuginfo" release="24.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unversioned-command" release="24.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debug" release="24.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debugsource" release="24.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-devel" release="24.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-help" release="24.ule3" version="3.9.9">
+                         <filename>python3-help-3.9.9-24.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debugsource" release="24.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3" release="24.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unversioned-command" release="24.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-devel" release="24.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debug" release="24.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debuginfo" release="24.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-24.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1228</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-14"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1611" id="CVE-2023-1611" title="CVE-2023-1611" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1670" id="CVE-2023-1670" title="CVE-2023-1670" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1859" id="CVE-2023-1859" title="CVE-2023-1859" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1582" id="CVE-2023-1582" title="CVE-2023-1582" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4744" id="CVE-2022-4744" title="CVE-2022-4744" type="cve"></reference>
+          </references>
+          <description>A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea(CVE-2023-1611)A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.(CVE-2023-1670)A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.(CVE-2023-1859)A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.(CVE-2023-1582)A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-4744)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-devel" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.90.0.114.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.90.0.114.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.90.0.114.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1232</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0922" id="CVE-2023-0922" title="CVE-2023-0922" type="cve"></reference>
+          </references>
+          <description>The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.(CVE-2023-0922)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="samba-common" release="20.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ctdb" release="20.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="20.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common-tools" release="20.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="20.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="20.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="20.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-libs" release="20.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="20.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="20.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="20.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="20.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="20.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient-devel" release="20.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind" release="20.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debugsource" release="20.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="20.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="20.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-clients" release="20.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="20.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="20.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient" release="20.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="20.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="20.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="20.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="20.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="20.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="20.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="20.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="20.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="20.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="20.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="20.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="20.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="20.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="20.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="20.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="20.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="20.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="20.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="20.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="20.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="20.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="20.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="20.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="20.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="20.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="20.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="20.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="20.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="20.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="20.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="20.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="20.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1234</id>
+          <title>An update for openvswitch is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1668" id="CVE-2023-1668" title="CVE-2023-1668" type="cve"></reference>
+          </references>
+          <description>A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.(CVE-2023-1668)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openvswitch-help" release="4.ule3" version="2.12.4">
+                         <filename>openvswitch-help-2.12.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-debugsource" release="4.ule3" version="2.12.4">
+                         <filename>openvswitch-debugsource-2.12.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-devel" release="4.ule3" version="2.12.4">
+                         <filename>openvswitch-devel-2.12.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-debuginfo" release="4.ule3" version="2.12.4">
+                         <filename>openvswitch-debuginfo-2.12.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch" release="4.ule3" version="2.12.4">
+                         <filename>openvswitch-2.12.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debugsource" release="4.ule3" version="2.12.4">
+                         <filename>openvswitch-debugsource-2.12.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debuginfo" release="4.ule3" version="2.12.4">
+                         <filename>openvswitch-debuginfo-2.12.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-help" release="4.ule3" version="2.12.4">
+                         <filename>openvswitch-help-2.12.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-devel" release="4.ule3" version="2.12.4">
+                         <filename>openvswitch-devel-2.12.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch" release="4.ule3" version="2.12.4">
+                         <filename>openvswitch-2.12.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1235</id>
+          <title>An update for mod_auth_openidc is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23527" id="CVE-2022-23527" title="CVE-2022-23527" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28625" id="CVE-2023-28625" title="CVE-2023-28625" type="cve"></reference>
+          </references>
+          <description>mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.(CVE-2022-23527)mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.(CVE-2023-28625)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mod_auth_openidc" release="1.ule3" version="2.4.13.2">
+                         <filename>mod_auth_openidc-2.4.13.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_auth_openidc-debugsource" release="1.ule3" version="2.4.13.2">
+                         <filename>mod_auth_openidc-debugsource-2.4.13.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_auth_openidc-debuginfo" release="1.ule3" version="2.4.13.2">
+                         <filename>mod_auth_openidc-debuginfo-2.4.13.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_auth_openidc-debuginfo" release="1.ule3" version="2.4.13.2">
+                         <filename>mod_auth_openidc-debuginfo-2.4.13.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_auth_openidc-debugsource" release="1.ule3" version="2.4.13.2">
+                         <filename>mod_auth_openidc-debugsource-2.4.13.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_auth_openidc" release="1.ule3" version="2.4.13.2">
+                         <filename>mod_auth_openidc-2.4.13.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1237</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24536" id="CVE-2023-24536" title="CVE-2023-24536" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24534" id="CVE-2023-24534" title="CVE-2023-24534" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24538" id="CVE-2023-24538" title="CVE-2023-24538" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24537" id="CVE-2023-24537" title="CVE-2023-24537" type="cve"></reference>
+          </references>
+          <description>Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.(CVE-2023-24536)HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.(CVE-2023-24534)Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. &#34;var a = {{.}}&#34;), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.(CVE-2023-24538)Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.(CVE-2023-24537)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="16.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="16.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="16.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="16.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1238</id>
+          <title>An update for docker is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28842" id="CVE-2023-28842" title="CVE-2023-28842" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28841" id="CVE-2023-28841" title="CVE-2023-28841" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28840" id="CVE-2023-28840" title="CVE-2023-28840" type="cve"></reference>
+          </references>
+          <description>Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet&#39;s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime&#39;s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec.(CVE-2023-28842)Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet&#39;s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime&#39;s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.(CVE-2023-28841)Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet&#39;s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime&#39;s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.(CVE-2023-28840)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="docker-engine" release="323.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-323.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="docker-engine-debugsource" release="323.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-323.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="docker-engine-debuginfo" release="323.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-323.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="docker-engine-debugsource" release="323.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-323.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="docker-engine" release="323.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-323.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="docker-engine-debuginfo" release="323.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-323.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1239</id>
+          <title>An update for xorg-x11-server is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1393" id="CVE-2023-1393" title="CVE-2023-1393" type="cve"></reference>
+          </references>
+          <description>A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.(CVE-2023-1393)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="504" arch="aarch64" name="xorg-x11-server-debugsource" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="504" arch="aarch64" name="xorg-x11-server-Xdmx" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xephyr" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-devel" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xvfb" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debuginfo" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-common" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xnest" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-source" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-source-1.20.11-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-help" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-help-1.20.11-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xdmx" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xephyr" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debuginfo" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xnest" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debugsource" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-devel" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-common" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xvfb" release="18.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1240</id>
+          <title>An update for avahi is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1981" id="CVE-2023-1981" title="CVE-2023-1981" type="cve"></reference>
+          </references>
+          <description>It was discovered that the avahi deamon can be locally crashed by a dbus call made by an unprivileged user, causing a denial of service.References:https://github.com/lathiat/avahi/issues/375(CVE-2023-1981)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="avahi-glib-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-glib-devel-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-debuginfo" release="15.ule3" version="0.8">
+                         <filename>avahi-debuginfo-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi" release="15.ule3" version="0.8">
+                         <filename>avahi-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-autoipd" release="15.ule3" version="0.8">
+                         <filename>avahi-autoipd-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-howl-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-compat-howl-devel-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-gobject" release="15.ule3" version="0.8">
+                         <filename>avahi-gobject-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-debugsource" release="15.ule3" version="0.8">
+                         <filename>avahi-debugsource-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-tools" release="15.ule3" version="0.8">
+                         <filename>avahi-tools-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-devel-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui-gtk3" release="15.ule3" version="0.8">
+                         <filename>avahi-ui-gtk3-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-ui-devel-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-libs" release="15.ule3" version="0.8">
+                         <filename>avahi-libs-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-gobject-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-gobject-devel-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-libdns_sd" release="15.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-howl" release="15.ule3" version="0.8">
+                         <filename>avahi-compat-howl-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-glib" release="15.ule3" version="0.8">
+                         <filename>avahi-glib-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-dnsconfd" release="15.ule3" version="0.8">
+                         <filename>avahi-dnsconfd-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui" release="15.ule3" version="0.8">
+                         <filename>avahi-ui-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-libdns_sd-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-devel-0.8-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="avahi-help" release="15.ule3" version="0.8">
+                         <filename>avahi-help-0.8-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-glib-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-glib-devel-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-libdns_sd-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-devel-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-debuginfo" release="15.ule3" version="0.8">
+                         <filename>avahi-debuginfo-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-dnsconfd" release="15.ule3" version="0.8">
+                         <filename>avahi-dnsconfd-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-autoipd" release="15.ule3" version="0.8">
+                         <filename>avahi-autoipd-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-howl-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-compat-howl-devel-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-gobject" release="15.ule3" version="0.8">
+                         <filename>avahi-gobject-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-tools" release="15.ule3" version="0.8">
+                         <filename>avahi-tools-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui-gtk3" release="15.ule3" version="0.8">
+                         <filename>avahi-ui-gtk3-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-debugsource" release="15.ule3" version="0.8">
+                         <filename>avahi-debugsource-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-ui-devel-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-gobject-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-gobject-devel-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi" release="15.ule3" version="0.8">
+                         <filename>avahi-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-howl" release="15.ule3" version="0.8">
+                         <filename>avahi-compat-howl-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-libs" release="15.ule3" version="0.8">
+                         <filename>avahi-libs-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-devel" release="15.ule3" version="0.8">
+                         <filename>avahi-devel-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-glib" release="15.ule3" version="0.8">
+                         <filename>avahi-glib-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui" release="15.ule3" version="0.8">
+                         <filename>avahi-ui-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-libdns_sd" release="15.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-0.8-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1241</id>
+          <title>An update for lua is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-45985" id="CVE-2021-45985" title="CVE-2021-45985" type="cve"></reference>
+          </references>
+          <description>In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.(CVE-2021-45985)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="lua-debugsource" release="11.ule3" version="5.4.3">
+                         <filename>lua-debugsource-5.4.3-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-devel" release="11.ule3" version="5.4.3">
+                         <filename>lua-devel-5.4.3-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua-debuginfo" release="11.ule3" version="5.4.3">
+                         <filename>lua-debuginfo-5.4.3-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lua" release="11.ule3" version="5.4.3">
+                         <filename>lua-5.4.3-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="lua-help" release="11.ule3" version="5.4.3">
+                         <filename>lua-help-5.4.3-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua" release="11.ule3" version="5.4.3">
+                         <filename>lua-5.4.3-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-debugsource" release="11.ule3" version="5.4.3">
+                         <filename>lua-debugsource-5.4.3-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-debuginfo" release="11.ule3" version="5.4.3">
+                         <filename>lua-debuginfo-5.4.3-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lua-devel" release="11.ule3" version="5.4.3">
+                         <filename>lua-devel-5.4.3-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1243</id>
+          <title>An update for tcpdump is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1801" id="CVE-2023-1801" title="CVE-2023-1801" type="cve"></reference>
+          </references>
+          <description>The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.(CVE-2023-1801)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="tcpdump-debuginfo" release="6.ule3" version="4.99.1">
+                         <filename>tcpdump-debuginfo-4.99.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="tcpdump-help" release="6.ule3" version="4.99.1">
+                         <filename>tcpdump-help-4.99.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="tcpdump-debugsource" release="6.ule3" version="4.99.1">
+                         <filename>tcpdump-debugsource-4.99.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="tcpdump" release="6.ule3" version="4.99.1">
+                         <filename>tcpdump-4.99.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="tcpdump" release="6.ule3" version="4.99.1">
+                         <filename>tcpdump-4.99.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="tcpdump-debuginfo" release="6.ule3" version="4.99.1">
+                         <filename>tcpdump-debuginfo-4.99.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="tcpdump-debugsource" release="6.ule3" version="4.99.1">
+                         <filename>tcpdump-debugsource-4.99.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="tcpdump-help" release="6.ule3" version="4.99.1">
+                         <filename>tcpdump-help-4.99.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1245</id>
+          <title>An update for nasm is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44370" id="CVE-2022-44370" title="CVE-2022-44370" type="cve"></reference>
+          </references>
+          <description>NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856(CVE-2022-44370)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="nasm-debugsource" release="5.ule3" version="2.15.05">
+                         <filename>nasm-debugsource-2.15.05-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nasm" release="5.ule3" version="2.15.05">
+                         <filename>nasm-2.15.05-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nasm-debuginfo" release="5.ule3" version="2.15.05">
+                         <filename>nasm-debuginfo-2.15.05-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="nasm-help" release="5.ule3" version="2.15.05">
+                         <filename>nasm-help-2.15.05-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nasm-debuginfo" release="5.ule3" version="2.15.05">
+                         <filename>nasm-debuginfo-2.15.05-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nasm" release="5.ule3" version="2.15.05">
+                         <filename>nasm-2.15.05-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nasm-debugsource" release="5.ule3" version="2.15.05">
+                         <filename>nasm-debugsource-2.15.05-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1246</id>
+          <title>An update for freetype is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2004" id="CVE-2023-2004" title="CVE-2023-2004" type="cve"></reference>
+          </references>
+          <description>An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.(CVE-2023-2004)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="freetype" release="3.ule3" version="2.11.0">
+                         <filename>freetype-2.11.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-debuginfo" release="3.ule3" version="2.11.0">
+                         <filename>freetype-debuginfo-2.11.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-debugsource" release="3.ule3" version="2.11.0">
+                         <filename>freetype-debugsource-2.11.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-demos" release="3.ule3" version="2.11.0">
+                         <filename>freetype-demos-2.11.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freetype-devel" release="3.ule3" version="2.11.0">
+                         <filename>freetype-devel-2.11.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="freetype-help" release="3.ule3" version="2.11.0">
+                         <filename>freetype-help-2.11.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-devel" release="3.ule3" version="2.11.0">
+                         <filename>freetype-devel-2.11.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-debuginfo" release="3.ule3" version="2.11.0">
+                         <filename>freetype-debuginfo-2.11.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype" release="3.ule3" version="2.11.0">
+                         <filename>freetype-2.11.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-demos" release="3.ule3" version="2.11.0">
+                         <filename>freetype-demos-2.11.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freetype-debugsource" release="3.ule3" version="2.11.0">
+                         <filename>freetype-debugsource-2.11.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1247</id>
+          <title>An update for tomcat is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28708" id="CVE-2023-28708" title="CVE-2023-28708" type="cve"></reference>
+          </references>
+          <description>When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.(CVE-2023-28708)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="tomcat-jsvc" release="28.ule3" version="9.0.10">
+                         <filename>tomcat-jsvc-9.0.10-28.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat-help" release="28.ule3" version="9.0.10">
+                         <filename>tomcat-help-9.0.10-28.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat" release="28.ule3" version="9.0.10">
+                         <filename>tomcat-9.0.10-28.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1249</id>
+          <title>An update for bluez is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-27349" id="CVE-2023-27349" title="CVE-2023-27349" type="cve"></reference>
+          </references>
+          <description>(CVE-2023-27349)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bluez-devel" release="17.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debuginfo" release="17.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-cups" release="17.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-libs" release="17.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez" release="17.ule3" version="5.54">
+                         <filename>bluez-5.54-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debugsource" release="17.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bluez-help" release="17.ule3" version="5.54">
+                         <filename>bluez-help-5.54-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-cups" release="17.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-libs" release="17.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez" release="17.ule3" version="5.54">
+                         <filename>bluez-5.54-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debuginfo" release="17.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-devel" release="17.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debugsource" release="17.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1253</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1015" id="CVE-2022-1015" title="CVE-2022-1015" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36280" id="CVE-2022-36280" title="CVE-2022-36280" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-30456" id="CVE-2023-30456" title="CVE-2023-30456" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1989" id="CVE-2023-1989" title="CVE-2023-1989" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1829" id="CVE-2023-1829" title="CVE-2023-1829" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.(CVE-2022-1015)An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file &#39;/dev/dri/renderD128 (or Dxxx)&#39;. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).(CVE-2022-36280)An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.(CVE-2023-30456)A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.(CVE-2023-1989)A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.(CVE-2023-1829)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.91.0.115.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.91.0.115.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.91.0.115.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1254</id>
+          <title>An update for hyperscan is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29486" id="CVE-2022-29486" title="CVE-2022-29486" type="cve"></reference>
+          </references>
+          <description>Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access.(CVE-2022-29486)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="hyperscan-devel" release="3.ule3" version="5.4.0">
+                         <filename>hyperscan-devel-5.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hyperscan-debuginfo" release="3.ule3" version="5.4.0">
+                         <filename>hyperscan-debuginfo-5.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hyperscan-debugsource" release="3.ule3" version="5.4.0">
+                         <filename>hyperscan-debugsource-5.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hyperscan" release="3.ule3" version="5.4.0">
+                         <filename>hyperscan-5.4.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hyperscan-debuginfo" release="3.ule3" version="5.4.0">
+                         <filename>hyperscan-debuginfo-5.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hyperscan-devel" release="3.ule3" version="5.4.0">
+                         <filename>hyperscan-devel-5.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hyperscan" release="3.ule3" version="5.4.0">
+                         <filename>hyperscan-5.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hyperscan-debugsource" release="3.ule3" version="5.4.0">
+                         <filename>hyperscan-debugsource-5.4.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1258</id>
+          <title>An update for shadow is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29383" id="CVE-2023-29383" title="CVE-2023-29383" type="cve"></reference>
+          </references>
+          <description>In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that &#34;cat /etc/passwd&#34; shows a rogue user account.(CVE-2023-29383)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="shadow" release="7.ule3" version="4.9">
+                         <filename>shadow-4.9-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="shadow-debuginfo" release="7.ule3" version="4.9">
+                         <filename>shadow-debuginfo-4.9-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="shadow-debugsource" release="7.ule3" version="4.9">
+                         <filename>shadow-debugsource-4.9-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="shadow-subid-devel" release="7.ule3" version="4.9">
+                         <filename>shadow-subid-devel-4.9-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="shadow-help" release="7.ule3" version="4.9">
+                         <filename>shadow-help-4.9-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow-subid-devel" release="7.ule3" version="4.9">
+                         <filename>shadow-subid-devel-4.9-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow" release="7.ule3" version="4.9">
+                         <filename>shadow-4.9-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow-debugsource" release="7.ule3" version="4.9">
+                         <filename>shadow-debugsource-4.9-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow-debuginfo" release="7.ule3" version="4.9">
+                         <filename>shadow-debuginfo-4.9-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1259</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1289" id="CVE-2023-1289" title="CVE-2023-1289" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1906" id="CVE-2023-1906" title="CVE-2023-1906" type="cve"></reference>
+          </references>
+          <description>A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in &#34;/tmp,&#34; resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.(CVE-2023-1289)A heap-based buffer overflow issue was discovered in ImageMagick&#39;s ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.(CVE-2023-1906)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1260</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1993" id="CVE-2023-1993" title="CVE-2023-1993" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1992" id="CVE-2023-1992" title="CVE-2023-1992" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1994" id="CVE-2023-1994" title="CVE-2023-1994" type="cve"></reference>
+          </references>
+          <description>LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file(CVE-2023-1993)RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file(CVE-2023-1992)GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file(CVE-2023-1994)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="3.ule3" version="3.6.11">
+                         <filename>wireshark-debuginfo-3.6.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="3.ule3" version="3.6.11">
+                         <filename>wireshark-3.6.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="3.ule3" version="3.6.11">
+                         <filename>wireshark-help-3.6.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="3.ule3" version="3.6.11">
+                         <filename>wireshark-devel-3.6.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="3.ule3" version="3.6.11">
+                         <filename>wireshark-debugsource-3.6.11-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="3.ule3" version="3.6.11">
+                         <filename>wireshark-debuginfo-3.6.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="3.ule3" version="3.6.11">
+                         <filename>wireshark-help-3.6.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="3.ule3" version="3.6.11">
+                         <filename>wireshark-devel-3.6.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="3.ule3" version="3.6.11">
+                         <filename>wireshark-debugsource-3.6.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="3.ule3" version="3.6.11">
+                         <filename>wireshark-3.6.11-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1262</id>
+          <title>An update for libxml2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28484" id="CVE-2023-28484" title="CVE-2023-28484" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29469" id="CVE-2023-29469" title="CVE-2023-29469" type="cve"></reference>
+          </references>
+          <description>In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.(CVE-2023-28484)An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the &#39;\0&#39; value).(CVE-2023-29469)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libxml2-debugsource" release="16.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2" release="16.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-devel" release="16.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-debuginfo" release="16.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-libxml2" release="16.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libxml2-help" release="16.ule3" version="2.9.12">
+                         <filename>libxml2-help-2.9.12-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debuginfo" release="16.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-libxml2" release="16.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-devel" release="16.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debugsource" release="16.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2" release="16.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1263</id>
+          <title>An update for screen is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24626" id="CVE-2023-24626" title="CVE-2023-24626" type="cve"></reference>
+          </references>
+          <description>socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.(CVE-2023-24626)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="screen-debuginfo" release="12.ule3" version="4.8.0">
+                         <filename>screen-debuginfo-4.8.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="screen-debugsource" release="12.ule3" version="4.8.0">
+                         <filename>screen-debugsource-4.8.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="screen" release="12.ule3" version="4.8.0">
+                         <filename>screen-4.8.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="screen-help" release="12.ule3" version="4.8.0">
+                         <filename>screen-help-4.8.0-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="screen" release="12.ule3" version="4.8.0">
+                         <filename>screen-4.8.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="screen-debuginfo" release="12.ule3" version="4.8.0">
+                         <filename>screen-debuginfo-4.8.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="screen-debugsource" release="12.ule3" version="4.8.0">
+                         <filename>screen-debugsource-4.8.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1264</id>
+          <title>An update for dmidecode is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-30630" id="CVE-2023-30630" title="CVE-2023-30630" type="cve"></reference>
+          </references>
+          <description>Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.(CVE-2023-30630)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="dmidecode" release="6.ule3" version="3.3">
+                         <filename>dmidecode-3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dmidecode-debugsource" release="6.ule3" version="3.3">
+                         <filename>dmidecode-debugsource-3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dmidecode-debuginfo" release="6.ule3" version="3.3">
+                         <filename>dmidecode-debuginfo-3.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dmidecode" release="6.ule3" version="3.3">
+                         <filename>dmidecode-3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dmidecode-debugsource" release="6.ule3" version="3.3">
+                         <filename>dmidecode-debugsource-3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dmidecode-debuginfo" release="6.ule3" version="3.3">
+                         <filename>dmidecode-debuginfo-3.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1268</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-04-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1855" id="CVE-2023-1855" title="CVE-2023-1855" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1990" id="CVE-2023-1990" title="CVE-2023-1990" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1872" id="CVE-2023-1872" title="CVE-2023-1872" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2006" id="CVE-2023-2006" title="CVE-2023-2006" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-30772" id="CVE-2023-30772" title="CVE-2023-30772" type="cve"></reference>
+          </references>
+          <description>A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.(CVE-2023-1855)A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.(CVE-2023-1990)A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.The io_file_get_fixed function lacks the presence of ctx-&gt;uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.(CVE-2023-1872)A race condition was found in the Linux kernel&#39;s RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.(CVE-2023-2006)The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.(CVE-2023-30772)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-source" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.92.0.116.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="kernel-devel" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.92.0.116.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.92.0.116.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1269</id>
+          <title>An update for git is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25652" id="CVE-2023-25652" title="CVE-2023-25652" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25815" id="CVE-2023-25815" title="CVE-2023-25815" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29007" id="CVE-2023-29007" title="CVE-2023-29007" type="cve"></reference>
+          </references>
+          <description>Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.(CVE-2023-25652)In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function&#39;s implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`.(CVE-2023-25815)Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user&#39;s `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.(CVE-2023-29007)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="git-debugsource" release="10.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-debuginfo" release="10.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git" release="10.ule3" version="2.33.0">
+                         <filename>git-2.33.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="git-daemon" release="10.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git" release="10.ule3" version="2.33.0">
+                         <filename>perl-Git-2.33.0-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-svn" release="10.ule3" version="2.33.0">
+                         <filename>git-svn-2.33.0-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Git-SVN" release="10.ule3" version="2.33.0">
+                         <filename>perl-Git-SVN-2.33.0-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-email" release="10.ule3" version="2.33.0">
+                         <filename>git-email-2.33.0-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-help" release="10.ule3" version="2.33.0">
+                         <filename>git-help-2.33.0-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-web" release="10.ule3" version="2.33.0">
+                         <filename>git-web-2.33.0-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="git-gui" release="10.ule3" version="2.33.0">
+                         <filename>git-gui-2.33.0-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gitk" release="10.ule3" version="2.33.0">
+                         <filename>gitk-2.33.0-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debuginfo" release="10.ule3" version="2.33.0">
+                         <filename>git-debuginfo-2.33.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-daemon" release="10.ule3" version="2.33.0">
+                         <filename>git-daemon-2.33.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git-debugsource" release="10.ule3" version="2.33.0">
+                         <filename>git-debugsource-2.33.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="git" release="10.ule3" version="2.33.0">
+                         <filename>git-2.33.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1270</id>
+          <title>An update for qt5-qtbase is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24607" id="CVE-2023-24607" title="CVE-2023-24607" type="cve"></reference>
+          </references>
+          <description>Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.(CVE-2023-24607)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qt5-qtbase-odbc" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-examples" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-gui" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-devel" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-postgresql" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-static" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debugsource" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debuginfo" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-private-devel" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-mysql" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="qt5-qtbase-common" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-common-5.15.2-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-devel" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-examples" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-gui" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-static" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-postgresql" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debugsource" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-mysql" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-private-devel" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debuginfo" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-odbc" release="6.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1273</id>
+          <title>An update for php is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31629" id="CVE-2022-31629" title="CVE-2022-31629" type="cve"></reference>
+          </references>
+          <description>In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim&#39;s browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.(CVE-2022-31629)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="php-soap" release="1.ule3" version="8.0.28">
+                         <filename>php-soap-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-mysqlnd" release="1.ule3" version="8.0.28">
+                         <filename>php-mysqlnd-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-intl" release="1.ule3" version="8.0.28">
+                         <filename>php-intl-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-cli" release="1.ule3" version="8.0.28">
+                         <filename>php-cli-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-tidy" release="1.ule3" version="8.0.28">
+                         <filename>php-tidy-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-debuginfo" release="1.ule3" version="8.0.28">
+                         <filename>php-debuginfo-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-debugsource" release="1.ule3" version="8.0.28">
+                         <filename>php-debugsource-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-enchant" release="1.ule3" version="8.0.28">
+                         <filename>php-enchant-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-pgsql" release="1.ule3" version="8.0.28">
+                         <filename>php-pgsql-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-bcmath" release="1.ule3" version="8.0.28">
+                         <filename>php-bcmath-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-odbc" release="1.ule3" version="8.0.28">
+                         <filename>php-odbc-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-devel" release="1.ule3" version="8.0.28">
+                         <filename>php-devel-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-dbg" release="1.ule3" version="8.0.28">
+                         <filename>php-dbg-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-ffi" release="1.ule3" version="8.0.28">
+                         <filename>php-ffi-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-process" release="1.ule3" version="8.0.28">
+                         <filename>php-process-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-snmp" release="1.ule3" version="8.0.28">
+                         <filename>php-snmp-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php" release="1.ule3" version="8.0.28">
+                         <filename>php-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-help" release="1.ule3" version="8.0.28">
+                         <filename>php-help-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-fpm" release="1.ule3" version="8.0.28">
+                         <filename>php-fpm-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-ldap" release="1.ule3" version="8.0.28">
+                         <filename>php-ldap-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-opcache" release="1.ule3" version="8.0.28">
+                         <filename>php-opcache-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-dba" release="1.ule3" version="8.0.28">
+                         <filename>php-dba-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-pdo" release="1.ule3" version="8.0.28">
+                         <filename>php-pdo-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-common" release="1.ule3" version="8.0.28">
+                         <filename>php-common-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-embedded" release="1.ule3" version="8.0.28">
+                         <filename>php-embedded-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-gd" release="1.ule3" version="8.0.28">
+                         <filename>php-gd-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-gmp" release="1.ule3" version="8.0.28">
+                         <filename>php-gmp-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-mbstring" release="1.ule3" version="8.0.28">
+                         <filename>php-mbstring-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-xml" release="1.ule3" version="8.0.28">
+                         <filename>php-xml-8.0.28-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-common" release="1.ule3" version="8.0.28">
+                         <filename>php-common-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-devel" release="1.ule3" version="8.0.28">
+                         <filename>php-devel-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-opcache" release="1.ule3" version="8.0.28">
+                         <filename>php-opcache-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-pdo" release="1.ule3" version="8.0.28">
+                         <filename>php-pdo-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-bcmath" release="1.ule3" version="8.0.28">
+                         <filename>php-bcmath-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-gmp" release="1.ule3" version="8.0.28">
+                         <filename>php-gmp-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-mbstring" release="1.ule3" version="8.0.28">
+                         <filename>php-mbstring-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-cli" release="1.ule3" version="8.0.28">
+                         <filename>php-cli-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-tidy" release="1.ule3" version="8.0.28">
+                         <filename>php-tidy-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-mysqlnd" release="1.ule3" version="8.0.28">
+                         <filename>php-mysqlnd-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-ldap" release="1.ule3" version="8.0.28">
+                         <filename>php-ldap-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php" release="1.ule3" version="8.0.28">
+                         <filename>php-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-soap" release="1.ule3" version="8.0.28">
+                         <filename>php-soap-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-snmp" release="1.ule3" version="8.0.28">
+                         <filename>php-snmp-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-gd" release="1.ule3" version="8.0.28">
+                         <filename>php-gd-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-fpm" release="1.ule3" version="8.0.28">
+                         <filename>php-fpm-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-xml" release="1.ule3" version="8.0.28">
+                         <filename>php-xml-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-ffi" release="1.ule3" version="8.0.28">
+                         <filename>php-ffi-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-debugsource" release="1.ule3" version="8.0.28">
+                         <filename>php-debugsource-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-process" release="1.ule3" version="8.0.28">
+                         <filename>php-process-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-dbg" release="1.ule3" version="8.0.28">
+                         <filename>php-dbg-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-pgsql" release="1.ule3" version="8.0.28">
+                         <filename>php-pgsql-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-dba" release="1.ule3" version="8.0.28">
+                         <filename>php-dba-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-help" release="1.ule3" version="8.0.28">
+                         <filename>php-help-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-odbc" release="1.ule3" version="8.0.28">
+                         <filename>php-odbc-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-embedded" release="1.ule3" version="8.0.28">
+                         <filename>php-embedded-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-debuginfo" release="1.ule3" version="8.0.28">
+                         <filename>php-debuginfo-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-intl" release="1.ule3" version="8.0.28">
+                         <filename>php-intl-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-enchant" release="1.ule3" version="8.0.28">
+                         <filename>php-enchant-8.0.28-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1274</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4382" id="CVE-2022-4382" title="CVE-2022-4382" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1998" id="CVE-2023-1998" title="CVE-2023-1998" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2007" id="CVE-2023-2007" title="CVE-2023-2007" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2166" id="CVE-2023-2166" title="CVE-2023-2166" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2176" id="CVE-2023-2176" title="CVE-2023-2176" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2194" id="CVE-2023-2194" title="CVE-2023-2194" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2269" id="CVE-2023-2269" title="CVE-2023-2269" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0458" id="CVE-2023-0458" title="CVE-2023-0458" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31436" id="CVE-2023-31436" title="CVE-2023-31436" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2008" id="CVE-2023-2008" title="CVE-2023-2008" type="cve"></reference>
+          </references>
+          <description>A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.(CVE-2022-4382)The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.(CVE-2023-1998)The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.(CVE-2023-2007)A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.(CVE-2023-2166)A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.(CVE-2023-2176)An out-of-bounds write vulnerability was found in the Linux kernel&#39;s SLIMpro I2C device driver. The userspace &#34;data-&gt;block[0]&#34; variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.(CVE-2023-2194)A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.(CVE-2023-2269)A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the &#39;rlim&#39; variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11(CVE-2023-0458)qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.(CVE-2023-31436)A flaw was found in the Linux kernel s udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.(CVE-2023-2008)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.93.0.117.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.93.0.117.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.93.0.117.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1278</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2426" id="CVE-2023-2426" title="CVE-2023-2426" type="cve"></reference>
+          </references>
+          <description>Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.(CVE-2023-2426)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="14.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="14.ule3" version="9.0">
+                         <filename>vim-X11-9.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="14.ule3" version="9.0">
+                         <filename>vim-common-9.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="14.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="14.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="14.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="14.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="14.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="14.ule3" version="9.0">
+                         <filename>vim-X11-9.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="14.ule3" version="9.0">
+                         <filename>vim-common-9.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="14.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="14.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="14.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1279</id>
+          <title>An update for python-sqlparse is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-30608" id="CVE-2023-30608" title="CVE-2023-30608" type="cve"></reference>
+          </references>
+          <description>sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-30608)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-sqlparse" release="3.ule3" version="0.4.1">
+                         <filename>python3-sqlparse-0.4.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-sqlparse-help" release="3.ule3" version="0.4.1">
+                         <filename>python-sqlparse-help-0.4.1-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1280</id>
+          <title>An update for LibRaw is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1729" id="CVE-2023-1729" title="CVE-2023-1729" type="cve"></reference>
+          </references>
+          <description>A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.(CVE-2023-1729)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="LibRaw-debuginfo" release="6.ule3" version="0.20.2">
+                         <filename>LibRaw-debuginfo-0.20.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="LibRaw" release="6.ule3" version="0.20.2">
+                         <filename>LibRaw-0.20.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="LibRaw-devel" release="6.ule3" version="0.20.2">
+                         <filename>LibRaw-devel-0.20.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="LibRaw-debugsource" release="6.ule3" version="0.20.2">
+                         <filename>LibRaw-debugsource-0.20.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="LibRaw" release="6.ule3" version="0.20.2">
+                         <filename>LibRaw-0.20.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="LibRaw-devel" release="6.ule3" version="0.20.2">
+                         <filename>LibRaw-devel-0.20.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="LibRaw-debuginfo" release="6.ule3" version="0.20.2">
+                         <filename>LibRaw-debuginfo-0.20.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="LibRaw-debugsource" release="6.ule3" version="0.20.2">
+                         <filename>LibRaw-debugsource-0.20.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1281</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2609" id="CVE-2023-2609" title="CVE-2023-2609" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2610" id="CVE-2023-2610" title="CVE-2023-2610" type="cve"></reference>
+          </references>
+          <description>NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.(CVE-2023-2609)Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.(CVE-2023-2610)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="15.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="15.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="15.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="15.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="15.ule3" version="9.0">
+                         <filename>vim-X11-9.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="15.ule3" version="9.0">
+                         <filename>vim-common-9.0-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="15.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="15.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="15.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="15.ule3" version="9.0">
+                         <filename>vim-X11-9.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="15.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="15.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="15.ule3" version="9.0">
+                         <filename>vim-common-9.0-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1282</id>
+          <title>An update for ntp is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26551" id="CVE-2023-26551" title="CVE-2023-26551" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26554" id="CVE-2023-26554" title="CVE-2023-26554" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26553" id="CVE-2023-26553" title="CVE-2023-26553" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26552" id="CVE-2023-26552" title="CVE-2023-26552" type="cve"></reference>
+          </references>
+          <description>mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp&lt;cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.(CVE-2023-26551)mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a &#39;\0&#39; character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.(CVE-2023-26554)mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.(CVE-2023-26553)mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.(CVE-2023-26552)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ntp" release="7.ule3" version="4.2.8p15">
+                         <filename>ntp-4.2.8p15-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ntp-debugsource" release="7.ule3" version="4.2.8p15">
+                         <filename>ntp-debugsource-4.2.8p15-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ntp-debuginfo" release="7.ule3" version="4.2.8p15">
+                         <filename>ntp-debuginfo-4.2.8p15-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ntp-help" release="7.ule3" version="4.2.8p15">
+                         <filename>ntp-help-4.2.8p15-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ntp-perl" release="7.ule3" version="4.2.8p15">
+                         <filename>ntp-perl-4.2.8p15-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ntp-debugsource" release="7.ule3" version="4.2.8p15">
+                         <filename>ntp-debugsource-4.2.8p15-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ntp" release="7.ule3" version="4.2.8p15">
+                         <filename>ntp-4.2.8p15-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ntp-debuginfo" release="7.ule3" version="4.2.8p15">
+                         <filename>ntp-debuginfo-4.2.8p15-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1284</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2002" id="CVE-2023-2002" title="CVE-2023-2002" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0458" id="CVE-2023-0458" title="CVE-2023-0458" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2483" id="CVE-2023-2483" title="CVE-2023-2483" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32269" id="CVE-2023-32269" title="CVE-2023-32269" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26544" id="CVE-2023-26544" title="CVE-2023-26544" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0459" id="CVE-2023-0459" title="CVE-2023-0459" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2177" id="CVE-2023-2177" title="CVE-2023-2177" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2513" id="CVE-2023-2513" title="CVE-2023-2513" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.(CVE-2023-2002)A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the &#39;rlim&#39; variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11(CVE-2023-0458)In emac_probe, &amp;adpt-&gt;work_thread is bound with emac_work_thread. Then it will be started by timeout handler emac_tx_timeout or a IRQ handler emac_isr. If we remove the driver which will call emac_remove to make cleanup, there may be a unfinished work. This could lead to a use-after-free.Upstream fix:https://github.com/torvalds/linux/commit/6b6bc5b8bd2d(CVE-2023-2483)An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.(CVE-2023-32269)In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size.(CVE-2023-26544)No description is available for this CVE(CVE-2023-0459)A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.(CVE-2023-2177)A use-after-free vulnerability was found in the Linux kernel&#39;s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.(CVE-2023-2513)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.94.0.118.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="kernel-debuginfo" release="60.94.0.118.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.94.0.118.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1285</id>
+          <title>An update for mysql is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37434" id="CVE-2022-37434" title="CVE-2022-37434" type="cve"></reference>
+          </references>
+          <description>zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mysql" release="3.ule3" version="8.0.29">
+                         <filename>mysql-8.0.29-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-libs" release="3.ule3" version="8.0.29">
+                         <filename>mysql-libs-8.0.29-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-debugsource" release="3.ule3" version="8.0.29">
+                         <filename>mysql-debugsource-8.0.29-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-devel" release="3.ule3" version="8.0.29">
+                         <filename>mysql-devel-8.0.29-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-server" release="3.ule3" version="8.0.29">
+                         <filename>mysql-server-8.0.29-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-config" release="3.ule3" version="8.0.29">
+                         <filename>mysql-config-8.0.29-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-errmsg" release="3.ule3" version="8.0.29">
+                         <filename>mysql-errmsg-8.0.29-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-common" release="3.ule3" version="8.0.29">
+                         <filename>mysql-common-8.0.29-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-help" release="3.ule3" version="8.0.29">
+                         <filename>mysql-help-8.0.29-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-test" release="3.ule3" version="8.0.29">
+                         <filename>mysql-test-8.0.29-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-debuginfo" release="3.ule3" version="8.0.29">
+                         <filename>mysql-debuginfo-8.0.29-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-help" release="3.ule3" version="8.0.29">
+                         <filename>mysql-help-8.0.29-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-devel" release="3.ule3" version="8.0.29">
+                         <filename>mysql-devel-8.0.29-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-common" release="3.ule3" version="8.0.29">
+                         <filename>mysql-common-8.0.29-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-server" release="3.ule3" version="8.0.29">
+                         <filename>mysql-server-8.0.29-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-config" release="3.ule3" version="8.0.29">
+                         <filename>mysql-config-8.0.29-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-debugsource" release="3.ule3" version="8.0.29">
+                         <filename>mysql-debugsource-8.0.29-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql" release="3.ule3" version="8.0.29">
+                         <filename>mysql-8.0.29-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-libs" release="3.ule3" version="8.0.29">
+                         <filename>mysql-libs-8.0.29-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-test" release="3.ule3" version="8.0.29">
+                         <filename>mysql-test-8.0.29-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-debuginfo" release="3.ule3" version="8.0.29">
+                         <filename>mysql-debuginfo-8.0.29-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-errmsg" release="3.ule3" version="8.0.29">
+                         <filename>mysql-errmsg-8.0.29-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1286</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31047" id="CVE-2023-31047" title="CVE-2023-31047" type="cve"></reference>
+          </references>
+          <description>In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django&#39;s &#34;Uploading multiple files&#34; documentation suggested otherwise.(CVE-2023-31047)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-django-help" release="5.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-Django" release="5.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-5.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1287</id>
+          <title>An update for perl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31484" id="CVE-2023-31484" title="CVE-2023-31484" type="cve"></reference>
+          </references>
+          <description>CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.(CVE-2023-31484)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="perl" release="7.ule3" version="5.34.0">
+                         <filename>perl-5.34.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-debugsource" release="7.ule3" version="5.34.0">
+                         <filename>perl-debugsource-5.34.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-libs" release="7.ule3" version="5.34.0">
+                         <filename>perl-libs-5.34.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-debuginfo" release="7.ule3" version="5.34.0">
+                         <filename>perl-debuginfo-5.34.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-devel" release="7.ule3" version="5.34.0">
+                         <filename>perl-devel-5.34.0-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="noarch" name="perl-help" release="7.ule3" version="5.34.0">
+                         <filename>perl-help-5.34.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-libs" release="7.ule3" version="5.34.0">
+                         <filename>perl-libs-5.34.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-debuginfo" release="7.ule3" version="5.34.0">
+                         <filename>perl-debuginfo-5.34.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-debugsource" release="7.ule3" version="5.34.0">
+                         <filename>perl-debugsource-5.34.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl" release="7.ule3" version="5.34.0">
+                         <filename>perl-5.34.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-devel" release="7.ule3" version="5.34.0">
+                         <filename>perl-devel-5.34.0-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1289</id>
+          <title>An update for redis is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28856" id="CVE-2023-28856" title="CVE-2023-28856" type="cve"></reference>
+          </references>
+          <description>Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-28856)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="redis-debugsource" release="5.ule3" version="4.0.14">
+                         <filename>redis-debugsource-4.0.14-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis-debuginfo" release="5.ule3" version="4.0.14">
+                         <filename>redis-debuginfo-4.0.14-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis" release="5.ule3" version="4.0.14">
+                         <filename>redis-4.0.14-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis-debuginfo" release="5.ule3" version="4.0.14">
+                         <filename>redis-debuginfo-4.0.14-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis" release="5.ule3" version="4.0.14">
+                         <filename>redis-4.0.14-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis-debugsource" release="5.ule3" version="4.0.14">
+                         <filename>redis-debugsource-4.0.14-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1290</id>
+          <title>An update for cloud-init is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2084" id="CVE-2022-2084" title="CVE-2022-2084" type="cve"></reference>
+          </references>
+          <description>Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.(CVE-2022-2084)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="cloud-init-help" release="11.ule3" version="21.4">
+                         <filename>cloud-init-help-21.4-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="cloud-init" release="11.ule3" version="21.4">
+                         <filename>cloud-init-21.4-11.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1291</id>
+          <title>An update for libssh is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1667" id="CVE-2023-1667" title="CVE-2023-1667" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2283" id="CVE-2023-2283" title="CVE-2023-2283" type="cve"></reference>
+          </references>
+          <description>A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.(CVE-2023-1667)A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.(CVE-2023-2283)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libssh" release="7.ule3" version="0.9.6">
+                         <filename>libssh-0.9.6-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh-debugsource" release="7.ule3" version="0.9.6">
+                         <filename>libssh-debugsource-0.9.6-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh-debuginfo" release="7.ule3" version="0.9.6">
+                         <filename>libssh-debuginfo-0.9.6-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh-devel" release="7.ule3" version="0.9.6">
+                         <filename>libssh-devel-0.9.6-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libssh-help" release="7.ule3" version="0.9.6">
+                         <filename>libssh-help-0.9.6-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh-devel" release="7.ule3" version="0.9.6">
+                         <filename>libssh-devel-0.9.6-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh-debugsource" release="7.ule3" version="0.9.6">
+                         <filename>libssh-debugsource-0.9.6-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh-debuginfo" release="7.ule3" version="0.9.6">
+                         <filename>libssh-debuginfo-0.9.6-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh" release="7.ule3" version="0.9.6">
+                         <filename>libssh-0.9.6-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1292</id>
+          <title>An update for ntp is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26555" id="CVE-2023-26555" title="CVE-2023-26555" type="cve"></reference>
+          </references>
+          <description>praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.(CVE-2023-26555)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ntp" release="9.ule3" version="4.2.8p15">
+                         <filename>ntp-4.2.8p15-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ntp-debugsource" release="9.ule3" version="4.2.8p15">
+                         <filename>ntp-debugsource-4.2.8p15-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ntp-debuginfo" release="9.ule3" version="4.2.8p15">
+                         <filename>ntp-debuginfo-4.2.8p15-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ntp-help" release="9.ule3" version="4.2.8p15">
+                         <filename>ntp-help-4.2.8p15-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ntp-perl" release="9.ule3" version="4.2.8p15">
+                         <filename>ntp-perl-4.2.8p15-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ntp-debugsource" release="9.ule3" version="4.2.8p15">
+                         <filename>ntp-debugsource-4.2.8p15-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ntp-debuginfo" release="9.ule3" version="4.2.8p15">
+                         <filename>ntp-debuginfo-4.2.8p15-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ntp" release="9.ule3" version="4.2.8p15">
+                         <filename>ntp-4.2.8p15-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1293</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2162" id="CVE-2023-2162" title="CVE-2023-2162" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2124" id="CVE-2023-2124" title="CVE-2023-2124" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32233" id="CVE-2023-32233" title="CVE-2023-32233" type="cve"></reference>
+          </references>
+          <description>A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.(CVE-2023-2162)An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system(CVE-2023-2124)In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.(CVE-2023-32233)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="3" arch="aarch64" name="python3-perf-debuginfo" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.95.0.119.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.95.0.119.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.95.0.119.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1294</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29400" id="CVE-2023-29400" title="CVE-2023-29400" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24539" id="CVE-2023-24539" title="CVE-2023-24539" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24540" id="CVE-2023-24540" title="CVE-2023-24540" type="cve"></reference>
+          </references>
+          <description>Templates containing actions in unquoted HTML attributes (e.g. &#34;attr={{.}}&#34;) executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.(CVE-2023-29400)Angle brackets (&lt;&gt;) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a &#39;/&#39; character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.(CVE-2023-24539)Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set &#34;\t\n\f\r\u0020\u2028\u2029&#34; in JavaScript contexts that also contain actions may not be properly sanitized during execution.(CVE-2023-24540)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="18.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="18.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="18.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="18.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1297</id>
+          <title>An update for cloud-init is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1786" id="CVE-2023-1786" title="CVE-2023-1786" type="cve"></reference>
+          </references>
+          <description>Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.(CVE-2023-1786)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="cloud-init" release="13.ule3" version="21.4">
+                         <filename>cloud-init-21.4-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="cloud-init-help" release="13.ule3" version="21.4">
+                         <filename>cloud-init-help-21.4-13.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1299</id>
+          <title>An update for libtpms is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-05-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1018" id="CVE-2023-1018" title="CVE-2023-1018" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1017" id="CVE-2023-1017" title="CVE-2023-1017" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds read vulnerability exists in TPM2.0&#39;s Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.(CVE-2023-1018)An out-of-bounds write vulnerability exists in TPM2.0&#39;s Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.(CVE-2023-1017)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtpms-debugsource" release="8.ule3" version="0.7.3">
+                         <filename>libtpms-debugsource-0.7.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtpms-devel" release="8.ule3" version="0.7.3">
+                         <filename>libtpms-devel-0.7.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtpms-debuginfo" release="8.ule3" version="0.7.3">
+                         <filename>libtpms-debuginfo-0.7.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtpms" release="8.ule3" version="0.7.3">
+                         <filename>libtpms-0.7.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtpms" release="8.ule3" version="0.7.3">
+                         <filename>libtpms-0.7.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtpms-debuginfo" release="8.ule3" version="0.7.3">
+                         <filename>libtpms-debuginfo-0.7.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtpms-debugsource" release="8.ule3" version="0.7.3">
+                         <filename>libtpms-debugsource-0.7.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtpms-devel" release="8.ule3" version="0.7.3">
+                         <filename>libtpms-devel-0.7.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1301</id>
+          <title>An update for sysstat is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-33204" id="CVE-2023-33204" title="CVE-2023-33204" type="cve"></reference>
+          </references>
+          <description>sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.(CVE-2023-33204)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sysstat-debuginfo" release="8.ule3" version="12.5.4">
+                         <filename>sysstat-debuginfo-12.5.4-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sysstat" release="8.ule3" version="12.5.4">
+                         <filename>sysstat-12.5.4-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sysstat-debugsource" release="8.ule3" version="12.5.4">
+                         <filename>sysstat-debugsource-12.5.4-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sysstat-debugsource" release="8.ule3" version="12.5.4">
+                         <filename>sysstat-debugsource-12.5.4-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sysstat" release="8.ule3" version="12.5.4">
+                         <filename>sysstat-12.5.4-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sysstat-debuginfo" release="8.ule3" version="12.5.4">
+                         <filename>sysstat-debuginfo-12.5.4-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1309</id>
+          <title>An update for webkit2gtk3 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32373" id="CVE-2023-32373" title="CVE-2023-32373" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28204" id="CVE-2023-28204" title="CVE-2023-28204" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32409" id="CVE-2023-32409" title="CVE-2023-32409" type="cve"></reference>
+          </references>
+          <description>A use after free vulnerability was found in the webkitgtk package. Processing maliciously crafted web content may lead to arbitrary code execution.(CVE-2023-32373)A flaw was found in the webkitgtk package. An out of bounds read may be possible when processing malicious web content, which can lead to information disclosure.(CVE-2023-28204)A flaw was found in the WebGPU, part of the Webkit project. This flaw allows a remote attacker to break out of the Web Content sandbox.(CVE-2023-32409)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="webkit2gtk3-devel" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-devel-2.36.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="webkit2gtk3-jsc-devel" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-jsc-devel-2.36.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="webkit2gtk3" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-2.36.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="webkit2gtk3-debugsource" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-debugsource-2.36.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="webkit2gtk3-jsc" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-jsc-2.36.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="webkit2gtk3-debuginfo" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-debuginfo-2.36.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="webkit2gtk3-help" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-help-2.36.3-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3-jsc" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-jsc-2.36.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3-jsc-devel" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-jsc-devel-2.36.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3-devel" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-devel-2.36.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-2.36.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3-debuginfo" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-debuginfo-2.36.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="webkit2gtk3-debugsource" release="4.ule3" version="2.36.3">
+                         <filename>webkit2gtk3-debugsource-2.36.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1312</id>
+          <title>An update for c-ares is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32067" id="CVE-2023-32067" title="CVE-2023-32067" type="cve"></reference>
+          </references>
+          <description>c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.(CVE-2023-32067)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="c-ares-debuginfo" release="5.ule3" version="1.18.1">
+                         <filename>c-ares-debuginfo-1.18.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares-devel" release="5.ule3" version="1.18.1">
+                         <filename>c-ares-devel-1.18.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares" release="5.ule3" version="1.18.1">
+                         <filename>c-ares-1.18.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares-debugsource" release="5.ule3" version="1.18.1">
+                         <filename>c-ares-debugsource-1.18.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="c-ares-help" release="5.ule3" version="1.18.1">
+                         <filename>c-ares-help-1.18.1-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-devel" release="5.ule3" version="1.18.1">
+                         <filename>c-ares-devel-1.18.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares" release="5.ule3" version="1.18.1">
+                         <filename>c-ares-1.18.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-debuginfo" release="5.ule3" version="1.18.1">
+                         <filename>c-ares-debuginfo-1.18.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-debugsource" release="5.ule3" version="1.18.1">
+                         <filename>c-ares-debugsource-1.18.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1315</id>
+          <title>An update for cups-filters is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24805" id="CVE-2023-24805" title="CVE-2023-24805" type="cve"></reference>
+          </references>
+          <description>cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) &gt;&gt; 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.(CVE-2023-24805)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="cups-filters" release="3.ule3" version="1.28.9">
+                         <filename>cups-filters-1.28.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cups-filters-debuginfo" release="3.ule3" version="1.28.9">
+                         <filename>cups-filters-debuginfo-1.28.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cups-filters-debugsource" release="3.ule3" version="1.28.9">
+                         <filename>cups-filters-debugsource-1.28.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cups-filters-devel" release="3.ule3" version="1.28.9">
+                         <filename>cups-filters-devel-1.28.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="cups-filters-help" release="3.ule3" version="1.28.9">
+                         <filename>cups-filters-help-1.28.9-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-filters-debuginfo" release="3.ule3" version="1.28.9">
+                         <filename>cups-filters-debuginfo-1.28.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-filters-debugsource" release="3.ule3" version="1.28.9">
+                         <filename>cups-filters-debugsource-1.28.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-filters-devel" release="3.ule3" version="1.28.9">
+                         <filename>cups-filters-devel-1.28.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-filters" release="3.ule3" version="1.28.9">
+                         <filename>cups-filters-1.28.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1316</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2731" id="CVE-2023-2731" title="CVE-2023-2731" type="cve"></reference>
+          </references>
+          <description>A NULL pointer dereference flaw was found in Libtiff&#39;s LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.(CVE-2023-2731)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-debugsource" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-25.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="25.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-25.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1317</id>
+          <title>An update for libwebp is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1999" id="CVE-2023-1999" title="CVE-2023-1999" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in libwebp (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown code of the component Image File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-1999)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libwebp-tools" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-tools-1.2.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwebp-java" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-java-1.2.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwebp-debugsource" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-debugsource-1.2.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwebp" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-1.2.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwebp-devel" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-devel-1.2.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwebp-debuginfo" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-debuginfo-1.2.1-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libwebp-help" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-help-1.2.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp-devel" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-devel-1.2.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp-debugsource" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-debugsource-1.2.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp-debuginfo" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-debuginfo-1.2.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp-java" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-java-1.2.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp-tools" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-tools-1.2.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp" release="3.ule3" version="1.2.1">
+                         <filename>libwebp-1.2.1-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1318</id>
+          <title>An update for libreswan is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-30570" id="CVE-2023-30570" title="CVE-2023-30570" type="cve"></reference>
+          </references>
+          <description>pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.(CVE-2023-30570)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libreswan-debugsource" release="1.ule3" version="4.11">
+                         <filename>libreswan-debugsource-4.11-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan" release="1.ule3" version="4.11">
+                         <filename>libreswan-4.11-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan-help" release="1.ule3" version="4.11">
+                         <filename>libreswan-help-4.11-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan-debuginfo" release="1.ule3" version="4.11">
+                         <filename>libreswan-debuginfo-4.11-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-debugsource" release="1.ule3" version="4.11">
+                         <filename>libreswan-debugsource-4.11-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-debuginfo" release="1.ule3" version="4.11">
+                         <filename>libreswan-debuginfo-4.11-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan" release="1.ule3" version="4.11">
+                         <filename>libreswan-4.11-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-help" release="1.ule3" version="4.11">
+                         <filename>libreswan-help-4.11-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1321</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2857" id="CVE-2023-2857" title="CVE-2023-2857" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2858" id="CVE-2023-2858" title="CVE-2023-2858" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2855" id="CVE-2023-2855" title="CVE-2023-2855" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0668" id="CVE-2023-0668" title="CVE-2023-0668" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2856" id="CVE-2023-2856" title="CVE-2023-2856" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2879" id="CVE-2023-2879" title="CVE-2023-2879" type="cve"></reference>
+          </references>
+          <description>BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file(CVE-2023-2857)NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file(CVE-2023-2858)Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file(CVE-2023-2855)A flaw was found in the IEEE C37.118 Synchrophasor dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service.(CVE-2023-0668)VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file(CVE-2023-2856)GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file(CVE-2023-2879)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="4.ule3" version="3.6.11">
+                         <filename>wireshark-devel-3.6.11-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="4.ule3" version="3.6.11">
+                         <filename>wireshark-debuginfo-3.6.11-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="4.ule3" version="3.6.11">
+                         <filename>wireshark-3.6.11-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="4.ule3" version="3.6.11">
+                         <filename>wireshark-help-3.6.11-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="4.ule3" version="3.6.11">
+                         <filename>wireshark-debugsource-3.6.11-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="4.ule3" version="3.6.11">
+                         <filename>wireshark-debuginfo-3.6.11-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="4.ule3" version="3.6.11">
+                         <filename>wireshark-help-3.6.11-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="4.ule3" version="3.6.11">
+                         <filename>wireshark-devel-3.6.11-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="4.ule3" version="3.6.11">
+                         <filename>wireshark-debugsource-3.6.11-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="4.ule3" version="3.6.11">
+                         <filename>wireshark-3.6.11-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1323</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22998" id="CVE-2023-22998" title="CVE-2023-22998" type="cve"></reference>
+          </references>
+          <description>In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).(CVE-2023-22998)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="504" arch="aarch64" name="kernel-tools-devel" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.96.0.120.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.96.0.120.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.96.0.120.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1326</id>
+          <title>An update for hdf5 is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2019-8396" id="CVE-2019-8396" title="CVE-2019-8396" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-13867" id="CVE-2018-13867" title="CVE-2018-13867" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-14033" id="CVE-2018-14033" title="CVE-2018-14033" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-14460" id="CVE-2018-14460" title="CVE-2018-14460" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-10811" id="CVE-2020-10811" title="CVE-2020-10811" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-37501" id="CVE-2021-37501" title="CVE-2021-37501" type="cve"></reference>
+          </references>
+          <description>A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka &#34;Invalid write of size 2.&#34;(CVE-2019-8396)An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.(CVE-2018-13867)An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.(CVE-2018-14033)An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.(CVE-2018-14460)An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.(CVE-2020-10811)Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.(CVE-2021-37501)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="hdf5-mpich-devel" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-mpich-devel-1.10.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-openmpi-static" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-openmpi-static-1.10.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-openmpi" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-openmpi-1.10.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-mpich" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-mpich-1.10.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-openmpi-devel" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-openmpi-devel-1.10.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-devel" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-devel-1.10.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-debugsource" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-debugsource-1.10.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-mpich-static" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-mpich-static-1.10.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-1.10.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hdf5-debuginfo" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-debuginfo-1.10.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-mpich-static" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-mpich-static-1.10.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-mpich-devel" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-mpich-devel-1.10.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-openmpi-devel" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-openmpi-devel-1.10.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-mpich" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-mpich-1.10.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-debuginfo" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-debuginfo-1.10.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-1.10.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-devel" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-devel-1.10.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-openmpi-static" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-openmpi-static-1.10.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-debugsource" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-debugsource-1.10.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hdf5-openmpi" release="1.ule3" version="1.10.8">
+                         <filename>hdf5-openmpi-1.10.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1332</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2157" id="CVE-2023-2157" title="CVE-2023-2157" type="cve"></reference>
+          </references>
+          <description>A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.(CVE-2023-2157)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="1.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1334</id>
+          <title>An update for openldap is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2953" id="CVE-2023-2953" title="CVE-2023-2953" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.(CVE-2023-2953)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openldap-devel" release="5.ule3" version="2.6.0">
+                         <filename>openldap-devel-2.6.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap" release="5.ule3" version="2.6.0">
+                         <filename>openldap-2.6.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-debugsource" release="5.ule3" version="2.6.0">
+                         <filename>openldap-debugsource-2.6.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-servers" release="5.ule3" version="2.6.0">
+                         <filename>openldap-servers-2.6.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-debuginfo" release="5.ule3" version="2.6.0">
+                         <filename>openldap-debuginfo-2.6.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openldap-clients" release="5.ule3" version="2.6.0">
+                         <filename>openldap-clients-2.6.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="openldap-help" release="5.ule3" version="2.6.0">
+                         <filename>openldap-help-2.6.0-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-debuginfo" release="5.ule3" version="2.6.0">
+                         <filename>openldap-debuginfo-2.6.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-devel" release="5.ule3" version="2.6.0">
+                         <filename>openldap-devel-2.6.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-clients" release="5.ule3" version="2.6.0">
+                         <filename>openldap-clients-2.6.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-servers" release="5.ule3" version="2.6.0">
+                         <filename>openldap-servers-2.6.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap-debugsource" release="5.ule3" version="2.6.0">
+                         <filename>openldap-debugsource-2.6.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openldap" release="5.ule3" version="2.6.0">
+                         <filename>openldap-2.6.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1335</id>
+          <title>An update for cups is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32324" id="CVE-2023-32324" title="CVE-2023-32324" type="cve"></reference>
+          </references>
+          <description>OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.(CVE-2023-32324)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="cups-printerapp" release="6.ule3" version="2.4.0">
+                         <filename>cups-printerapp-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cups" release="6.ule3" version="2.4.0">
+                         <filename>cups-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cups-devel" release="6.ule3" version="2.4.0">
+                         <filename>cups-devel-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cups-libs" release="6.ule3" version="2.4.0">
+                         <filename>cups-libs-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cups-lpd" release="6.ule3" version="2.4.0">
+                         <filename>cups-lpd-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cups-ipptool" release="6.ule3" version="2.4.0">
+                         <filename>cups-ipptool-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cups-debugsource" release="6.ule3" version="2.4.0">
+                         <filename>cups-debugsource-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cups-client" release="6.ule3" version="2.4.0">
+                         <filename>cups-client-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cups-debuginfo" release="6.ule3" version="2.4.0">
+                         <filename>cups-debuginfo-2.4.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="cups-help" release="5.ule3" version="2.4.0">
+                         <filename>cups-help-2.4.0-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="cups-filesystem" release="6.ule3" version="2.4.0">
+                         <filename>cups-filesystem-2.4.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="cups-filesystem" release="5.ule3" version="2.4.0">
+                         <filename>cups-filesystem-2.4.0-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="cups-help" release="6.ule3" version="2.4.0">
+                         <filename>cups-help-2.4.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-client" release="6.ule3" version="2.4.0">
+                         <filename>cups-client-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-ipptool" release="6.ule3" version="2.4.0">
+                         <filename>cups-ipptool-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups" release="6.ule3" version="2.4.0">
+                         <filename>cups-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-devel" release="6.ule3" version="2.4.0">
+                         <filename>cups-devel-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-printerapp" release="6.ule3" version="2.4.0">
+                         <filename>cups-printerapp-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-libs" release="6.ule3" version="2.4.0">
+                         <filename>cups-libs-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-lpd" release="6.ule3" version="2.4.0">
+                         <filename>cups-lpd-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-debuginfo" release="6.ule3" version="2.4.0">
+                         <filename>cups-debuginfo-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cups-debugsource" release="6.ule3" version="2.4.0">
+                         <filename>cups-debugsource-2.4.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1337</id>
+          <title>An update for cpio is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2015-1197" id="CVE-2015-1197" title="CVE-2015-1197" type="cve"></reference>
+          </references>
+          <description>cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.(CVE-2015-1197)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="cpio-debuginfo" release="8.ule3" version="2.13">
+                         <filename>cpio-debuginfo-2.13-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cpio" release="8.ule3" version="2.13">
+                         <filename>cpio-2.13-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cpio-debugsource" release="8.ule3" version="2.13">
+                         <filename>cpio-debugsource-2.13-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="cpio-help" release="8.ule3" version="2.13">
+                         <filename>cpio-help-2.13-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cpio-debuginfo" release="8.ule3" version="2.13">
+                         <filename>cpio-debuginfo-2.13-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cpio-debugsource" release="8.ule3" version="2.13">
+                         <filename>cpio-debugsource-2.13-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cpio" release="8.ule3" version="2.13">
+                         <filename>cpio-2.13-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1339</id>
+          <title>An update for c-ares is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31147" id="CVE-2023-31147" title="CVE-2023-31147" type="cve"></reference>
+          </references>
+          <description>c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.(CVE-2023-31147)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="c-ares" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-1.18.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares-devel" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-devel-1.18.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares-debugsource" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-debugsource-1.18.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares-debuginfo" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-debuginfo-1.18.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="c-ares-help" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-help-1.18.1-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-debuginfo" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-debuginfo-1.18.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-devel" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-devel-1.18.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-1.18.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-debugsource" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-debugsource-1.18.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1341</id>
+          <title>An update for python-requests is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32681" id="CVE-2023-32681" title="CVE-2023-32681" type="cve"></reference>
+          </references>
+          <description>Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.(CVE-2023-32681)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-requests-help" release="7.ule3" version="2.26.0">
+                         <filename>python-requests-help-2.26.0-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-requests" release="7.ule3" version="2.26.0">
+                         <filename>python3-requests-2.26.0-7.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1345</id>
+          <title>An update for libcap is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2602" id="CVE-2023-2602" title="CVE-2023-2602" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2603" id="CVE-2023-2603" title="CVE-2023-2603" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.(CVE-2023-2602)A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.(CVE-2023-2603)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libcap-devel" release="5.ule3" version="2.61">
+                         <filename>libcap-devel-2.61-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcap-debuginfo" release="5.ule3" version="2.61">
+                         <filename>libcap-debuginfo-2.61-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcap-debugsource" release="5.ule3" version="2.61">
+                         <filename>libcap-debugsource-2.61-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcap" release="5.ule3" version="2.61">
+                         <filename>libcap-2.61-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libcap-help" release="5.ule3" version="2.61">
+                         <filename>libcap-help-2.61-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcap-debuginfo" release="5.ule3" version="2.61">
+                         <filename>libcap-debuginfo-2.61-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcap-debugsource" release="5.ule3" version="2.61">
+                         <filename>libcap-debugsource-2.61-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcap" release="5.ule3" version="2.61">
+                         <filename>libcap-2.61-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcap-devel" release="5.ule3" version="2.61">
+                         <filename>libcap-devel-2.61-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1346</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28322" id="CVE-2023-28322" title="CVE-2023-28322" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28321" id="CVE-2023-28321" title="CVE-2023-28321" type="cve"></reference>
+          </references>
+          <description>An information disclosure vulnerability exists in curl &lt;v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.(CVE-2023-28322)An improper certificate validation vulnerability exists in curl &lt;v8.1.0 in the way it supports matching of wildcard patterns when listed as &#34;Subject Alternative Name&#34; in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.(CVE-2023-28321)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="curl-debugsource" release="17.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="17.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl" release="17.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="17.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="17.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="17.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="17.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="17.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="17.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="17.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="17.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1349</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34151" id="CVE-2023-34151" title="CVE-2023-34151" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34153" id="CVE-2023-34153" title="CVE-2023-34153" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).(CVE-2023-34151)A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.(CVE-2023-34153)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="2.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1356</id>
+          <title>An update for openssl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2650" id="CVE-2023-2650" title="CVE-2023-2650" type="cve"></reference>
+          </references>
+          <description>Issue summary: Processing some specially crafted ASN.1 object identifiers ordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no messagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit.  OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens or hundredsof KiBs), the translation to a decimal number in text may take a very longtime.  The time complexity is O(n^2) with &#39;n&#39; being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced.  This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols to specifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL.  If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS.  It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer&#39;s certificate chain.  Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates.  This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause for concern,and the severity is therefore considered low.(CVE-2023-2650)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="openssl" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-libs" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-perl" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debugsource" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-devel" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debuginfo" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="openssl-help" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-help-1.1.1m-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debuginfo" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-devel" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-perl" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-libs" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debugsource" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl" release="20.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1359</id>
+          <title>An update for c-ares is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31130" id="CVE-2023-31130" title="CVE-2023-31130" type="cve"></reference>
+          </references>
+          <description>c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular &#34;0::00:00:00/2&#34; was found to cause an issue.  C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.(CVE-2023-31130)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="c-ares-debugsource" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-debugsource-1.18.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares-debuginfo" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-debuginfo-1.18.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares-devel" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-devel-1.18.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="c-ares" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-1.18.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="c-ares-help" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-help-1.18.1-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-devel" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-devel-1.18.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-1.18.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-debuginfo" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-debuginfo-1.18.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="c-ares-debugsource" release="6.ule3" version="1.18.1">
+                         <filename>c-ares-debugsource-1.18.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1361</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48502" id="CVE-2022-48502" title="CVE-2022-48502" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.(CVE-2022-48502)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1363</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0667" id="CVE-2023-0667" title="CVE-2023-0667" type="cve"></reference>
+          </references>
+          <description>Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark(CVE-2023-0667)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="1.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="1.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="1.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="1.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="1.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="1.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="1.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="1.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="1.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="1.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1365</id>
+          <title>An update for cpp-httplib is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-25"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26130" id="CVE-2023-26130" title="CVE-2023-26130" type="cve"></reference>
+          </references>
+          <description>Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).(CVE-2023-26130)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="cpp-httplib" release="1.ule3" version="0.12.4">
+                         <filename>cpp-httplib-0.12.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cpp-httplib" release="1.ule3" version="0.12.4">
+                         <filename>cpp-httplib-0.12.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1366</id>
+          <title>An update for postgresql-jdbc is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41946" id="CVE-2022-41946" title="CVE-2022-41946" type="cve"></reference>
+          </references>
+          <description>pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system&#39;s temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.(CVE-2022-41946)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="postgresql-jdbc-javadoc" release="2.ule3" version="42.4.1">
+                         <filename>postgresql-jdbc-javadoc-42.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="postgresql-jdbc" release="2.ule3" version="42.4.1">
+                         <filename>postgresql-jdbc-42.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="postgresql-jdbc-help" release="2.ule3" version="42.4.1">
+                         <filename>postgresql-jdbc-help-42.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1369</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-27"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-33288" id="CVE-2023-33288" title="CVE-2023-33288" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2985" id="CVE-2023-2985" title="CVE-2023-2985" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48502" id="CVE-2022-48502" title="CVE-2022-48502" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition.(CVE-2023-33288)A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.(CVE-2023-2985)An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.(CVE-2022-48502)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-devel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-debugsource" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.98.0.122.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.98.0.122.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.98.0.122.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1370</id>
+          <title>An update for python-tornado is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-27"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28370" id="CVE-2023-28370" title="CVE-2023-28370" type="cve"></reference>
+          </references>
+          <description>Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.(CVE-2023-28370)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-tornado-help" release="2.ule3" version="6.1">
+                         <filename>python-tornado-help-6.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-tornado-debuginfo" release="2.ule3" version="6.1">
+                         <filename>python-tornado-debuginfo-6.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-tornado" release="2.ule3" version="6.1">
+                         <filename>python3-tornado-6.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-tornado-debugsource" release="2.ule3" version="6.1">
+                         <filename>python-tornado-debugsource-6.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-tornado-debugsource" release="2.ule3" version="6.1">
+                         <filename>python-tornado-debugsource-6.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-tornado" release="2.ule3" version="6.1">
+                         <filename>python3-tornado-6.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-tornado-help" release="2.ule3" version="6.1">
+                         <filename>python-tornado-help-6.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-tornado-debuginfo" release="2.ule3" version="6.1">
+                         <filename>python-tornado-debuginfo-6.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1373</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-27"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2952" id="CVE-2023-2952" title="CVE-2023-2952" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0667" id="CVE-2023-0667" title="CVE-2023-0667" type="cve"></reference>
+          </references>
+          <description>XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file(CVE-2023-2952)Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark(CVE-2023-0667)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="wireshark-debuginfo" release="1.ule3" version="3.6.0">
+                         <filename>wireshark-debuginfo-3.6.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="wireshark" release="1.ule3" version="3.6.0">
+                         <filename>wireshark-3.6.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="wireshark-debugsource" release="1.ule3" version="3.6.0">
+                         <filename>wireshark-debugsource-3.6.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="wireshark-help" release="1.ule3" version="3.6.0">
+                         <filename>wireshark-help-3.6.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="wireshark-devel" release="1.ule3" version="3.6.0">
+                         <filename>wireshark-devel-3.6.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="wireshark" release="1.ule3" version="3.6.0">
+                         <filename>wireshark-3.6.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="wireshark-debuginfo" release="1.ule3" version="3.6.0">
+                         <filename>wireshark-debuginfo-3.6.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="wireshark-help" release="1.ule3" version="3.6.0">
+                         <filename>wireshark-help-3.6.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="wireshark-devel" release="1.ule3" version="3.6.0">
+                         <filename>wireshark-devel-3.6.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="wireshark-debugsource" release="1.ule3" version="3.6.0">
+                         <filename>wireshark-debugsource-3.6.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1375</id>
+          <title>An update for dbus is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-27"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34969" id="CVE-2023-34969" title="CVE-2023-34969" type="cve"></reference>
+          </references>
+          <description>D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.(CVE-2023-34969)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="dbus-debugsource" release="10.ule3" version="1.12.20">
+                         <filename>dbus-debugsource-1.12.20-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-debuginfo" release="10.ule3" version="1.12.20">
+                         <filename>dbus-debuginfo-1.12.20-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-daemon" release="10.ule3" version="1.12.20">
+                         <filename>dbus-daemon-1.12.20-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-x11" release="10.ule3" version="1.12.20">
+                         <filename>dbus-x11-1.12.20-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-devel" release="10.ule3" version="1.12.20">
+                         <filename>dbus-devel-1.12.20-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-libs" release="10.ule3" version="1.12.20">
+                         <filename>dbus-libs-1.12.20-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus" release="10.ule3" version="1.12.20">
+                         <filename>dbus-1.12.20-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="dbus-tools" release="10.ule3" version="1.12.20">
+                         <filename>dbus-tools-1.12.20-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="dbus-common" release="10.ule3" version="1.12.20">
+                         <filename>dbus-common-1.12.20-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="dbus-help" release="10.ule3" version="1.12.20">
+                         <filename>dbus-help-1.12.20-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-devel" release="10.ule3" version="1.12.20">
+                         <filename>dbus-devel-1.12.20-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-tools" release="10.ule3" version="1.12.20">
+                         <filename>dbus-tools-1.12.20-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus" release="10.ule3" version="1.12.20">
+                         <filename>dbus-1.12.20-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-debugsource" release="10.ule3" version="1.12.20">
+                         <filename>dbus-debugsource-1.12.20-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-debuginfo" release="10.ule3" version="1.12.20">
+                         <filename>dbus-debuginfo-1.12.20-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-libs" release="10.ule3" version="1.12.20">
+                         <filename>dbus-libs-1.12.20-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-daemon" release="10.ule3" version="1.12.20">
+                         <filename>dbus-daemon-1.12.20-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="dbus-x11" release="10.ule3" version="1.12.20">
+                         <filename>dbus-x11-1.12.20-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1378</id>
+          <title>An update for libX11 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-06-27"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3138" id="CVE-2023-3138" title="CVE-2023-3138" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.(CVE-2023-3138)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libX11-debuginfo" release="7.ule3" version="1.7.2">
+                         <filename>libX11-debuginfo-1.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libX11-devel" release="7.ule3" version="1.7.2">
+                         <filename>libX11-devel-1.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libX11" release="7.ule3" version="1.7.2">
+                         <filename>libX11-1.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libX11-debugsource" release="7.ule3" version="1.7.2">
+                         <filename>libX11-debugsource-1.7.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libX11-help" release="7.ule3" version="1.7.2">
+                         <filename>libX11-help-1.7.2-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11" release="7.ule3" version="1.7.2">
+                         <filename>libX11-1.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11-devel" release="7.ule3" version="1.7.2">
+                         <filename>libX11-devel-1.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11-debuginfo" release="7.ule3" version="1.7.2">
+                         <filename>libX11-debuginfo-1.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11-debugsource" release="7.ule3" version="1.7.2">
+                         <filename>libX11-debugsource-1.7.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1381</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1073" id="CVE-2023-1073" title="CVE-2023-1073" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1074" id="CVE-2023-1074" title="CVE-2023-1074" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1095" id="CVE-2023-1095" title="CVE-2023-1095" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3141" id="CVE-2023-3141" title="CVE-2023-3141" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3268" id="CVE-2023-3268" title="CVE-2023-3268" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-35829" id="CVE-2023-35829" title="CVE-2023-35829" type="cve"></reference>
+          </references>
+          <description>A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2023-1073)A memory leak flaw was found in the Linux kernel&#39;s Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.(CVE-2023-1074)In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.(CVE-2023-1095)A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.(CVE-2023-3141)An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.(CVE-2023-3268)An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.(CVE-2023-35829)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.100.0.124.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.100.0.124.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.100.0.124.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1383</id>
+          <title>An update for runc is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28642" id="CVE-2023-28642" title="CVE-2023-28642" type="cve"></reference>
+          </references>
+          <description>runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.(CVE-2023-28642)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="docker-runc" release="310.ule3" version="1.0.0.rc3">
+                         <filename>docker-runc-1.0.0.rc3-310.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-runc" release="310.ule3" version="1.0.0.rc3">
+                         <filename>docker-runc-1.0.0.rc3-310.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1384</id>
+          <title>An update for bind is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2828" id="CVE-2023-2828" title="CVE-2023-2828" type="cve"></reference>
+          </references>
+          <description>Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.(CVE-2023-2828)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="32" arch="aarch64" name="bind-libs" release="18.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-libs" release="18.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-devel" release="18.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-utils" release="18.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-devel" release="18.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-debugsource" release="18.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-utils" release="18.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-chroot" release="18.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-dnssec-utils" release="18.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11" release="18.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind" release="18.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-debuginfo" release="18.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="bind-license" release="18.ule3" version="9.16.23">
+                         <filename>bind-license-9.16.23-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="python3-bind" release="18.ule3" version="9.16.23">
+                         <filename>python3-bind-9.16.23-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="bind-dnssec-doc" release="18.ule3" version="9.16.23">
+                         <filename>bind-dnssec-doc-9.16.23-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-devel" release="18.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-utils" release="18.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-libs" release="18.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-chroot" release="18.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind" release="18.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-devel" release="18.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-dnssec-utils" release="18.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11" release="18.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debuginfo" release="18.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-libs" release="18.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debugsource" release="18.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-utils" release="18.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1385</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26965" id="CVE-2023-26965" title="CVE-2023-26965" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3316" id="CVE-2023-3316" title="CVE-2023-3316" type="cve"></reference>
+          </references>
+          <description>loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.(CVE-2023-26965)A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.(CVE-2023-3316)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-27.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-27.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-27.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-27.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-27.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-27.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-27.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-27.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-27.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-27.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-27.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-27.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="27.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-27.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1386</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29402" id="CVE-2023-29402" title="CVE-2023-29402" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29404" id="CVE-2023-29404" title="CVE-2023-29404" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29405" id="CVE-2023-29405" title="CVE-2023-29405" type="cve"></reference>
+          </references>
+          <description>The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via &#34;go get&#34;, are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).(CVE-2023-29402)The go command may execute arbitrary code at build time when using cgo. This may occur when running &#34;go get&#34; on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a &#34;#cgo LDFLAGS&#34; directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.(CVE-2023-29404)The go command may execute arbitrary code at build time when using cgo. This may occur when running &#34;go get&#34; on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a &#34;#cgo LDFLAGS&#34; directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.(CVE-2023-29405)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="19.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="19.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="19.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="19.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1387</id>
+          <title>An update for qt5-qtbase is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32762" id="CVE-2023-32762" title="CVE-2023-32762" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32763" id="CVE-2023-32763" title="CVE-2023-32763" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.(CVE-2023-32762)An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.(CVE-2023-32763)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qt5-qtbase-postgresql" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-examples" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debugsource" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-static" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debuginfo" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-mysql" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-odbc" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-devel" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-private-devel" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-gui" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="qt5-qtbase-common" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-common-5.15.2-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debuginfo" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-private-devel" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-odbc" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-gui" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-devel" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-examples" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-postgresql" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debugsource" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-mysql" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-static" release="8.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1388</id>
+          <title>An update for iniparser is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-33461" id="CVE-2023-33461" title="CVE-2023-33461" type="cve"></reference>
+          </references>
+          <description>iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring&#39;s return.(CVE-2023-33461)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="iniparser" release="4.ule3" version="4.1">
+                         <filename>iniparser-4.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iniparser" release="4.ule3" version="4.1">
+                         <filename>iniparser-4.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1389</id>
+          <title>An update for perl-HTTP-Tiny is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31486" id="CVE-2023-31486" title="CVE-2023-31486" type="cve"></reference>
+          </references>
+          <description>HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.(CVE-2023-31486)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="perl-HTTP-Tiny-help" release="2.ule3" version="0.080">
+                         <filename>perl-HTTP-Tiny-help-0.080-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-HTTP-Tiny" release="2.ule3" version="0.080">
+                         <filename>perl-HTTP-Tiny-0.080-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1390</id>
+          <title>An update for perl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31486" id="CVE-2023-31486" title="CVE-2023-31486" type="cve"></reference>
+          </references>
+          <description>HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.(CVE-2023-31486)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="perl-devel" release="8.ule3" version="5.34.0">
+                         <filename>perl-devel-5.34.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-debuginfo" release="8.ule3" version="5.34.0">
+                         <filename>perl-debuginfo-5.34.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-libs" release="8.ule3" version="5.34.0">
+                         <filename>perl-libs-5.34.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl" release="8.ule3" version="5.34.0">
+                         <filename>perl-5.34.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-debugsource" release="8.ule3" version="5.34.0">
+                         <filename>perl-debugsource-5.34.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="noarch" name="perl-help" release="8.ule3" version="5.34.0">
+                         <filename>perl-help-5.34.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-libs" release="8.ule3" version="5.34.0">
+                         <filename>perl-libs-5.34.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-debuginfo" release="8.ule3" version="5.34.0">
+                         <filename>perl-debuginfo-5.34.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl" release="8.ule3" version="5.34.0">
+                         <filename>perl-5.34.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-devel" release="8.ule3" version="5.34.0">
+                         <filename>perl-devel-5.34.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-debugsource" release="8.ule3" version="5.34.0">
+                         <filename>perl-debugsource-5.34.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1391</id>
+          <title>An update for bouncycastle is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-33201" id="CVE-2023-33201" title="CVE-2023-33201" type="cve"></reference>
+          </references>
+          <description>A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.(CVE-2023-33201)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="bouncycastle" release="2.ule3" version="1.67">
+                         <filename>bouncycastle-1.67-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1394</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2860" id="CVE-2023-2860" title="CVE-2023-2860" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3006" id="CVE-2023-3006" title="CVE-2023-3006" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31084" id="CVE-2023-31084" title="CVE-2023-31084" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3161" id="CVE-2023-3161" title="CVE-2023-3161" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3212" id="CVE-2023-3212" title="CVE-2023-3212" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34256" id="CVE-2023-34256" title="CVE-2023-34256" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-35788" id="CVE-2023-35788" title="CVE-2023-35788" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-35823" id="CVE-2023-35823" title="CVE-2023-35823" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-35824" id="CVE-2023-35824" title="CVE-2023-35824" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-35828" id="CVE-2023-35828" title="CVE-2023-35828" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. Quoting ZDI security advisory [1]:&#34;This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the processing of seg6 attributes. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.&#34;[1] https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511/(CVE-2023-2860)A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim&#39;s hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible.(CVE-2023-3006)An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&amp;fepriv-&gt;sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&amp;fepriv-&gt;sem) may block the process.(CVE-2023-31084)A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font-&gt;width and font-&gt;height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.(CVE-2023-3161)A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.(CVE-2023-3212)** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated &#34;When modifying the block device while it is mounted by the filesystem&#34; access.(CVE-2023-34256)An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.(CVE-2023-35788)An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.(CVE-2023-35823)An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.(CVE-2023-35824)An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.(CVE-2023-35828)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bpftool" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="kernel-tools-devel" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="bpftool-debuginfo" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.101.0.126.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.101.0.126.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.101.0.126.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1398</id>
+          <title>An update for snappy-java is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34454" id="CVE-2023-34454" title="CVE-2023-34454" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34455" id="CVE-2023-34455" title="CVE-2023-34455" type="cve"></reference>
+          </references>
+          <description>snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error.The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function.Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array.Since the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error.The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place.Version 1.1.10.1 contains a patch for this issue.(CVE-2023-34454)snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1.The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk.In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error.Version 1.1.10.1 contains a patch for this issue.(CVE-2023-34455)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="snappy-java" release="2.ule3" version="1.1.2.4">
+                         <filename>snappy-java-1.1.2.4-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="snappy-java-javadoc" release="2.ule3" version="1.1.2.4">
+                         <filename>snappy-java-javadoc-1.1.2.4-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="snappy-java" release="2.ule3" version="1.1.2.4">
+                         <filename>snappy-java-1.1.2.4-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1399</id>
+          <title>An update for librabbitmq is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-35789" id="CVE-2023-35789" title="CVE-2023-35789" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.(CVE-2023-35789)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="librabbitmq-devel" release="9.ule3" version="0.9.0">
+                         <filename>librabbitmq-devel-0.9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="librabbitmq-debugsource" release="9.ule3" version="0.9.0">
+                         <filename>librabbitmq-debugsource-0.9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="librabbitmq-help" release="9.ule3" version="0.9.0">
+                         <filename>librabbitmq-help-0.9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="librabbitmq-debuginfo" release="9.ule3" version="0.9.0">
+                         <filename>librabbitmq-debuginfo-0.9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="librabbitmq" release="9.ule3" version="0.9.0">
+                         <filename>librabbitmq-0.9.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="librabbitmq-devel" release="9.ule3" version="0.9.0">
+                         <filename>librabbitmq-devel-0.9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="librabbitmq-debuginfo" release="9.ule3" version="0.9.0">
+                         <filename>librabbitmq-debuginfo-0.9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="librabbitmq-debugsource" release="9.ule3" version="0.9.0">
+                         <filename>librabbitmq-debugsource-0.9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="librabbitmq" release="9.ule3" version="0.9.0">
+                         <filename>librabbitmq-0.9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="librabbitmq-help" release="9.ule3" version="0.9.0">
+                         <filename>librabbitmq-help-0.9.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1402</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25433" id="CVE-2023-25433" title="CVE-2023-25433" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26966" id="CVE-2023-26966" title="CVE-2023-26966" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2908" id="CVE-2023-2908" title="CVE-2023-2908" type="cve"></reference>
+          </references>
+          <description>libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.(CVE-2023-25433)libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.(CVE-2023-26966)A null pointer dereference issue was discovered in Libtiff&#39;s tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.(CVE-2023-2908)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-devel" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-28.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="28.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-28.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1403</id>
+          <title>An update for tang is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1672" id="CVE-2023-1672" title="CVE-2023-1672" type="cve"></reference>
+          </references>
+          <description>A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.(CVE-2023-1672)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="tang-debugsource" release="3.ule3" version="7">
+                         <filename>tang-debugsource-7-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tang-debuginfo" release="3.ule3" version="7">
+                         <filename>tang-debuginfo-7-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tang" release="3.ule3" version="7">
+                         <filename>tang-7-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="tang-help" release="3.ule3" version="7">
+                         <filename>tang-help-7-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tang" release="3.ule3" version="7">
+                         <filename>tang-7-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tang-debugsource" release="3.ule3" version="7">
+                         <filename>tang-debugsource-7-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tang-debuginfo" release="3.ule3" version="7">
+                         <filename>tang-debuginfo-7-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1404</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29403" id="CVE-2023-29403" title="CVE-2023-29403" type="cve"></reference>
+          </references>
+          <description>On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.(CVE-2023-29403)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="19.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="19.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="19.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="19.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1407</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34474" id="CVE-2023-34474" title="CVE-2023-34474" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34475" id="CVE-2023-34475" title="CVE-2023-34475" type="cve"></reference>
+          </references>
+          <description>A heap-based buffer overflow issue was discovered in ImageMagick&#39;s ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.(CVE-2023-34474)A heap use after free issue was discovered in ImageMagick&#39;s ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.(CVE-2023-34475)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="3.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1410</id>
+          <title>An update for cups is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34241" id="CVE-2023-34241" title="CVE-2023-34241" type="cve"></reference>
+          </references>
+          <description>OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.The exact cause of this issue is the function `httpClose(con-&gt;http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.Version 2.4.6 has a patch for this issue.(CVE-2023-34241)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="cups-devel" release="8.ule3" version="2.4.0">
+                         <filename>cups-devel-2.4.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-ipptool" release="8.ule3" version="2.4.0">
+                         <filename>cups-ipptool-2.4.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-debugsource" release="8.ule3" version="2.4.0">
+                         <filename>cups-debugsource-2.4.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups" release="8.ule3" version="2.4.0">
+                         <filename>cups-2.4.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-debuginfo" release="8.ule3" version="2.4.0">
+                         <filename>cups-debuginfo-2.4.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-client" release="8.ule3" version="2.4.0">
+                         <filename>cups-client-2.4.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-printerapp" release="8.ule3" version="2.4.0">
+                         <filename>cups-printerapp-2.4.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-libs" release="8.ule3" version="2.4.0">
+                         <filename>cups-libs-2.4.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-lpd" release="8.ule3" version="2.4.0">
+                         <filename>cups-lpd-2.4.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="cups-help" release="8.ule3" version="2.4.0">
+                         <filename>cups-help-2.4.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="cups-filesystem" release="8.ule3" version="2.4.0">
+                         <filename>cups-filesystem-2.4.0-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-ipptool" release="8.ule3" version="2.4.0">
+                         <filename>cups-ipptool-2.4.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-devel" release="8.ule3" version="2.4.0">
+                         <filename>cups-devel-2.4.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-debuginfo" release="8.ule3" version="2.4.0">
+                         <filename>cups-debuginfo-2.4.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups" release="8.ule3" version="2.4.0">
+                         <filename>cups-2.4.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-printerapp" release="8.ule3" version="2.4.0">
+                         <filename>cups-printerapp-2.4.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-lpd" release="8.ule3" version="2.4.0">
+                         <filename>cups-lpd-2.4.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-client" release="8.ule3" version="2.4.0">
+                         <filename>cups-client-2.4.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-debugsource" release="8.ule3" version="2.4.0">
+                         <filename>cups-debugsource-2.4.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-libs" release="8.ule3" version="2.4.0">
+                         <filename>cups-libs-2.4.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1411</id>
+          <title>An update for guava20 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2976" id="CVE-2023-2976" title="CVE-2023-2976" type="cve"></reference>
+          </references>
+          <description>Use of Java&#39;s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.(CVE-2023-2976)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="guava20" release="11.ule3" version="20.0">
+                         <filename>guava20-20.0-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="guava20-help" release="11.ule3" version="20.0">
+                         <filename>guava20-help-20.0-11.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1412</id>
+          <title>An update for guava is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2976" id="CVE-2023-2976" title="CVE-2023-2976" type="cve"></reference>
+          </references>
+          <description>Use of Java&#39;s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.(CVE-2023-2976)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="guava-help" release="6.ule3" version="25.0">
+                         <filename>guava-help-25.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="guava" release="6.ule3" version="25.0">
+                         <filename>guava-25.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="guava-testlib" release="6.ule3" version="25.0">
+                         <filename>guava-testlib-25.0-6.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1414</id>
+          <title>An update for kubernetes is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3162" id="CVE-2022-3162" title="CVE-2022-3162" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3294" id="CVE-2022-3294" title="CVE-2022-3294" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2431" id="CVE-2023-2431" title="CVE-2023-2431" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2727" id="CVE-2023-2727" title="CVE-2023-2727" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2728" id="CVE-2023-2728" title="CVE-2023-2728" type="cve"></reference>
+          </references>
+          <description>Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.(CVE-2022-3162)Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server&#39;s private network.(CVE-2022-3294)A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.(CVE-2023-2431)Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.(CVE-2023-2727)Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.(CVE-2023-2728)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kubernetes-client" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-client-1.20.2-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-kubeadm" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-kubeadm-1.20.2-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-help" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-help-1.20.2-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-1.20.2-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-node" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-node-1.20.2-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-kubelet" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-kubelet-1.20.2-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kubernetes-master" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-master-1.20.2-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-1.20.2-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-master" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-master-1.20.2-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-client" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-client-1.20.2-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-kubelet" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-kubelet-1.20.2-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-node" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-node-1.20.2-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-kubeadm" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-kubeadm-1.20.2-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kubernetes-help" release="20.ule3" version="1.20.2">
+                         <filename>kubernetes-help-1.20.2-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1420</id>
+          <title>An update for perl-CPAN is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31484" id="CVE-2023-31484" title="CVE-2023-31484" type="cve"></reference>
+          </references>
+          <description>CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.(CVE-2023-31484)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="perl-CPAN" release="2.ule3" version="2.29">
+                         <filename>perl-CPAN-2.29-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-CPAN-help" release="2.ule3" version="2.29">
+                         <filename>perl-CPAN-help-2.29-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1421</id>
+          <title>An update for texlive-base is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32700" id="CVE-2023-32700" title="CVE-2023-32700" type="cve"></reference>
+          </references>
+          <description>LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.(CVE-2023-32700)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="7" arch="aarch64" name="texlive-gregoriotex" release="35.ule3" version="20180414">
+                         <filename>texlive-gregoriotex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-gsftopk" release="35.ule3" version="20180414">
+                         <filename>texlive-gsftopk-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-tex4ht" release="35.ule3" version="20180414">
+                         <filename>texlive-tex4ht-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-ptex" release="35.ule3" version="20180414">
+                         <filename>texlive-ptex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-pmx" release="35.ule3" version="20180414">
+                         <filename>texlive-pmx-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-base" release="35.ule3" version="20180414">
+                         <filename>texlive-base-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-cweb" release="35.ule3" version="20180414">
+                         <filename>texlive-cweb-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-dvips" release="35.ule3" version="20180414">
+                         <filename>texlive-dvips-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-vlna" release="35.ule3" version="20180414">
+                         <filename>texlive-vlna-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-omegaware" release="35.ule3" version="20180414">
+                         <filename>texlive-omegaware-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-synctex" release="35.ule3" version="20180414">
+                         <filename>texlive-synctex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-bibtexu" release="35.ule3" version="20180414">
+                         <filename>texlive-bibtexu-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-uptex" release="35.ule3" version="20180414">
+                         <filename>texlive-uptex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-mflua" release="35.ule3" version="20180414">
+                         <filename>texlive-mflua-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-dvicopy" release="35.ule3" version="20180414">
+                         <filename>texlive-dvicopy-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-lcdftypetools" release="35.ule3" version="20180414">
+                         <filename>texlive-lcdftypetools-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-metafont" release="35.ule3" version="20180414">
+                         <filename>texlive-metafont-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-ttfutils" release="35.ule3" version="20180414">
+                         <filename>texlive-ttfutils-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-mfware" release="35.ule3" version="20180414">
+                         <filename>texlive-mfware-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-tex" release="35.ule3" version="20180414">
+                         <filename>texlive-tex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-cjkutils" release="35.ule3" version="20180414">
+                         <filename>texlive-cjkutils-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-metapost" release="35.ule3" version="20180414">
+                         <filename>texlive-metapost-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-pdftools" release="35.ule3" version="20180414">
+                         <filename>texlive-pdftools-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-web" release="35.ule3" version="20180414">
+                         <filename>texlive-web-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-base-debuginfo" release="35.ule3" version="20180414">
+                         <filename>texlive-base-debuginfo-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-bibtex8" release="35.ule3" version="20180414">
+                         <filename>texlive-bibtex8-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-musixtnt" release="35.ule3" version="20180414">
+                         <filename>texlive-musixtnt-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-kpathsea" release="35.ule3" version="20180414">
+                         <filename>texlive-kpathsea-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-axodraw2" release="35.ule3" version="20180414">
+                         <filename>texlive-axodraw2-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-autosp" release="35.ule3" version="20180414">
+                         <filename>texlive-autosp-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-xdvi" release="35.ule3" version="20180414">
+                         <filename>texlive-xdvi-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-dtl" release="35.ule3" version="20180414">
+                         <filename>texlive-dtl-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-ctie" release="35.ule3" version="20180414">
+                         <filename>texlive-ctie-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-makeindex" release="35.ule3" version="20180414">
+                         <filename>texlive-makeindex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-dvipng" release="35.ule3" version="20180414">
+                         <filename>texlive-dvipng-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-bibtex" release="35.ule3" version="20180414">
+                         <filename>texlive-bibtex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-patgen" release="35.ule3" version="20180414">
+                         <filename>texlive-patgen-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-lacheck" release="35.ule3" version="20180414">
+                         <filename>texlive-lacheck-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-aleph" release="35.ule3" version="20180414">
+                         <filename>texlive-aleph-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-dvi2tty" release="35.ule3" version="20180414">
+                         <filename>texlive-dvi2tty-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-dvidvi" release="35.ule3" version="20180414">
+                         <filename>texlive-dvidvi-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-tie" release="35.ule3" version="20180414">
+                         <filename>texlive-tie-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-chktex" release="35.ule3" version="20180414">
+                         <filename>texlive-chktex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-dvipdfmx" release="35.ule3" version="20180414">
+                         <filename>texlive-dvipdfmx-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-base-debugsource" release="35.ule3" version="20180414">
+                         <filename>texlive-base-debugsource-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-pdftex" release="35.ule3" version="20180414">
+                         <filename>texlive-pdftex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-seetexk" release="35.ule3" version="20180414">
+                         <filename>texlive-seetexk-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-luatex" release="35.ule3" version="20180414">
+                         <filename>texlive-luatex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-fontware" release="35.ule3" version="20180414">
+                         <filename>texlive-fontware-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-dviljk" release="35.ule3" version="20180414">
+                         <filename>texlive-dviljk-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-dvisvgm" release="35.ule3" version="20180414">
+                         <filename>texlive-dvisvgm-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-detex" release="35.ule3" version="20180414">
+                         <filename>texlive-detex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-lib-devel" release="35.ule3" version="20180414">
+                         <filename>texlive-lib-devel-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-dvipos" release="35.ule3" version="20180414">
+                         <filename>texlive-dvipos-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-afm2pl" release="35.ule3" version="20180414">
+                         <filename>texlive-afm2pl-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-m-tx" release="35.ule3" version="20180414">
+                         <filename>texlive-m-tx-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-velthuis" release="35.ule3" version="20180414">
+                         <filename>texlive-velthuis-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-pstools" release="35.ule3" version="20180414">
+                         <filename>texlive-pstools-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-xetex" release="35.ule3" version="20180414">
+                         <filename>texlive-xetex-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-texware" release="35.ule3" version="20180414">
+                         <filename>texlive-texware-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-lib" release="35.ule3" version="20180414">
+                         <filename>texlive-lib-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="texlive-ps2pk" release="35.ule3" version="20180414">
+                         <filename>texlive-ps2pk-20180414-35.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-bibexport" release="35.ule3" version="20180414">
+                         <filename>texlive-bibexport-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-mptopdf" release="35.ule3" version="20180414">
+                         <filename>texlive-mptopdf-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-lwarp" release="35.ule3" version="20180414">
+                         <filename>texlive-lwarp-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-crossrefware" release="35.ule3" version="20180414">
+                         <filename>texlive-crossrefware-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pdfcrop" release="35.ule3" version="20180414">
+                         <filename>texlive-pdfcrop-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-findhyph" release="35.ule3" version="20180414">
+                         <filename>texlive-findhyph-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-purifyeps" release="35.ule3" version="20180414">
+                         <filename>texlive-purifyeps-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-urlbst" release="35.ule3" version="20180414">
+                         <filename>texlive-urlbst-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pdfbook2" release="35.ule3" version="20180414">
+                         <filename>texlive-pdfbook2-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-latexdiff" release="35.ule3" version="20180414">
+                         <filename>texlive-latexdiff-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-makedtx" release="35.ule3" version="20180414">
+                         <filename>texlive-makedtx-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-csplain" release="35.ule3" version="20180414">
+                         <filename>texlive-csplain-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-cslatex" release="35.ule3" version="20180414">
+                         <filename>texlive-cslatex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-musixtex" release="35.ule3" version="20180414">
+                         <filename>texlive-musixtex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-rubik" release="35.ule3" version="20180414">
+                         <filename>texlive-rubik-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-tex4ebook" release="35.ule3" version="20180414">
+                         <filename>texlive-tex4ebook-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-latexfileversion" release="35.ule3" version="20180414">
+                         <filename>texlive-latexfileversion-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-de-macro" release="35.ule3" version="20180414">
+                         <filename>texlive-de-macro-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="texlive-ctanupload" release="35.ule3" version="20180414">
+                         <filename>texlive-ctanupload-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-ptex-fontmaps" release="35.ule3" version="20180414">
+                         <filename>texlive-ptex-fontmaps-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pst-pdf" release="35.ule3" version="20180414">
+                         <filename>texlive-pst-pdf-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-mathspic" release="35.ule3" version="20180414">
+                         <filename>texlive-mathspic-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-luaotfload" release="35.ule3" version="20180414">
+                         <filename>texlive-luaotfload-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texloganalyser" release="35.ule3" version="20180414">
+                         <filename>texlive-texloganalyser-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-multibibliography" release="35.ule3" version="20180414">
+                         <filename>texlive-multibibliography-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pfarrei" release="35.ule3" version="20180414">
+                         <filename>texlive-pfarrei-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-bib2gls" release="35.ule3" version="20180414">
+                         <filename>texlive-bib2gls-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-sty2dtx" release="35.ule3" version="20180414">
+                         <filename>texlive-sty2dtx-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-srcredact" release="35.ule3" version="20180414">
+                         <filename>texlive-srcredact-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texdoc" release="35.ule3" version="20180414">
+                         <filename>texlive-texdoc-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-thumbpdf" release="35.ule3" version="20180414">
+                         <filename>texlive-thumbpdf-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texosquery" release="35.ule3" version="20180414">
+                         <filename>texlive-texosquery-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pygmentex" release="35.ule3" version="20180414">
+                         <filename>texlive-pygmentex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-tpic2pdftex" release="35.ule3" version="20180414">
+                         <filename>texlive-tpic2pdftex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pmxchords" release="35.ule3" version="20180414">
+                         <filename>texlive-pmxchords-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-accfonts" release="35.ule3" version="20180414">
+                         <filename>texlive-accfonts-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-match_parens" release="35.ule3" version="20180414">
+                         <filename>texlive-match_parens-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texconfig" release="35.ule3" version="20180414">
+                         <filename>texlive-texconfig-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-listbib" release="35.ule3" version="20180414">
+                         <filename>texlive-listbib-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-wordcount" release="35.ule3" version="20180414">
+                         <filename>texlive-wordcount-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-mex" release="35.ule3" version="20180414">
+                         <filename>texlive-mex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="texlive-exceltex" release="35.ule3" version="20180414">
+                         <filename>texlive-exceltex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-typeoutfileinfo" release="35.ule3" version="20180414">
+                         <filename>texlive-typeoutfileinfo-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-lua2dox" release="35.ule3" version="20180414">
+                         <filename>texlive-lua2dox-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-ltximg" release="35.ule3" version="20180414">
+                         <filename>texlive-ltximg-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-ptex2pdf" release="35.ule3" version="20180414">
+                         <filename>texlive-ptex2pdf-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texdef" release="35.ule3" version="20180414">
+                         <filename>texlive-texdef-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-tetex" release="35.ule3" version="20180414">
+                         <filename>texlive-tetex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-dviasm" release="35.ule3" version="20180414">
+                         <filename>texlive-dviasm-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texlive-en" release="35.ule3" version="20180414">
+                         <filename>texlive-texlive-en-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pedigree-perl" release="35.ule3" version="20180414">
+                         <filename>texlive-pedigree-perl-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-mkgrkindex" release="35.ule3" version="20180414">
+                         <filename>texlive-mkgrkindex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-mkpic" release="35.ule3" version="20180414">
+                         <filename>texlive-mkpic-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-installfont" release="35.ule3" version="20180414">
+                         <filename>texlive-installfont-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-yplan" release="35.ule3" version="20180414">
+                         <filename>texlive-yplan-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pdflatexpicscale" release="35.ule3" version="20180414">
+                         <filename>texlive-pdflatexpicscale-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pax" release="35.ule3" version="20180414">
+                         <filename>texlive-pax-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texlive-scripts" release="35.ule3" version="20180414">
+                         <filename>texlive-texlive-scripts-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-fontinst" release="35.ule3" version="20180414">
+                         <filename>texlive-fontinst-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-ebong" release="35.ule3" version="20180414">
+                         <filename>texlive-ebong-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-listings-ext" release="35.ule3" version="20180414">
+                         <filename>texlive-listings-ext-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-mf2pt1" release="35.ule3" version="20180414">
+                         <filename>texlive-mf2pt1-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-oberdiek" release="35.ule3" version="20180414">
+                         <filename>texlive-oberdiek-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pst2pdf" release="35.ule3" version="20180414">
+                         <filename>texlive-pst2pdf-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texsis" release="35.ule3" version="20180414">
+                         <filename>texlive-texsis-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-arara" release="35.ule3" version="20180414">
+                         <filename>texlive-arara-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-mkjobtexmf" release="35.ule3" version="20180414">
+                         <filename>texlive-mkjobtexmf-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-eplain" release="35.ule3" version="20180414">
+                         <filename>texlive-eplain-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-lollipop" release="35.ule3" version="20180414">
+                         <filename>texlive-lollipop-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="texlive-latexindent" release="35.ule3" version="20180414">
+                         <filename>texlive-latexindent-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-latex-git-log" release="35.ule3" version="20180414">
+                         <filename>texlive-latex-git-log-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-kotex-utils" release="35.ule3" version="20180414">
+                         <filename>texlive-kotex-utils-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-ctanify" release="35.ule3" version="20180414">
+                         <filename>texlive-ctanify-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-fontools" release="35.ule3" version="20180414">
+                         <filename>texlive-fontools-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-latex" release="35.ule3" version="20180414">
+                         <filename>texlive-latex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-epspdf" release="35.ule3" version="20180414">
+                         <filename>texlive-epspdf-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pythontex" release="35.ule3" version="20180414">
+                         <filename>texlive-pythontex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-ltxfileinfo" release="35.ule3" version="20180414">
+                         <filename>texlive-ltxfileinfo-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-petri-nets" release="35.ule3" version="20180414">
+                         <filename>texlive-petri-nets-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texcount" release="35.ule3" version="20180414">
+                         <filename>texlive-texcount-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-latexpand" release="35.ule3" version="20180414">
+                         <filename>texlive-latexpand-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-splitindex" release="35.ule3" version="20180414">
+                         <filename>texlive-splitindex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-checkcites" release="35.ule3" version="20180414">
+                         <filename>texlive-checkcites-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-epstopdf" release="35.ule3" version="20180414">
+                         <filename>texlive-epstopdf-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-dtxgen" release="35.ule3" version="20180414">
+                         <filename>texlive-dtxgen-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-fragmaster" release="35.ule3" version="20180414">
+                         <filename>texlive-fragmaster-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texdiff" release="35.ule3" version="20180414">
+                         <filename>texlive-texdiff-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-dviinfox" release="35.ule3" version="20180414">
+                         <filename>texlive-dviinfox-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-glyphlist" release="35.ule3" version="20180414">
+                         <filename>texlive-glyphlist-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texliveonfly" release="35.ule3" version="20180414">
+                         <filename>texlive-texliveonfly-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-cyrillic" release="35.ule3" version="20180414">
+                         <filename>texlive-cyrillic-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-xmltex" release="35.ule3" version="20180414">
+                         <filename>texlive-xmltex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-authorindex" release="35.ule3" version="20180414">
+                         <filename>texlive-authorindex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-fig4latex" release="35.ule3" version="20180414">
+                         <filename>texlive-fig4latex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-bundledoc" release="35.ule3" version="20180414">
+                         <filename>texlive-bundledoc-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-latex2nemeth" release="35.ule3" version="20180414">
+                         <filename>texlive-latex2nemeth-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-amstex" release="35.ule3" version="20180414">
+                         <filename>texlive-amstex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pdfjam" release="35.ule3" version="20180414">
+                         <filename>texlive-pdfjam-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-ctan-o-mat" release="35.ule3" version="20180414">
+                         <filename>texlive-ctan-o-mat-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pdfxup" release="35.ule3" version="20180414">
+                         <filename>texlive-pdfxup-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-checklistings" release="35.ule3" version="20180414">
+                         <filename>texlive-checklistings-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-lilyglyphs" release="35.ule3" version="20180414">
+                         <filename>texlive-lilyglyphs-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-jadetex" release="35.ule3" version="20180414">
+                         <filename>texlive-jadetex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texdoctk" release="35.ule3" version="20180414">
+                         <filename>texlive-texdoctk-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-dosepsbin" release="35.ule3" version="20180414">
+                         <filename>texlive-dosepsbin-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-lyluatex" release="35.ule3" version="svn47584">
+                         <filename>texlive-lyluatex-svn47584-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-jfmutil" release="35.ule3" version="20180414">
+                         <filename>texlive-jfmutil-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pkfix-helper" release="35.ule3" version="20180414">
+                         <filename>texlive-pkfix-helper-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-pkfix" release="35.ule3" version="20180414">
+                         <filename>texlive-pkfix-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-cachepic" release="35.ule3" version="20180414">
+                         <filename>texlive-cachepic-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-convbkmk" release="35.ule3" version="20180414">
+                         <filename>texlive-convbkmk-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-l3build" release="35.ule3" version="20180414">
+                         <filename>texlive-l3build-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-ulqda" release="35.ule3" version="20180414">
+                         <filename>texlive-ulqda-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-diadia" release="35.ule3" version="20180414">
+                         <filename>texlive-diadia-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-a2ping" release="35.ule3" version="20180414">
+                         <filename>texlive-a2ping-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-latex-papersize" release="35.ule3" version="20180414">
+                         <filename>texlive-latex-papersize-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-getmap" release="35.ule3" version="20180414">
+                         <filename>texlive-getmap-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-mltex" release="35.ule3" version="20180414">
+                         <filename>texlive-mltex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-context" release="35.ule3" version="20180414">
+                         <filename>texlive-context-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-adhocfilelist" release="35.ule3" version="20180414">
+                         <filename>texlive-adhocfilelist-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texdirflatten" release="35.ule3" version="20180414">
+                         <filename>texlive-texdirflatten-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-vpe" release="35.ule3" version="20180414">
+                         <filename>texlive-vpe-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-svn-multi" release="35.ule3" version="20180414">
+                         <filename>texlive-svn-multi-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-glossaries" release="35.ule3" version="20180414">
+                         <filename>texlive-glossaries-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texfot" release="35.ule3" version="20180414">
+                         <filename>texlive-texfot-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-perltex" release="35.ule3" version="20180414">
+                         <filename>texlive-perltex-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-texlive.infra" release="35.ule3" version="20180414">
+                         <filename>texlive-texlive.infra-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-make4ht" release="35.ule3" version="20180414">
+                         <filename>texlive-make4ht-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="noarch" name="texlive-latex2man" release="35.ule3" version="20180414">
+                         <filename>texlive-latex2man-20180414-35.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-detex" release="35.ule3" version="20180414">
+                         <filename>texlive-detex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-ctie" release="35.ule3" version="20180414">
+                         <filename>texlive-ctie-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-xetex" release="35.ule3" version="20180414">
+                         <filename>texlive-xetex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-lcdftypetools" release="35.ule3" version="20180414">
+                         <filename>texlive-lcdftypetools-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-tex" release="35.ule3" version="20180414">
+                         <filename>texlive-tex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-texware" release="35.ule3" version="20180414">
+                         <filename>texlive-texware-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-synctex" release="35.ule3" version="20180414">
+                         <filename>texlive-synctex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-ptex" release="35.ule3" version="20180414">
+                         <filename>texlive-ptex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-cweb" release="35.ule3" version="20180414">
+                         <filename>texlive-cweb-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-dviljk" release="35.ule3" version="20180414">
+                         <filename>texlive-dviljk-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-pmx" release="35.ule3" version="20180414">
+                         <filename>texlive-pmx-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-base-debuginfo" release="35.ule3" version="20180414">
+                         <filename>texlive-base-debuginfo-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-uptex" release="35.ule3" version="20180414">
+                         <filename>texlive-uptex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-base" release="35.ule3" version="20180414">
+                         <filename>texlive-base-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-pstools" release="35.ule3" version="20180414">
+                         <filename>texlive-pstools-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-web" release="35.ule3" version="20180414">
+                         <filename>texlive-web-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-gregoriotex" release="35.ule3" version="20180414">
+                         <filename>texlive-gregoriotex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-metapost" release="35.ule3" version="20180414">
+                         <filename>texlive-metapost-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-lib-devel" release="35.ule3" version="20180414">
+                         <filename>texlive-lib-devel-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-cjkutils" release="35.ule3" version="20180414">
+                         <filename>texlive-cjkutils-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-autosp" release="35.ule3" version="20180414">
+                         <filename>texlive-autosp-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-dvips" release="35.ule3" version="20180414">
+                         <filename>texlive-dvips-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-tie" release="35.ule3" version="20180414">
+                         <filename>texlive-tie-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-lib" release="35.ule3" version="20180414">
+                         <filename>texlive-lib-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-dvipdfmx" release="35.ule3" version="20180414">
+                         <filename>texlive-dvipdfmx-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-fontware" release="35.ule3" version="20180414">
+                         <filename>texlive-fontware-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-dvi2tty" release="35.ule3" version="20180414">
+                         <filename>texlive-dvi2tty-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-tex4ht" release="35.ule3" version="20180414">
+                         <filename>texlive-tex4ht-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-musixtnt" release="35.ule3" version="20180414">
+                         <filename>texlive-musixtnt-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-vlna" release="35.ule3" version="20180414">
+                         <filename>texlive-vlna-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-dvicopy" release="35.ule3" version="20180414">
+                         <filename>texlive-dvicopy-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-axodraw2" release="35.ule3" version="20180414">
+                         <filename>texlive-axodraw2-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-ps2pk" release="35.ule3" version="20180414">
+                         <filename>texlive-ps2pk-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-velthuis" release="35.ule3" version="20180414">
+                         <filename>texlive-velthuis-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-makeindex" release="35.ule3" version="20180414">
+                         <filename>texlive-makeindex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-xdvi" release="35.ule3" version="20180414">
+                         <filename>texlive-xdvi-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-metafont" release="35.ule3" version="20180414">
+                         <filename>texlive-metafont-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-gsftopk" release="35.ule3" version="20180414">
+                         <filename>texlive-gsftopk-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-seetexk" release="35.ule3" version="20180414">
+                         <filename>texlive-seetexk-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-pdftex" release="35.ule3" version="20180414">
+                         <filename>texlive-pdftex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-dtl" release="35.ule3" version="20180414">
+                         <filename>texlive-dtl-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-aleph" release="35.ule3" version="20180414">
+                         <filename>texlive-aleph-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-dvidvi" release="35.ule3" version="20180414">
+                         <filename>texlive-dvidvi-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-mflua" release="35.ule3" version="20180414">
+                         <filename>texlive-mflua-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-kpathsea" release="35.ule3" version="20180414">
+                         <filename>texlive-kpathsea-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-lacheck" release="35.ule3" version="20180414">
+                         <filename>texlive-lacheck-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-omegaware" release="35.ule3" version="20180414">
+                         <filename>texlive-omegaware-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-mfware" release="35.ule3" version="20180414">
+                         <filename>texlive-mfware-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-dvisvgm" release="35.ule3" version="20180414">
+                         <filename>texlive-dvisvgm-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-bibtex8" release="35.ule3" version="20180414">
+                         <filename>texlive-bibtex8-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-afm2pl" release="35.ule3" version="20180414">
+                         <filename>texlive-afm2pl-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-pdftools" release="35.ule3" version="20180414">
+                         <filename>texlive-pdftools-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-luatex" release="35.ule3" version="20180414">
+                         <filename>texlive-luatex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-patgen" release="35.ule3" version="20180414">
+                         <filename>texlive-patgen-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-base-debugsource" release="35.ule3" version="20180414">
+                         <filename>texlive-base-debugsource-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-bibtexu" release="35.ule3" version="20180414">
+                         <filename>texlive-bibtexu-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-bibtex" release="35.ule3" version="20180414">
+                         <filename>texlive-bibtex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-chktex" release="35.ule3" version="20180414">
+                         <filename>texlive-chktex-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-ttfutils" release="35.ule3" version="20180414">
+                         <filename>texlive-ttfutils-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-m-tx" release="35.ule3" version="20180414">
+                         <filename>texlive-m-tx-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-dvipng" release="35.ule3" version="20180414">
+                         <filename>texlive-dvipng-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="texlive-dvipos" release="35.ule3" version="20180414">
+                         <filename>texlive-dvipos-20180414-35.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1422</id>
+          <title>An update for syslinux is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2016-9841" id="CVE-2016-9841" title="CVE-2016-9841" type="cve"></reference>
+          </references>
+          <description>inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.(CVE-2016-9841)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="syslinux-tftpboot" release="14.ule3" version="6.04">
+                         <filename>syslinux-tftpboot-6.04-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="syslinux-extlinux-nonlinux" release="14.ule3" version="6.04">
+                         <filename>syslinux-extlinux-nonlinux-6.04-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="syslinux-nonlinux" release="14.ule3" version="6.04">
+                         <filename>syslinux-nonlinux-6.04-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-extlinux" release="14.ule3" version="6.04">
+                         <filename>syslinux-extlinux-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-debugsource" release="14.ule3" version="6.04">
+                         <filename>syslinux-debugsource-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-devel" release="14.ule3" version="6.04">
+                         <filename>syslinux-devel-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux" release="14.ule3" version="6.04">
+                         <filename>syslinux-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-debuginfo" release="14.ule3" version="6.04">
+                         <filename>syslinux-debuginfo-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-perl" release="14.ule3" version="6.04">
+                         <filename>syslinux-perl-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-efi64" release="14.ule3" version="6.04">
+                         <filename>syslinux-efi64-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1423</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3389" id="CVE-2023-3389" title="CVE-2023-3389" type="cve"></reference>
+          </references>
+          <description>A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).(CVE-2023-3389)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bpftool" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.102.0.128.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="3" arch="x86_64" name="python3-perf" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.102.0.128.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.102.0.128.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1426</id>
+          <title>An update for ncurses is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29491" id="CVE-2023-29491" title="CVE-2023-29491" type="cve"></reference>
+          </references>
+          <description>ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.(CVE-2023-29491)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ncurses-devel" release="6.ule3" version="6.3">
+                         <filename>ncurses-devel-6.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-debugsource" release="6.ule3" version="6.3">
+                         <filename>ncurses-debugsource-6.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-libs" release="6.ule3" version="6.3">
+                         <filename>ncurses-libs-6.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-compat-libs" release="6.ule3" version="6.3">
+                         <filename>ncurses-compat-libs-6.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-help" release="6.ule3" version="6.3">
+                         <filename>ncurses-help-6.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses" release="6.ule3" version="6.3">
+                         <filename>ncurses-6.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-debuginfo" release="6.ule3" version="6.3">
+                         <filename>ncurses-debuginfo-6.3-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ncurses-base" release="6.ule3" version="6.3">
+                         <filename>ncurses-base-6.3-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-debugsource" release="6.ule3" version="6.3">
+                         <filename>ncurses-debugsource-6.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-libs" release="6.ule3" version="6.3">
+                         <filename>ncurses-libs-6.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-devel" release="6.ule3" version="6.3">
+                         <filename>ncurses-devel-6.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-debuginfo" release="6.ule3" version="6.3">
+                         <filename>ncurses-debuginfo-6.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses" release="6.ule3" version="6.3">
+                         <filename>ncurses-6.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-help" release="6.ule3" version="6.3">
+                         <filename>ncurses-help-6.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-compat-libs" release="6.ule3" version="6.3">
+                         <filename>ncurses-compat-libs-6.3-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1427</id>
+          <title>An update for ruby is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-36617" id="CVE-2023-36617" title="CVE-2023-36617" type="cve"></reference>
+          </references>
+          <description>A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.(CVE-2023-36617)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="rubygem-psych" release="131.ule3" version="3.3.2">
+                         <filename>rubygem-psych-3.3.2-131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby" release="131.ule3" version="3.0.3">
+                         <filename>ruby-3.0.3-131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-bigdecimal" release="131.ule3" version="3.0.0">
+                         <filename>rubygem-bigdecimal-3.0.0-131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-openssl" release="131.ule3" version="2.2.1">
+                         <filename>rubygem-openssl-2.2.1-131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-json" release="131.ule3" version="2.5.1">
+                         <filename>rubygem-json-2.5.1-131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-io-console" release="131.ule3" version="0.5.7">
+                         <filename>rubygem-io-console-0.5.7-131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-debugsource" release="131.ule3" version="3.0.3">
+                         <filename>ruby-debugsource-3.0.3-131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-debuginfo" release="131.ule3" version="3.0.3">
+                         <filename>ruby-debuginfo-3.0.3-131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-devel" release="131.ule3" version="3.0.3">
+                         <filename>ruby-devel-3.0.3-131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-typeprof" release="131.ule3" version="0.15.2">
+                         <filename>rubygem-typeprof-0.15.2-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ruby-help" release="131.ule3" version="3.0.3">
+                         <filename>ruby-help-3.0.3-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rdoc" release="131.ule3" version="6.3.3">
+                         <filename>rubygem-rdoc-6.3.3-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-bundler" release="131.ule3" version="2.2.32">
+                         <filename>rubygem-bundler-2.2.32-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-minitest" release="131.ule3" version="5.14.2">
+                         <filename>rubygem-minitest-5.14.2-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygems" release="131.ule3" version="3.2.32">
+                         <filename>rubygems-3.2.32-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ruby-irb" release="131.ule3" version="3.0.3">
+                         <filename>ruby-irb-3.0.3-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rbs" release="131.ule3" version="1.4.0">
+                         <filename>rubygem-rbs-1.4.0-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rake" release="131.ule3" version="13.0.3">
+                         <filename>rubygem-rake-13.0.3-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-test-unit" release="131.ule3" version="3.3.7">
+                         <filename>rubygem-test-unit-3.3.7-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygems-devel" release="131.ule3" version="3.2.32">
+                         <filename>rubygems-devel-3.2.32-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-did_you_mean" release="131.ule3" version="1.5.0">
+                         <filename>rubygem-did_you_mean-1.5.0-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rexml" release="131.ule3" version="3.2.5">
+                         <filename>rubygem-rexml-3.2.5-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rss" release="131.ule3" version="0.2.9">
+                         <filename>rubygem-rss-0.2.9-131.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-openssl" release="131.ule3" version="2.2.1">
+                         <filename>rubygem-openssl-2.2.1-131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-io-console" release="131.ule3" version="0.5.7">
+                         <filename>rubygem-io-console-0.5.7-131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-devel" release="131.ule3" version="3.0.3">
+                         <filename>ruby-devel-3.0.3-131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-debuginfo" release="131.ule3" version="3.0.3">
+                         <filename>ruby-debuginfo-3.0.3-131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-debugsource" release="131.ule3" version="3.0.3">
+                         <filename>ruby-debugsource-3.0.3-131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-psych" release="131.ule3" version="3.3.2">
+                         <filename>rubygem-psych-3.3.2-131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby" release="131.ule3" version="3.0.3">
+                         <filename>ruby-3.0.3-131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-json" release="131.ule3" version="2.5.1">
+                         <filename>rubygem-json-2.5.1-131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-bigdecimal" release="131.ule3" version="3.0.0">
+                         <filename>rubygem-bigdecimal-3.0.0-131.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1430</id>
+          <title>An update for edk2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4304" id="CVE-2022-4304" title="CVE-2022-4304" type="cve"></reference>
+          </references>
+          <description>A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.(CVE-2022-4304)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="edk2-debugsource" release="12.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-debuginfo" release="12.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-devel" release="12.ule3" version="202011">
+                         <filename>edk2-devel-202011-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-help" release="12.ule3" version="202011">
+                         <filename>edk2-help-202011-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-ovmf" release="12.ule3" version="202011">
+                         <filename>edk2-ovmf-202011-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-aarch64" release="12.ule3" version="202011">
+                         <filename>edk2-aarch64-202011-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-edk2-devel" release="12.ule3" version="202011">
+                         <filename>python3-edk2-devel-202011-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debuginfo" release="12.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debugsource" release="12.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-devel" release="12.ule3" version="202011">
+                         <filename>edk2-devel-202011-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1432</id>
+          <title>An update for gnuplot is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-25969" id="CVE-2020-25969" title="CVE-2020-25969" type="cve"></reference>
+          </references>
+          <description>gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().(CVE-2020-25969)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gnuplot-debugsource" release="13.ule3" version="5.0.6">
+                         <filename>gnuplot-debugsource-5.0.6-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnuplot" release="13.ule3" version="5.0.6">
+                         <filename>gnuplot-5.0.6-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnuplot-debuginfo" release="13.ule3" version="5.0.6">
+                         <filename>gnuplot-debuginfo-5.0.6-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gnuplot-help" release="13.ule3" version="5.0.6">
+                         <filename>gnuplot-help-5.0.6-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnuplot-debuginfo" release="13.ule3" version="5.0.6">
+                         <filename>gnuplot-debuginfo-5.0.6-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnuplot" release="13.ule3" version="5.0.6">
+                         <filename>gnuplot-5.0.6-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnuplot-debugsource" release="13.ule3" version="5.0.6">
+                         <filename>gnuplot-debugsource-5.0.6-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1433</id>
+          <title>An update for zlib is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2016-9840" id="CVE-2016-9840" title="CVE-2016-9840" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2016-9842" id="CVE-2016-9842" title="CVE-2016-9842" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2016-9843" id="CVE-2016-9843" title="CVE-2016-9843" type="cve"></reference>
+          </references>
+          <description>inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.(CVE-2016-9840)The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.(CVE-2016-9842)CVE-2016-9840:inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.  CVE-2016-9841:inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.  CVE-2016-9842:The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.  CVE-2016-9843:The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="syslinux-extlinux-nonlinux" release="14.ule3" version="6.04">
+                         <filename>syslinux-extlinux-nonlinux-6.04-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="syslinux-nonlinux" release="14.ule3" version="6.04">
+                         <filename>syslinux-nonlinux-6.04-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="syslinux-tftpboot" release="14.ule3" version="6.04">
+                         <filename>syslinux-tftpboot-6.04-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-extlinux" release="14.ule3" version="6.04">
+                         <filename>syslinux-extlinux-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-perl" release="14.ule3" version="6.04">
+                         <filename>syslinux-perl-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-debugsource" release="14.ule3" version="6.04">
+                         <filename>syslinux-debugsource-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux" release="14.ule3" version="6.04">
+                         <filename>syslinux-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-debuginfo" release="14.ule3" version="6.04">
+                         <filename>syslinux-debuginfo-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-devel" release="14.ule3" version="6.04">
+                         <filename>syslinux-devel-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="syslinux-efi64" release="14.ule3" version="6.04">
+                         <filename>syslinux-efi64-6.04-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1434</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3576" id="CVE-2023-3576" title="CVE-2023-3576" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in libtiff where a memory leak exists in tools/tiffcrop.c.References:https://gitlab.com/libtiff/libtiff/-/merge_requests/475(CVE-2023-3576)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-29.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-29.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-29.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-29.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-29.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-29.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="29.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-29.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1435</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1295" id="CVE-2023-1295" title="CVE-2023-1295" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3090" id="CVE-2023-3090" title="CVE-2023-3090" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3117" id="CVE-2023-3117" title="CVE-2023-3117" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31248" id="CVE-2023-31248" title="CVE-2023-31248" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3220" id="CVE-2023-3220" title="CVE-2023-3220" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3338" id="CVE-2023-3338" title="CVE-2023-3338" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3358" id="CVE-2023-3358" title="CVE-2023-3358" type="cve"></reference>
+          </references>
+          <description>A time-of-check to time-of-use issue exists in io_uring subsystem&#39;s IORING_OP_CLOSE operation in the Linux kernel&#39;s versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.(CVE-2023-1295)A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.The out-of-bounds write is caused by missing skb-&gt;cb  initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.(CVE-2023-3090)A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.(CVE-2023-3117)Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace(CVE-2023-31248)An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.(CVE-2023-3220)A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system.(CVE-2023-3338)A null pointer dereference was found in the Linux kernel&#39;s Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.(CVE-2023-3358)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.103.0.130.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.103.0.130.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.103.0.130.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1440</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-21"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-36053" id="CVE-2023-36053" title="CVE-2023-36053" type="cve"></reference>
+          </references>
+          <description>In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.(CVE-2023-36053)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-Django" release="6.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-django-help" release="6.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-6.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1441</id>
+          <title>An update for cjose is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37464" id="CVE-2023-37464" title="CVE-2023-37464" type="cve"></reference>
+          </references>
+          <description>OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec  says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version &gt;= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).(CVE-2023-37464)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="cjose-devel" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-devel-0.6.2.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cjose-debuginfo" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-debuginfo-0.6.2.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cjose-debugsource" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-debugsource-0.6.2.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cjose" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-0.6.2.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cjose-devel" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-devel-0.6.2.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cjose-debuginfo" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-debuginfo-0.6.2.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cjose-debugsource" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-debugsource-0.6.2.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cjose" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-0.6.2.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cjose-devel" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-devel-0.6.2.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cjose-debugsource" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-debugsource-0.6.2.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cjose-debuginfo" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-debuginfo-0.6.2.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cjose" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-0.6.2.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cjose-devel" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-devel-0.6.2.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cjose-debugsource" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-debugsource-0.6.2.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cjose-debuginfo" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-debuginfo-0.6.2.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cjose" release="1.ule3" version="0.6.2.2">
+                         <filename>cjose-0.6.2.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1442</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3428" id="CVE-2023-3428" title="CVE-2023-3428" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in ImageMagick &lt;=7.1.1, where heap-based buffer overflow was found in coders/tiff.c.References:https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790(CVE-2023-3428)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="4.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1443</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32001" id="CVE-2023-32001" title="CVE-2023-32001" type="cve"></reference>
+          </references>
+          <description>libcurl can be told to save cookie, HSTS and/or alt-svc data to files. Whendoing this, it called `stat()` followed by `fopen()` in a way that made itvulnerable to a TOCTOU race condition problem.By exploiting this flaw, an attacker could trick the victim to create oroverwrite protected files holding this data in ways it was not intended to.(CVE-2023-32001)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="curl" release="23.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="23.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="23.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="23.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="23.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="23.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-23.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="23.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="23.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="23.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="23.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="23.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-23.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1448</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45886" id="CVE-2022-45886" title="CVE-2022-45886" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3390" id="CVE-2023-3390" title="CVE-2023-3390" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-35001" id="CVE-2023-35001" title="CVE-2023-35001" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.(CVE-2022-45886)A use-after-free vulnerability was found in the Linux kernel&#39;s netfilter subsystem in net/netfilter/nf_tables_api.c.Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.(CVE-2023-3390)Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace(CVE-2023-35001)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.104.0.131.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.104.0.131.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.104.0.131.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1451</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2127" id="CVE-2022-2127" title="CVE-2022-2127" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34966" id="CVE-2023-34966" title="CVE-2023-34966" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34967" id="CVE-2023-34967" title="CVE-2023-34967" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.(CVE-2022-2127)An infinite loop vulnerability was found in Samba&#39;s mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.(CVE-2023-34966)A Type Confusion vulnerability was found in Samba&#39;s mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.(CVE-2023-34967)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ctdb" release="22.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient" release="22.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="22.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="22.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="22.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="22.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="22.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="22.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="22.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="22.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="22.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common" release="22.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-libs" release="22.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="22.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="22.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="22.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-clients" release="22.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="22.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="22.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common-tools" release="22.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debugsource" release="22.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="22.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="22.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="22.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient-devel" release="22.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind" release="22.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="22.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-22.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="22.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="22.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="22.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="22.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="22.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="22.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="22.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="22.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="22.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="22.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="22.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="22.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="22.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="22.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="22.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="22.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="22.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="22.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="22.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="22.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="22.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="22.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="22.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="22.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="22.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="22.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="22.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-22.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1456</id>
+          <title>An update for python-reportlab is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-07-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-33733" id="CVE-2023-33733" title="CVE-2023-33733" type="cve"></reference>
+          </references>
+          <description>Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.(CVE-2023-33733)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-reportlab-debuginfo" release="2.ule3" version="3.6.10">
+                         <filename>python-reportlab-debuginfo-3.6.10-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-reportlab-debugsource" release="2.ule3" version="3.6.10">
+                         <filename>python-reportlab-debugsource-3.6.10-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-reportlab" release="2.ule3" version="3.6.10">
+                         <filename>python3-reportlab-3.6.10-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-reportlab-help" release="2.ule3" version="3.6.10">
+                         <filename>python-reportlab-help-3.6.10-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-reportlab-debuginfo" release="2.ule3" version="3.6.10">
+                         <filename>python-reportlab-debuginfo-3.6.10-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-reportlab-debugsource" release="2.ule3" version="3.6.10">
+                         <filename>python-reportlab-debugsource-3.6.10-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-reportlab" release="2.ule3" version="3.6.10">
+                         <filename>python3-reportlab-3.6.10-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1457</id>
+          <title>An update for python-certifi is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23491" id="CVE-2022-23491" title="CVE-2022-23491" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37920" id="CVE-2023-37920" title="CVE-2023-37920" type="cve"></reference>
+          </references>
+          <description>Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from &#34;TrustCor&#34; from the root store. These are in the process of being removed from Mozilla&#39;s trust store. TrustCor&#39;s root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor&#39;s ownership also operated a business that produced spyware. Conclusions of Mozilla&#39;s investigation can be found in the linked google group discussion.(CVE-2022-23491)Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes &#34;e-Tugra&#34; root certificates. e-Tugra&#39;s root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from &#34;e-Tugra&#34; from the root store.(CVE-2023-37920)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-certifi-help" release="1.ule3" version="2023.7.22">
+                         <filename>python-certifi-help-2023.7.22-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-certifi" release="1.ule3" version="2023.7.22">
+                         <filename>python3-certifi-2023.7.22-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1458</id>
+          <title>An update for redis is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24834" id="CVE-2022-24834" title="CVE-2022-24834" type="cve"></reference>
+          </references>
+          <description>Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.(CVE-2022-24834)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="redis-debuginfo" release="6.ule3" version="4.0.14">
+                         <filename>redis-debuginfo-4.0.14-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis" release="6.ule3" version="4.0.14">
+                         <filename>redis-4.0.14-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="redis-debugsource" release="6.ule3" version="4.0.14">
+                         <filename>redis-debugsource-4.0.14-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis-debugsource" release="6.ule3" version="4.0.14">
+                         <filename>redis-debugsource-4.0.14-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis" release="6.ule3" version="4.0.14">
+                         <filename>redis-4.0.14-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="redis-debuginfo" release="6.ule3" version="4.0.14">
+                         <filename>redis-debuginfo-4.0.14-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1461</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38288" id="CVE-2023-38288" title="CVE-2023-38288" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38289" id="CVE-2023-38289" title="CVE-2023-38289" type="cve"></reference>
+          </references>
+          <description>Multiple potential integer overflow in raw2tiff.c in libtiff &lt;= 4.5.1 can allow remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow.(CVE-2023-38288)Multiple potential integer overflow in tiffcp.c in libtiff &lt;= 4.5.1 can allow remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow.(CVE-2023-38289)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-devel" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-30.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-30.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-30.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-30.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-30.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-30.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-30.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-30.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-30.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-30.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-30.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-30.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="30.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-30.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1466</id>
+          <title>An update for openssl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3446" id="CVE-2023-3446" title="CVE-2023-3446" type="cve"></reference>
+          </references>
+          <description>Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One of thosechecks confirms that the modulus (&#39;p&#39; parameter) is not too large. Trying to usea very large modulus is slow and OpenSSL will not normally use a modulus whichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key or parametersthat have been supplied. Some of those checks use the supplied modulus valueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the &#39;-check&#39; option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3446)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="openssl-devel" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-libs" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debuginfo" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debugsource" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-perl" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="openssl-help" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-help-1.1.1m-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-perl" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-libs" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debuginfo" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debugsource" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-devel" release="21.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-21.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1471</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21255" id="CVE-2023-21255" title="CVE-2023-21255" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2163" id="CVE-2023-2163" title="CVE-2023-2163" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32248" id="CVE-2023-32248" title="CVE-2023-32248" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32255" id="CVE-2023-32255" title="CVE-2023-32255" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3567" id="CVE-2023-3567" title="CVE-2023-3567" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3609" id="CVE-2023-3609" title="CVE-2023-3609" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3610" id="CVE-2023-3610" title="CVE-2023-3610" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3611" id="CVE-2023-3611" title="CVE-2023-3611" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3776" id="CVE-2023-3776" title="CVE-2023-3776" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3812" id="CVE-2023-3812" title="CVE-2023-3812" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38426" id="CVE-2023-38426" title="CVE-2023-38426" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38428" id="CVE-2023-38428" title="CVE-2023-38428" type="cve"></reference>
+          </references>
+          <description>In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2023-21255)(CVE-2023-2163)A flaw was found in the Linux kernel&#39;s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.(CVE-2023-32248)VUL-0: CVE-2023-32255: kernel: Linux Kernel ksmbd Session Setup Memory Leak Denial-of-Service Vulnerability(CVE-2023-32255)A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal kernel information.(CVE-2023-3567)A use-after-free vulnerability in the Linux kernel&#39;s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.(CVE-2023-3609)A use-after-free vulnerability in the Linux kernel&#39;s netfilter: nf_tables component can be exploited to achieve local privilege escalation.Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.(CVE-2023-3610)An out-of-bounds write vulnerability in the Linux kernel&#39;s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.(CVE-2023-3611)A use-after-free vulnerability in the Linux kernel&#39;s net/sched: cls_fw component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.(CVE-2023-3776)An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2023-3812)An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context&#39;s name_len is larger than the tag length.(CVE-2023-38426)An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.(CVE-2023-38428)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.105.0.132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.105.0.132.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.105.0.132.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1474</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1050" id="CVE-2022-1050" title="CVE-2022-1050" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0664" id="CVE-2023-0664" title="CVE-2023-0664" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2861" id="CVE-2023-2861" title="CVE-2023-2861" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the QEMU implementation of VMWare&#39;s paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.(CVE-2022-1050)A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent&#39;s Windows installer via repair custom actions to elevate their privileges on the system.(CVE-2023-0664)A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.(CVE-2023-2861)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="10" arch="aarch64" name="qemu-system-riscv" release="72.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-guest-agent" release="72.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-x86_64" release="72.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu" release="72.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-aarch64" release="72.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-iscsi" release="72.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-debugsource" release="72.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-rbd" release="72.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-hw-usb-host" release="72.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-curl" release="72.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-debuginfo" release="72.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-ssh" release="72.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-img" release="72.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-arm" release="72.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-72.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="noarch" name="qemu-help" release="72.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-72.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-riscv" release="72.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-hw-usb-host" release="72.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-ssh" release="72.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-arm" release="72.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-img" release="72.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu" release="72.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-guest-agent" release="72.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-curl" release="72.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debuginfo" release="72.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debugsource" release="72.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-rbd" release="72.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-aarch64" release="72.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-seabios" release="72.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-iscsi" release="72.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-x86_64" release="72.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-72.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1477</id>
+          <title>An update for python-pygments is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40896" id="CVE-2022-40896" title="CVE-2022-40896" type="cve"></reference>
+          </references>
+          <description>A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.(CVE-2022-40896)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-pygments-help" release="4.ule3" version="2.10.0">
+                         <filename>python-pygments-help-2.10.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-pygments" release="4.ule3" version="2.10.0">
+                         <filename>python3-pygments-2.10.0-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1480</id>
+          <title>An update for openssh is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-06"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38408" id="CVE-2023-38408" title="CVE-2023-38408" type="cve"></reference>
+          </references>
+          <description>The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.(CVE-2023-38408)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="pam_ssh_agent_auth" release="4.22.ule3" version="0.10.4">
+                         <filename>pam_ssh_agent_auth-0.10.4-4.22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-debuginfo" release="22.ule3" version="8.8p1">
+                         <filename>openssh-debuginfo-8.8p1-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-keycat" release="22.ule3" version="8.8p1">
+                         <filename>openssh-keycat-8.8p1-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-clients" release="22.ule3" version="8.8p1">
+                         <filename>openssh-clients-8.8p1-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-server" release="22.ule3" version="8.8p1">
+                         <filename>openssh-server-8.8p1-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-debugsource" release="22.ule3" version="8.8p1">
+                         <filename>openssh-debugsource-8.8p1-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh" release="22.ule3" version="8.8p1">
+                         <filename>openssh-8.8p1-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-askpass" release="22.ule3" version="8.8p1">
+                         <filename>openssh-askpass-8.8p1-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="openssh-help" release="22.ule3" version="8.8p1">
+                         <filename>openssh-help-8.8p1-22.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-debuginfo" release="22.ule3" version="8.8p1">
+                         <filename>openssh-debuginfo-8.8p1-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-clients" release="22.ule3" version="8.8p1">
+                         <filename>openssh-clients-8.8p1-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-debugsource" release="22.ule3" version="8.8p1">
+                         <filename>openssh-debugsource-8.8p1-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh" release="22.ule3" version="8.8p1">
+                         <filename>openssh-8.8p1-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-server" release="22.ule3" version="8.8p1">
+                         <filename>openssh-server-8.8p1-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-askpass" release="22.ule3" version="8.8p1">
+                         <filename>openssh-askpass-8.8p1-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pam_ssh_agent_auth" release="4.22.ule3" version="0.10.4">
+                         <filename>pam_ssh_agent_auth-0.10.4-4.22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-keycat" release="22.ule3" version="8.8p1">
+                         <filename>openssh-keycat-8.8p1-22.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1481</id>
+          <title>An update for openssl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3817" id="CVE-2023-3817" title="CVE-2023-3817" type="cve"></reference>
+          </references>
+          <description>Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. After fixingCVE-2023-3446 it was discovered that a large q parameter value can also triggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the &#34;-check&#34; option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3817)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="openssl" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debugsource" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-libs" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-perl" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debuginfo" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-devel" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="openssl-help" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-help-1.1.1m-22.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debugsource" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debuginfo" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-devel" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-libs" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-perl" release="22.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-22.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1482</id>
+          <title>An update for pcre2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41409" id="CVE-2022-41409" title="CVE-2022-41409" type="cve"></reference>
+          </references>
+          <description>Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.(CVE-2022-41409)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="pcre2-devel" release="9.ule3" version="10.39">
+                         <filename>pcre2-devel-10.39-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcre2-debugsource" release="9.ule3" version="10.39">
+                         <filename>pcre2-debugsource-10.39-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcre2" release="9.ule3" version="10.39">
+                         <filename>pcre2-10.39-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcre2-debuginfo" release="9.ule3" version="10.39">
+                         <filename>pcre2-debuginfo-10.39-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="pcre2-help" release="9.ule3" version="10.39">
+                         <filename>pcre2-help-10.39-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcre2-devel" release="9.ule3" version="10.39">
+                         <filename>pcre2-devel-10.39-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcre2" release="9.ule3" version="10.39">
+                         <filename>pcre2-10.39-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcre2-debuginfo" release="9.ule3" version="10.39">
+                         <filename>pcre2-debuginfo-10.39-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcre2-debugsource" release="9.ule3" version="10.39">
+                         <filename>pcre2-debugsource-10.39-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1484</id>
+          <title>An update for sqlite is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-36191" id="CVE-2023-36191" title="CVE-2023-36191" type="cve"></reference>
+          </references>
+          <description>sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c.(CVE-2023-36191)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sqlite-devel" release="6.ule3" version="3.37.2">
+                         <filename>sqlite-devel-3.37.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite-debuginfo" release="6.ule3" version="3.37.2">
+                         <filename>sqlite-debuginfo-3.37.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite-debugsource" release="6.ule3" version="3.37.2">
+                         <filename>sqlite-debugsource-3.37.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite" release="6.ule3" version="3.37.2">
+                         <filename>sqlite-3.37.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sqlite-help" release="6.ule3" version="3.37.2">
+                         <filename>sqlite-help-3.37.2-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-devel" release="6.ule3" version="3.37.2">
+                         <filename>sqlite-devel-3.37.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-debugsource" release="6.ule3" version="3.37.2">
+                         <filename>sqlite-debugsource-3.37.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-debuginfo" release="6.ule3" version="3.37.2">
+                         <filename>sqlite-debuginfo-3.37.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite" release="6.ule3" version="3.37.2">
+                         <filename>sqlite-3.37.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1488</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3648" id="CVE-2023-3648" title="CVE-2023-3648" type="cve"></reference>
+          </references>
+          <description>Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file(CVE-2023-3648)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="2.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="2.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="2.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="2.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="2.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="2.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="2.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="2.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="2.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="2.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1491</id>
+          <title>An update for scipy is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25399" id="CVE-2023-25399" title="CVE-2023-25399" type="cve"></reference>
+          </references>
+          <description>A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.(CVE-2023-25399)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-scipy" release="2.ule3" version="1.6.2">
+                         <filename>python3-scipy-1.6.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-scipy" release="2.ule3" version="1.6.2">
+                         <filename>python3-scipy-1.6.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1496</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38427" id="CVE-2023-38427" title="CVE-2023-38427" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38429" id="CVE-2023-38429" title="CVE-2023-38429" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38430" id="CVE-2023-38430" title="CVE-2023-38430" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4004" id="CVE-2023-4004" title="CVE-2023-4004" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.(CVE-2023-38427)An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.(CVE-2023-38429)An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.(CVE-2023-38430)A use-after-free flaw was found in the Linux kernel&#39;s netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.(CVE-2023-4004)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.106.0.133.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.106.0.133.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.106.0.133.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1497</id>
+          <title>An update for iperf3 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38403" id="CVE-2023-38403" title="CVE-2023-38403" type="cve"></reference>
+          </references>
+          <description>iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.(CVE-2023-38403)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="iperf3-debugsource" release="2.ule3" version="3.10.1">
+                         <filename>iperf3-debugsource-3.10.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="iperf3-devel" release="2.ule3" version="3.10.1">
+                         <filename>iperf3-devel-3.10.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="iperf3-debuginfo" release="2.ule3" version="3.10.1">
+                         <filename>iperf3-debuginfo-3.10.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="iperf3" release="2.ule3" version="3.10.1">
+                         <filename>iperf3-3.10.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="iperf3-help" release="2.ule3" version="3.10.1">
+                         <filename>iperf3-help-3.10.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iperf3-debugsource" release="2.ule3" version="3.10.1">
+                         <filename>iperf3-debugsource-3.10.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iperf3-debuginfo" release="2.ule3" version="3.10.1">
+                         <filename>iperf3-debuginfo-3.10.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iperf3" release="2.ule3" version="3.10.1">
+                         <filename>iperf3-3.10.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iperf3-devel" release="2.ule3" version="3.10.1">
+                         <filename>iperf3-devel-3.10.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1502</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29406" id="CVE-2023-29406" title="CVE-2023-29406" type="cve"></reference>
+          </references>
+          <description>The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.(CVE-2023-29406)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="20.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="20.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="20.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="20.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1503</id>
+          <title>An update for snakeyaml is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41854" id="CVE-2022-41854" title="CVE-2022-41854" type="cve"></reference>
+          </references>
+          <description>Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.(CVE-2022-41854)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="snakeyaml" release="1.ule3" version="1.32">
+                         <filename>snakeyaml-1.32-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="snakeyaml-javadoc" release="1.ule3" version="1.32">
+                         <filename>snakeyaml-javadoc-1.32-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1506</id>
+          <title>An update for nghttp2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-35945" id="CVE-2023-35945" title="CVE-2023-35945" type="cve"></reference>
+          </references>
+          <description>Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.(CVE-2023-35945)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="nghttp2" release="3.ule3" version="1.46.0">
+                         <filename>nghttp2-1.46.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libnghttp2" release="3.ule3" version="1.46.0">
+                         <filename>libnghttp2-1.46.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libnghttp2-devel" release="3.ule3" version="1.46.0">
+                         <filename>libnghttp2-devel-1.46.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nghttp2-debugsource" release="3.ule3" version="1.46.0">
+                         <filename>nghttp2-debugsource-1.46.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nghttp2-debuginfo" release="3.ule3" version="1.46.0">
+                         <filename>nghttp2-debuginfo-1.46.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="nghttp2-help" release="3.ule3" version="1.46.0">
+                         <filename>nghttp2-help-1.46.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libnghttp2-devel" release="3.ule3" version="1.46.0">
+                         <filename>libnghttp2-devel-1.46.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nghttp2" release="3.ule3" version="1.46.0">
+                         <filename>nghttp2-1.46.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nghttp2-debugsource" release="3.ule3" version="1.46.0">
+                         <filename>nghttp2-debugsource-1.46.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nghttp2-debuginfo" release="3.ule3" version="1.46.0">
+                         <filename>nghttp2-debuginfo-1.46.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libnghttp2" release="3.ule3" version="1.46.0">
+                         <filename>libnghttp2-1.46.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1507</id>
+          <title>An update for amanda is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-30577" id="CVE-2023-30577" title="CVE-2023-30577" type="cve"></reference>
+          </references>
+          <description>AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.(CVE-2023-30577)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="amanda" release="1.ule3" version="3.5.4">
+                         <filename>amanda-3.5.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="amanda-debuginfo" release="1.ule3" version="3.5.4">
+                         <filename>amanda-debuginfo-3.5.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="amanda-debugsource" release="1.ule3" version="3.5.4">
+                         <filename>amanda-debugsource-3.5.4-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="amanda-help" release="1.ule3" version="3.5.4">
+                         <filename>amanda-help-3.5.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="amanda" release="1.ule3" version="3.5.4">
+                         <filename>amanda-3.5.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="amanda-debugsource" release="1.ule3" version="3.5.4">
+                         <filename>amanda-debugsource-3.5.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="amanda-debuginfo" release="1.ule3" version="3.5.4">
+                         <filename>amanda-debuginfo-3.5.4-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1508</id>
+          <title>An update for yasm is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37732" id="CVE-2023-37732" title="CVE-2023-37732" type="cve"></reference>
+          </references>
+          <description>Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.(CVE-2023-37732)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="yasm" release="11.ule3" version="1.3.0">
+                         <filename>yasm-1.3.0-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="yasm-debugsource" release="11.ule3" version="1.3.0">
+                         <filename>yasm-debugsource-1.3.0-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="yasm-devel" release="11.ule3" version="1.3.0">
+                         <filename>yasm-devel-1.3.0-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="yasm-debuginfo" release="11.ule3" version="1.3.0">
+                         <filename>yasm-debuginfo-1.3.0-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="yasm-help" release="11.ule3" version="1.3.0">
+                         <filename>yasm-help-1.3.0-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yasm-debuginfo" release="11.ule3" version="1.3.0">
+                         <filename>yasm-debuginfo-1.3.0-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yasm-devel" release="11.ule3" version="1.3.0">
+                         <filename>yasm-devel-1.3.0-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yasm" release="11.ule3" version="1.3.0">
+                         <filename>yasm-1.3.0-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yasm-debugsource" release="11.ule3" version="1.3.0">
+                         <filename>yasm-debugsource-1.3.0-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1511</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3772" id="CVE-2023-3772" title="CVE-2023-3772" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3863" id="CVE-2023-3863" title="CVE-2023-3863" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4133" id="CVE-2023-4133" title="CVE-2023-4133" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4147" id="CVE-2023-4147" title="CVE-2023-4147" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.(CVE-2023-3772)A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.(CVE-2023-3863)A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.(CVE-2023-4133)A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.(CVE-2023-4147)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.107.0.134.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.107.0.134.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.107.0.134.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1514</id>
+          <title>An update for procps-ng is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4016" id="CVE-2023-4016" title="CVE-2023-4016" type="cve"></reference>
+          </references>
+          <description>Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.(CVE-2023-4016)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="procps-ng" release="5.ule3" version="3.3.17">
+                         <filename>procps-ng-3.3.17-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="procps-ng-devel" release="5.ule3" version="3.3.17">
+                         <filename>procps-ng-devel-3.3.17-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="procps-ng-debugsource" release="5.ule3" version="3.3.17">
+                         <filename>procps-ng-debugsource-3.3.17-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="procps-ng-debuginfo" release="5.ule3" version="3.3.17">
+                         <filename>procps-ng-debuginfo-3.3.17-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="procps-ng-help" release="5.ule3" version="3.3.17">
+                         <filename>procps-ng-help-3.3.17-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="procps-ng-i18n" release="5.ule3" version="3.3.17">
+                         <filename>procps-ng-i18n-3.3.17-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="procps-ng-debuginfo" release="5.ule3" version="3.3.17">
+                         <filename>procps-ng-debuginfo-3.3.17-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="procps-ng" release="5.ule3" version="3.3.17">
+                         <filename>procps-ng-3.3.17-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="procps-ng-debugsource" release="5.ule3" version="3.3.17">
+                         <filename>procps-ng-debugsource-3.3.17-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="procps-ng-devel" release="5.ule3" version="3.3.17">
+                         <filename>procps-ng-devel-3.3.17-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1515</id>
+          <title>An update for python-werkzeug is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23934" id="CVE-2023-23934" title="CVE-2023-23934" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25577" id="CVE-2023-25577" title="CVE-2023-25577" type="cve"></reference>
+          </references>
+          <description>Werkzeug is a comprehensive WSGI web application library. Browsers may allow &#34;nameless&#34; cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.(CVE-2023-23934)Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug&#39;s multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.(CVE-2023-25577)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-werkzeug-help" release="3.ule3" version="1.0.1">
+                         <filename>python-werkzeug-help-1.0.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-werkzeug" release="3.ule3" version="1.0.1">
+                         <filename>python3-werkzeug-1.0.1-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1518</id>
+          <title>An update for python3 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-18"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2007-4559" id="CVE-2007-4559" title="CVE-2007-4559" type="cve"></reference>
+          </references>
+          <description>Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.(CVE-2007-4559)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-debuginfo" release="25.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3" release="25.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debugsource" release="25.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-devel" release="25.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unversioned-command" release="25.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debug" release="25.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-help" release="25.ule3" version="3.9.9">
+                         <filename>python3-help-3.9.9-25.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-devel" release="25.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unversioned-command" release="25.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3" release="25.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debug" release="25.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debugsource" release="25.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debuginfo" release="25.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-25.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1523</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3180" id="CVE-2023-3180" title="CVE-2023-3180" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3301" id="CVE-2023-3301" title="CVE-2023-3301" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.(CVE-2023-3180)The async nature of the hot-unplug enables an easy to reproduce race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged (or the ACPI unplug has been acked by the guest?). The guest can use this time window to, at least, trigger an assertion.(CVE-2023-3301)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="10" arch="aarch64" name="qemu" release="74.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-hw-usb-host" release="74.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-img" release="74.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-ssh" release="74.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-iscsi" release="74.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-riscv" release="74.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-debuginfo" release="74.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-x86_64" release="74.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-rbd" release="74.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-arm" release="74.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-curl" release="74.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-guest-agent" release="74.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-debugsource" release="74.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-aarch64" release="74.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-74.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="noarch" name="qemu-help" release="74.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-74.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-iscsi" release="74.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-aarch64" release="74.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu" release="74.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debugsource" release="74.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-rbd" release="74.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-x86_64" release="74.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-hw-usb-host" release="74.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-ssh" release="74.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-arm" release="74.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debuginfo" release="74.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-guest-agent" release="74.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-curl" release="74.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-seabios" release="74.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-riscv" release="74.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-img" release="74.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-74.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1528</id>
+          <title>An update for krb5 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-36054" id="CVE-2023-36054" title="CVE-2023-36054" type="cve"></reference>
+          </references>
+          <description>lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.(CVE-2023-36054)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="krb5-devel" release="8.ule3" version="1.19.2">
+                         <filename>krb5-devel-1.19.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="krb5-client" release="8.ule3" version="1.19.2">
+                         <filename>krb5-client-1.19.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="krb5-libs" release="8.ule3" version="1.19.2">
+                         <filename>krb5-libs-1.19.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="krb5-debugsource" release="8.ule3" version="1.19.2">
+                         <filename>krb5-debugsource-1.19.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="krb5-server" release="8.ule3" version="1.19.2">
+                         <filename>krb5-server-1.19.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="krb5" release="8.ule3" version="1.19.2">
+                         <filename>krb5-1.19.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="krb5-debuginfo" release="8.ule3" version="1.19.2">
+                         <filename>krb5-debuginfo-1.19.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="krb5-help" release="8.ule3" version="1.19.2">
+                         <filename>krb5-help-1.19.2-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="krb5-server" release="8.ule3" version="1.19.2">
+                         <filename>krb5-server-1.19.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="krb5" release="8.ule3" version="1.19.2">
+                         <filename>krb5-1.19.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="krb5-debugsource" release="8.ule3" version="1.19.2">
+                         <filename>krb5-debugsource-1.19.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="krb5-devel" release="8.ule3" version="1.19.2">
+                         <filename>krb5-devel-1.19.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="krb5-libs" release="8.ule3" version="1.19.2">
+                         <filename>krb5-libs-1.19.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="krb5-client" release="8.ule3" version="1.19.2">
+                         <filename>krb5-client-1.19.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="krb5-debuginfo" release="8.ule3" version="1.19.2">
+                         <filename>krb5-debuginfo-1.19.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1529</id>
+          <title>An update for python-GitPython is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24439" id="CVE-2022-24439" title="CVE-2022-24439" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40267" id="CVE-2023-40267" title="CVE-2023-40267" type="cve"></reference>
+          </references>
+          <description>All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.(CVE-2022-24439)GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.(CVE-2023-40267)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-GitPython" release="1.ule3" version="3.1.32">
+                         <filename>python3-GitPython-3.1.32-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-GitPython-help" release="1.ule3" version="3.1.32">
+                         <filename>python-GitPython-help-3.1.32-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1530</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29409" id="CVE-2023-29409" title="CVE-2023-29409" type="cve"></reference>
+          </references>
+          <description>Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to &lt;= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.(CVE-2023-29409)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="21.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="21.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="golang-devel" release="21.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="21.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="21.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="21.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-21.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1534</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3618" id="CVE-2023-3618" title="CVE-2023-3618" type="cve"></reference>
+          </references>
+          <description>A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.(CVE-2023-3618)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-static" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-31.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-31.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-31.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-31.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-31.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-31.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-31.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-31.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-31.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-31.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-31.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-31.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="31.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-31.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1538</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4128" id="CVE-2023-4128" title="CVE-2023-4128" type="cve"></reference>
+          </references>
+          <description>A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.(CVE-2023-4128)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.108.0.135.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.108.0.135.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.108.0.135.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1541</id>
+          <title>An update for haproxy is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40225" id="CVE-2023-40225" title="CVE-2023-40225" type="cve"></reference>
+          </references>
+          <description>HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.(CVE-2023-40225)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="haproxy-debuginfo" release="4.ule3" version="2.4.8">
+                         <filename>haproxy-debuginfo-2.4.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="haproxy" release="4.ule3" version="2.4.8">
+                         <filename>haproxy-2.4.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="haproxy-debugsource" release="4.ule3" version="2.4.8">
+                         <filename>haproxy-debugsource-2.4.8-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="haproxy-help" release="4.ule3" version="2.4.8">
+                         <filename>haproxy-help-2.4.8-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy" release="4.ule3" version="2.4.8">
+                         <filename>haproxy-2.4.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy-debuginfo" release="4.ule3" version="2.4.8">
+                         <filename>haproxy-debuginfo-2.4.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy-debugsource" release="4.ule3" version="2.4.8">
+                         <filename>haproxy-debugsource-2.4.8-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1542</id>
+          <title>An update for qpdf is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-25786" id="CVE-2021-25786" title="CVE-2021-25786" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.(CVE-2021-25786)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qpdf-devel" release="4.ule3" version="8.4.2">
+                         <filename>qpdf-devel-8.4.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qpdf-debugsource" release="4.ule3" version="8.4.2">
+                         <filename>qpdf-debugsource-8.4.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qpdf-debuginfo" release="4.ule3" version="8.4.2">
+                         <filename>qpdf-debuginfo-8.4.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qpdf" release="4.ule3" version="8.4.2">
+                         <filename>qpdf-8.4.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="qpdf-help" release="4.ule3" version="8.4.2">
+                         <filename>qpdf-help-8.4.2-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qpdf-devel" release="4.ule3" version="8.4.2">
+                         <filename>qpdf-devel-8.4.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qpdf-debugsource" release="4.ule3" version="8.4.2">
+                         <filename>qpdf-debugsource-8.4.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qpdf" release="4.ule3" version="8.4.2">
+                         <filename>qpdf-8.4.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qpdf-debuginfo" release="4.ule3" version="8.4.2">
+                         <filename>qpdf-debuginfo-8.4.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1544</id>
+          <title>An update for yasm is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31975" id="CVE-2023-31975" title="CVE-2023-31975" type="cve"></reference>
+          </references>
+          <description>yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.(CVE-2023-31975)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="yasm" release="12.ule3" version="1.3.0">
+                         <filename>yasm-1.3.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="yasm-devel" release="12.ule3" version="1.3.0">
+                         <filename>yasm-devel-1.3.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="yasm-debugsource" release="12.ule3" version="1.3.0">
+                         <filename>yasm-debugsource-1.3.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="yasm-debuginfo" release="12.ule3" version="1.3.0">
+                         <filename>yasm-debuginfo-1.3.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="yasm-help" release="12.ule3" version="1.3.0">
+                         <filename>yasm-help-1.3.0-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yasm-devel" release="12.ule3" version="1.3.0">
+                         <filename>yasm-devel-1.3.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yasm-debugsource" release="12.ule3" version="1.3.0">
+                         <filename>yasm-debugsource-1.3.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yasm-debuginfo" release="12.ule3" version="1.3.0">
+                         <filename>yasm-debuginfo-1.3.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="yasm" release="12.ule3" version="1.3.0">
+                         <filename>yasm-1.3.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1547</id>
+          <title>An update for qt is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32573" id="CVE-2023-32573" title="CVE-2023-32573" type="cve"></reference>
+          </references>
+          <description>In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.(CVE-2023-32573)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="qt-debugsource" release="53.ule3" version="4.8.7">
+                         <filename>qt-debugsource-4.8.7-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qt-devel" release="53.ule3" version="4.8.7">
+                         <filename>qt-devel-4.8.7-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qt" release="53.ule3" version="4.8.7">
+                         <filename>qt-4.8.7-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qt-debuginfo" release="53.ule3" version="4.8.7">
+                         <filename>qt-debuginfo-4.8.7-53.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qt" release="53.ule3" version="4.8.7">
+                         <filename>qt-4.8.7-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qt-debugsource" release="53.ule3" version="4.8.7">
+                         <filename>qt-debugsource-4.8.7-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qt-debuginfo" release="53.ule3" version="4.8.7">
+                         <filename>qt-debuginfo-4.8.7-53.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qt-devel" release="53.ule3" version="4.8.7">
+                         <filename>qt-devel-4.8.7-53.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1550</id>
+          <title>An update for microcode_ctl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-08-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-33196" id="CVE-2022-33196" title="CVE-2022-33196" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38090" id="CVE-2022-38090" title="CVE-2022-38090" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40982" id="CVE-2022-40982" title="CVE-2022-40982" type="cve"></reference>
+          </references>
+          <description>Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2022-33196)Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.(CVE-2022-38090)Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2022-40982)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="x86_64" name="microcode_ctl" release="41.ule3" version="2.1">
+                         <filename>microcode_ctl-2.1-41.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1551</id>
+          <title>An update for nodejs is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-25881" id="CVE-2022-25881" title="CVE-2022-25881" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32212" id="CVE-2022-32212" title="CVE-2022-32212" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32213" id="CVE-2022-32213" title="CVE-2022-32213" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32214" id="CVE-2022-32214" title="CVE-2022-32214" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32215" id="CVE-2022-32215" title="CVE-2022-32215" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-35256" id="CVE-2022-35256" title="CVE-2022-35256" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23918" id="CVE-2023-23918" title="CVE-2023-23918" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23920" id="CVE-2023-23920" title="CVE-2023-23920" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-30581" id="CVE-2023-30581" title="CVE-2023-30581" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-30589" id="CVE-2023-30589" title="CVE-2023-30589" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-30590" id="CVE-2023-30590" title="CVE-2023-30590" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32002" id="CVE-2023-32002" title="CVE-2023-32002" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32006" id="CVE-2023-32006" title="CVE-2023-32006" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32559" id="CVE-2023-32559" title="CVE-2023-32559" type="cve"></reference>
+          </references>
+          <description>This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.(CVE-2022-25881)A OS Command Injection vulnerability exists in Node.js versions &lt;14.20.0, &lt;16.20.0, &lt;18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.(CVE-2022-32212)The llhttp parser &lt;v14.20.1, &lt;v16.17.1 and &lt;v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).(CVE-2022-32213)The llhttp parser &lt;v14.20.1, &lt;v16.17.1 and &lt;v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).(CVE-2022-32214)The llhttp parser &lt;v14.20.1, &lt;v16.17.1 and &lt;v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).(CVE-2022-32215)The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.(CVE-2022-35256)A privilege escalation vulnerability exists in Node.js &lt;19.6.1, &lt;18.14.1, &lt;16.19.1 and &lt;14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.(CVE-2023-23918)An untrusted search path vulnerability exists in Node.js. &lt;19.6.1, &lt;18.14.1, &lt;16.19.1, and &lt;14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.(CVE-2023-23920)The use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.References:https://nodejs.org/en/blog/vulnerability/june-2023-security-releases(CVE-2023-30581)The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20(CVE-2023-30589)The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.References:https://nodejs.org/en/blog/vulnerability/june-2023-security-releases(CVE-2023-30590)The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.(CVE-2023-32002)The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.(CVE-2023-32006)A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding(&#39;spawn_sync&#39;)` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.(CVE-2023-32559)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="nodejs-debuginfo" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-debuginfo-12.22.11-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-devel" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-devel-12.22.11-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="v8-devel" release="1.12.22.11.6.ule3" version="7.8.279.23">
+                         <filename>v8-devel-7.8.279.23-1.12.22.11.6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-12.22.11-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-full-i18n" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-full-i18n-12.22.11-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="npm" release="1.12.22.11.6.ule3" version="6.14.16">
+                         <filename>npm-6.14.16-1.12.22.11.6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-debugsource" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-debugsource-12.22.11-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-libs" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-libs-12.22.11-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="nodejs-docs" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-docs-12.22.11-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="v8-devel" release="1.12.22.11.6.ule3" version="7.8.279.23">
+                         <filename>v8-devel-7.8.279.23-1.12.22.11.6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-debugsource" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-debugsource-12.22.11-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-12.22.11-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-devel" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-devel-12.22.11-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-libs" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-libs-12.22.11-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="npm" release="1.12.22.11.6.ule3" version="6.14.16">
+                         <filename>npm-6.14.16-1.12.22.11.6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-full-i18n" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-full-i18n-12.22.11-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-debuginfo" release="6.ule3" version="12.22.11">
+                         <filename>nodejs-debuginfo-12.22.11-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1552</id>
+          <title>An update for indent is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40305" id="CVE-2023-40305" title="CVE-2023-40305" type="cve"></reference>
+          </references>
+          <description>GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.(CVE-2023-40305)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="indent" release="29.ule3" version="2.2.11">
+                         <filename>indent-2.2.11-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="indent-debugsource" release="29.ule3" version="2.2.11">
+                         <filename>indent-debugsource-2.2.11-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="indent-debuginfo" release="29.ule3" version="2.2.11">
+                         <filename>indent-debuginfo-2.2.11-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="indent-help" release="29.ule3" version="2.2.11">
+                         <filename>indent-help-2.2.11-29.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="indent-debuginfo" release="29.ule3" version="2.2.11">
+                         <filename>indent-debuginfo-2.2.11-29.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="indent-debugsource" release="29.ule3" version="2.2.11">
+                         <filename>indent-debugsource-2.2.11-29.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="indent" release="29.ule3" version="2.2.11">
+                         <filename>indent-2.2.11-29.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1559</id>
+          <title>An update for clamav is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-20197" id="CVE-2023-20197" title="CVE-2023-20197" type="cve"></reference>
+          </references>
+          <description>A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .(CVE-2023-20197)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="clamav-devel" release="1.ule3" version="0.103.9">
+                         <filename>clamav-devel-0.103.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-update" release="1.ule3" version="0.103.9">
+                         <filename>clamav-update-0.103.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-help" release="1.ule3" version="0.103.9">
+                         <filename>clamav-help-0.103.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamd" release="1.ule3" version="0.103.9">
+                         <filename>clamd-0.103.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-milter" release="1.ule3" version="0.103.9">
+                         <filename>clamav-milter-0.103.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-debuginfo" release="1.ule3" version="0.103.9">
+                         <filename>clamav-debuginfo-0.103.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav" release="1.ule3" version="0.103.9">
+                         <filename>clamav-0.103.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clamav-debugsource" release="1.ule3" version="0.103.9">
+                         <filename>clamav-debugsource-0.103.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="clamav-data" release="1.ule3" version="0.103.9">
+                         <filename>clamav-data-0.103.9-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="clamav-filesystem" release="1.ule3" version="0.103.9">
+                         <filename>clamav-filesystem-0.103.9-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-help" release="1.ule3" version="0.103.9">
+                         <filename>clamav-help-0.103.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-update" release="1.ule3" version="0.103.9">
+                         <filename>clamav-update-0.103.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamd" release="1.ule3" version="0.103.9">
+                         <filename>clamd-0.103.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-debuginfo" release="1.ule3" version="0.103.9">
+                         <filename>clamav-debuginfo-0.103.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-devel" release="1.ule3" version="0.103.9">
+                         <filename>clamav-devel-0.103.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-milter" release="1.ule3" version="0.103.9">
+                         <filename>clamav-milter-0.103.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav-debugsource" release="1.ule3" version="0.103.9">
+                         <filename>clamav-debugsource-0.103.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clamav" release="1.ule3" version="0.103.9">
+                         <filename>clamav-0.103.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1562</id>
+          <title>An update for flac is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-22219" id="CVE-2020-22219" title="CVE-2020-22219" type="cve"></reference>
+          </references>
+          <description>Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.(CVE-2020-22219)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="flac" release="8.ule3" version="1.3.3">
+                         <filename>flac-1.3.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flac-debuginfo" release="8.ule3" version="1.3.3">
+                         <filename>flac-debuginfo-1.3.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xmms-flac" release="8.ule3" version="1.3.3">
+                         <filename>xmms-flac-1.3.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flac-devel" release="8.ule3" version="1.3.3">
+                         <filename>flac-devel-1.3.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flac-debugsource" release="8.ule3" version="1.3.3">
+                         <filename>flac-debugsource-1.3.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flac-help" release="8.ule3" version="1.3.3">
+                         <filename>flac-help-1.3.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flac-help" release="8.ule3" version="1.3.3">
+                         <filename>flac-help-1.3.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xmms-flac" release="8.ule3" version="1.3.3">
+                         <filename>xmms-flac-1.3.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flac-debugsource" release="8.ule3" version="1.3.3">
+                         <filename>flac-debugsource-1.3.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flac-debuginfo" release="8.ule3" version="1.3.3">
+                         <filename>flac-debuginfo-1.3.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flac" release="8.ule3" version="1.3.3">
+                         <filename>flac-1.3.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flac-devel" release="8.ule3" version="1.3.3">
+                         <filename>flac-devel-1.3.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1563</id>
+          <title>An update for perl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48522" id="CVE-2022-48522" title="CVE-2022-48522" type="cve"></reference>
+          </references>
+          <description>In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.(CVE-2022-48522)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="perl" release="9.ule3" version="5.34.0">
+                         <filename>perl-5.34.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-libs" release="9.ule3" version="5.34.0">
+                         <filename>perl-libs-5.34.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-debuginfo" release="9.ule3" version="5.34.0">
+                         <filename>perl-debuginfo-5.34.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-devel" release="9.ule3" version="5.34.0">
+                         <filename>perl-devel-5.34.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-debugsource" release="9.ule3" version="5.34.0">
+                         <filename>perl-debugsource-5.34.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="noarch" name="perl-help" release="9.ule3" version="5.34.0">
+                         <filename>perl-help-5.34.0-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-debugsource" release="9.ule3" version="5.34.0">
+                         <filename>perl-debugsource-5.34.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-devel" release="9.ule3" version="5.34.0">
+                         <filename>perl-devel-5.34.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl" release="9.ule3" version="5.34.0">
+                         <filename>perl-5.34.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-debuginfo" release="9.ule3" version="5.34.0">
+                         <filename>perl-debuginfo-5.34.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-libs" release="9.ule3" version="5.34.0">
+                         <filename>perl-libs-5.34.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1566</id>
+          <title>An update for php is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31628" id="CVE-2022-31628" title="CVE-2022-31628" type="cve"></reference>
+          </references>
+          <description>In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress &#34;quines&#34; gzip files, resulting in an infinite loop.(CVE-2022-31628)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="php-gd" release="1.ule3" version="8.0.30">
+                         <filename>php-gd-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-fpm" release="1.ule3" version="8.0.30">
+                         <filename>php-fpm-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-cli" release="1.ule3" version="8.0.30">
+                         <filename>php-cli-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-intl" release="1.ule3" version="8.0.30">
+                         <filename>php-intl-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-ffi" release="1.ule3" version="8.0.30">
+                         <filename>php-ffi-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-devel" release="1.ule3" version="8.0.30">
+                         <filename>php-devel-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-odbc" release="1.ule3" version="8.0.30">
+                         <filename>php-odbc-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-bcmath" release="1.ule3" version="8.0.30">
+                         <filename>php-bcmath-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-pdo" release="1.ule3" version="8.0.30">
+                         <filename>php-pdo-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-process" release="1.ule3" version="8.0.30">
+                         <filename>php-process-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-help" release="1.ule3" version="8.0.30">
+                         <filename>php-help-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-dbg" release="1.ule3" version="8.0.30">
+                         <filename>php-dbg-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-dba" release="1.ule3" version="8.0.30">
+                         <filename>php-dba-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-mbstring" release="1.ule3" version="8.0.30">
+                         <filename>php-mbstring-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-debuginfo" release="1.ule3" version="8.0.30">
+                         <filename>php-debuginfo-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-mysqlnd" release="1.ule3" version="8.0.30">
+                         <filename>php-mysqlnd-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-xml" release="1.ule3" version="8.0.30">
+                         <filename>php-xml-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-opcache" release="1.ule3" version="8.0.30">
+                         <filename>php-opcache-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-enchant" release="1.ule3" version="8.0.30">
+                         <filename>php-enchant-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-tidy" release="1.ule3" version="8.0.30">
+                         <filename>php-tidy-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-debugsource" release="1.ule3" version="8.0.30">
+                         <filename>php-debugsource-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-ldap" release="1.ule3" version="8.0.30">
+                         <filename>php-ldap-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-gmp" release="1.ule3" version="8.0.30">
+                         <filename>php-gmp-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-embedded" release="1.ule3" version="8.0.30">
+                         <filename>php-embedded-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-soap" release="1.ule3" version="8.0.30">
+                         <filename>php-soap-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-pgsql" release="1.ule3" version="8.0.30">
+                         <filename>php-pgsql-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php" release="1.ule3" version="8.0.30">
+                         <filename>php-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-snmp" release="1.ule3" version="8.0.30">
+                         <filename>php-snmp-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-common" release="1.ule3" version="8.0.30">
+                         <filename>php-common-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-ldap" release="1.ule3" version="8.0.30">
+                         <filename>php-ldap-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-devel" release="1.ule3" version="8.0.30">
+                         <filename>php-devel-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-mbstring" release="1.ule3" version="8.0.30">
+                         <filename>php-mbstring-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-debuginfo" release="1.ule3" version="8.0.30">
+                         <filename>php-debuginfo-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-pgsql" release="1.ule3" version="8.0.30">
+                         <filename>php-pgsql-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-ffi" release="1.ule3" version="8.0.30">
+                         <filename>php-ffi-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-process" release="1.ule3" version="8.0.30">
+                         <filename>php-process-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-bcmath" release="1.ule3" version="8.0.30">
+                         <filename>php-bcmath-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-opcache" release="1.ule3" version="8.0.30">
+                         <filename>php-opcache-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-odbc" release="1.ule3" version="8.0.30">
+                         <filename>php-odbc-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-snmp" release="1.ule3" version="8.0.30">
+                         <filename>php-snmp-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-xml" release="1.ule3" version="8.0.30">
+                         <filename>php-xml-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-fpm" release="1.ule3" version="8.0.30">
+                         <filename>php-fpm-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-cli" release="1.ule3" version="8.0.30">
+                         <filename>php-cli-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-embedded" release="1.ule3" version="8.0.30">
+                         <filename>php-embedded-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-enchant" release="1.ule3" version="8.0.30">
+                         <filename>php-enchant-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-gd" release="1.ule3" version="8.0.30">
+                         <filename>php-gd-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-gmp" release="1.ule3" version="8.0.30">
+                         <filename>php-gmp-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-common" release="1.ule3" version="8.0.30">
+                         <filename>php-common-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-dbg" release="1.ule3" version="8.0.30">
+                         <filename>php-dbg-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-help" release="1.ule3" version="8.0.30">
+                         <filename>php-help-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php" release="1.ule3" version="8.0.30">
+                         <filename>php-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-dba" release="1.ule3" version="8.0.30">
+                         <filename>php-dba-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-tidy" release="1.ule3" version="8.0.30">
+                         <filename>php-tidy-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-intl" release="1.ule3" version="8.0.30">
+                         <filename>php-intl-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-pdo" release="1.ule3" version="8.0.30">
+                         <filename>php-pdo-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-debugsource" release="1.ule3" version="8.0.30">
+                         <filename>php-debugsource-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-mysqlnd" release="1.ule3" version="8.0.30">
+                         <filename>php-mysqlnd-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-soap" release="1.ule3" version="8.0.30">
+                         <filename>php-soap-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1569</id>
+          <title>An update for libpq is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-21469" id="CVE-2020-21469" title="CVE-2020-21469" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2454" id="CVE-2023-2454" title="CVE-2023-2454" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2455" id="CVE-2023-2455" title="CVE-2023-2455" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39418" id="CVE-2023-39418" title="CVE-2023-39418" type="cve"></reference>
+          </references>
+          <description>** DISPUTED ** An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).(CVE-2020-21469)schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.(CVE-2023-2454)Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.(CVE-2023-2455)A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.(CVE-2023-39418)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libpq-debugsource" release="1.ule3" version="13.12">
+                         <filename>libpq-debugsource-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libpq-devel" release="1.ule3" version="13.12">
+                         <filename>libpq-devel-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libpq" release="1.ule3" version="13.12">
+                         <filename>libpq-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libpq-debuginfo" release="1.ule3" version="13.12">
+                         <filename>libpq-debuginfo-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq-debuginfo" release="1.ule3" version="13.12">
+                         <filename>libpq-debuginfo-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq-debugsource" release="1.ule3" version="13.12">
+                         <filename>libpq-debugsource-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq" release="1.ule3" version="13.12">
+                         <filename>libpq-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libpq-devel" release="1.ule3" version="13.12">
+                         <filename>libpq-devel-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1570</id>
+          <title>An update for binutils is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46174" id="CVE-2021-46174" title="CVE-2021-46174" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47008" id="CVE-2022-47008" title="CVE-2022-47008" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47011" id="CVE-2022-47011" title="CVE-2022-47011" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.(CVE-2021-46174)An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47008)An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47011)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="binutils-help" release="22.ule3" version="2.37">
+                         <filename>binutils-help-2.37-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="binutils-devel" release="22.ule3" version="2.37">
+                         <filename>binutils-devel-2.37-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="binutils-debugsource" release="22.ule3" version="2.37">
+                         <filename>binutils-debugsource-2.37-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="binutils" release="22.ule3" version="2.37">
+                         <filename>binutils-2.37-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="binutils-debuginfo" release="22.ule3" version="2.37">
+                         <filename>binutils-debuginfo-2.37-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="binutils-devel" release="22.ule3" version="2.37">
+                         <filename>binutils-devel-2.37-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="binutils-help" release="22.ule3" version="2.37">
+                         <filename>binutils-help-2.37-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="binutils" release="22.ule3" version="2.37">
+                         <filename>binutils-2.37-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="binutils-debuginfo" release="22.ule3" version="2.37">
+                         <filename>binutils-debuginfo-2.37-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="binutils-debugsource" release="22.ule3" version="2.37">
+                         <filename>binutils-debugsource-2.37-22.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1573</id>
+          <title>An update for json-c is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-32292" id="CVE-2021-32292" title="CVE-2021-32292" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in json-c through 0.15-20200726. A stack-buffer-overflow exists in the function parseit located in json_parse.c. It allows an attacker to cause code Execution.(CVE-2021-32292)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="json-c-devel" release="6.ule3" version="0.15">
+                         <filename>json-c-devel-0.15-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="json-c-debugsource" release="6.ule3" version="0.15">
+                         <filename>json-c-debugsource-0.15-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="json-c" release="6.ule3" version="0.15">
+                         <filename>json-c-0.15-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="json-c-debuginfo" release="6.ule3" version="0.15">
+                         <filename>json-c-debuginfo-0.15-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="json-c-help" release="6.ule3" version="0.15">
+                         <filename>json-c-help-0.15-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="json-c-debuginfo" release="6.ule3" version="0.15">
+                         <filename>json-c-debuginfo-0.15-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="json-c-devel" release="6.ule3" version="0.15">
+                         <filename>json-c-devel-0.15-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="json-c" release="6.ule3" version="0.15">
+                         <filename>json-c-0.15-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="json-c-debugsource" release="6.ule3" version="0.15">
+                         <filename>json-c-debugsource-0.15-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1574</id>
+          <title>An update for file is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48554" id="CVE-2022-48554" title="CVE-2022-48554" type="cve"></reference>
+          </references>
+          <description>File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: &#34;File&#34; is the name of an Open Source project.(CVE-2022-48554)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="file-debugsource" release="3.ule3" version="5.41">
+                         <filename>file-debugsource-5.41-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="file-devel" release="3.ule3" version="5.41">
+                         <filename>file-devel-5.41-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="file-debuginfo" release="3.ule3" version="5.41">
+                         <filename>file-debuginfo-5.41-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="file-libs" release="3.ule3" version="5.41">
+                         <filename>file-libs-5.41-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="file" release="3.ule3" version="5.41">
+                         <filename>file-5.41-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="file-help" release="3.ule3" version="5.41">
+                         <filename>file-help-5.41-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-magic" release="3.ule3" version="5.41">
+                         <filename>python3-magic-5.41-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="file" release="3.ule3" version="5.41">
+                         <filename>file-5.41-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="file-help" release="3.ule3" version="5.41">
+                         <filename>file-help-5.41-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="file-libs" release="3.ule3" version="5.41">
+                         <filename>file-libs-5.41-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="file-debugsource" release="3.ule3" version="5.41">
+                         <filename>file-debugsource-5.41-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="file-devel" release="3.ule3" version="5.41">
+                         <filename>file-devel-5.41-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="file-debuginfo" release="3.ule3" version="5.41">
+                         <filename>file-debuginfo-5.41-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1575</id>
+          <title>An update for gawk is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4156" id="CVE-2023-4156" title="CVE-2023-4156" type="cve"></reference>
+          </references>
+          <description>A heap out of bound read issue exists in builtin.c of gawk prior to version 5.1.1. The array &#34;the_args&#34; takes an unsafe index &#34;val&#34;, while it does not validate the index to ensure the index refers to a valid position in the array (e.g., exceedingly large or negative). The vulnerability can cause crash of the software and might be used by attackers to read sensitive information.https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.htmlhttps://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.htmlhttps://fossies.org/linux/gawk/ChangeLog#470 (Line: 470-475)(CVE-2023-4156)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gawk-devel" release="4.ule3" version="5.1.1">
+                         <filename>gawk-devel-5.1.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gawk" release="4.ule3" version="5.1.1">
+                         <filename>gawk-5.1.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gawk-debugsource" release="4.ule3" version="5.1.1">
+                         <filename>gawk-debugsource-5.1.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gawk-debuginfo" release="4.ule3" version="5.1.1">
+                         <filename>gawk-debuginfo-5.1.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gawk-lang" release="4.ule3" version="5.1.1">
+                         <filename>gawk-lang-5.1.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gawk-help" release="4.ule3" version="5.1.1">
+                         <filename>gawk-help-5.1.1-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gawk-debugsource" release="4.ule3" version="5.1.1">
+                         <filename>gawk-debugsource-5.1.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gawk" release="4.ule3" version="5.1.1">
+                         <filename>gawk-5.1.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gawk-debuginfo" release="4.ule3" version="5.1.1">
+                         <filename>gawk-debuginfo-5.1.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gawk-devel" release="4.ule3" version="5.1.1">
+                         <filename>gawk-devel-5.1.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gawk-lang" release="4.ule3" version="5.1.1">
+                         <filename>gawk-lang-5.1.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1576</id>
+          <title>An update for postgresql is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39417" id="CVE-2023-39417" title="CVE-2023-39417" type="cve"></reference>
+          </references>
+          <description>IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, &#39;&#39;, or &#34;&#34;). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.(CVE-2023-39417)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="postgresql-server" release="1.ule3" version="13.12">
+                         <filename>postgresql-server-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-pltcl" release="1.ule3" version="13.12">
+                         <filename>postgresql-pltcl-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-contrib" release="1.ule3" version="13.12">
+                         <filename>postgresql-contrib-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-debuginfo" release="1.ule3" version="13.12">
+                         <filename>postgresql-debuginfo-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-plperl" release="1.ule3" version="13.12">
+                         <filename>postgresql-plperl-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-plpython3" release="1.ule3" version="13.12">
+                         <filename>postgresql-plpython3-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-server-devel" release="1.ule3" version="13.12">
+                         <filename>postgresql-server-devel-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-docs" release="1.ule3" version="13.12">
+                         <filename>postgresql-docs-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-debugsource" release="1.ule3" version="13.12">
+                         <filename>postgresql-debugsource-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql" release="1.ule3" version="13.12">
+                         <filename>postgresql-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-llvmjit" release="1.ule3" version="13.12">
+                         <filename>postgresql-llvmjit-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-static" release="1.ule3" version="13.12">
+                         <filename>postgresql-static-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="postgresql-test" release="1.ule3" version="13.12">
+                         <filename>postgresql-test-13.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="postgresql-test-rpm-macros" release="1.ule3" version="13.12">
+                         <filename>postgresql-test-rpm-macros-13.12-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-plpython3" release="1.ule3" version="13.12">
+                         <filename>postgresql-plpython3-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-test" release="1.ule3" version="13.12">
+                         <filename>postgresql-test-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-debuginfo" release="1.ule3" version="13.12">
+                         <filename>postgresql-debuginfo-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-server-devel" release="1.ule3" version="13.12">
+                         <filename>postgresql-server-devel-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql" release="1.ule3" version="13.12">
+                         <filename>postgresql-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-llvmjit" release="1.ule3" version="13.12">
+                         <filename>postgresql-llvmjit-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-debugsource" release="1.ule3" version="13.12">
+                         <filename>postgresql-debugsource-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-plperl" release="1.ule3" version="13.12">
+                         <filename>postgresql-plperl-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-static" release="1.ule3" version="13.12">
+                         <filename>postgresql-static-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-pltcl" release="1.ule3" version="13.12">
+                         <filename>postgresql-pltcl-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-docs" release="1.ule3" version="13.12">
+                         <filename>postgresql-docs-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-server" release="1.ule3" version="13.12">
+                         <filename>postgresql-server-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="postgresql-contrib" release="1.ule3" version="13.12">
+                         <filename>postgresql-contrib-13.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1581</id>
+          <title>An update for libreswan is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38710" id="CVE-2023-38710" title="CVE-2023-38710" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38711" id="CVE-2023-38711" title="CVE-2023-38711" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38712" id="CVE-2023-38712" title="CVE-2023-38712" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload&#39;s protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.(CVE-2023-38710)An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.(CVE-2023-38711)An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.(CVE-2023-38712)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libreswan-debuginfo" release="1.ule3" version="4.12">
+                         <filename>libreswan-debuginfo-4.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan-debugsource" release="1.ule3" version="4.12">
+                         <filename>libreswan-debugsource-4.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan-help" release="1.ule3" version="4.12">
+                         <filename>libreswan-help-4.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan" release="1.ule3" version="4.12">
+                         <filename>libreswan-4.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-help" release="1.ule3" version="4.12">
+                         <filename>libreswan-help-4.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-debugsource" release="1.ule3" version="4.12">
+                         <filename>libreswan-debugsource-4.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan" release="1.ule3" version="4.12">
+                         <filename>libreswan-4.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-debuginfo" release="1.ule3" version="4.12">
+                         <filename>libreswan-debuginfo-4.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1582</id>
+          <title>An update for librsvg2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38633" id="CVE-2023-38633" title="CVE-2023-38633" type="cve"></reference>
+          </references>
+          <description>A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=&#34;.?../../../../../../../../../../etc/passwd&#34; in an xi:include element.(CVE-2023-38633)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="librsvg2-debugsource" release="6.ule3" version="2.50.5">
+                         <filename>librsvg2-debugsource-2.50.5-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="librsvg2" release="6.ule3" version="2.50.5">
+                         <filename>librsvg2-2.50.5-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="librsvg2-devel" release="6.ule3" version="2.50.5">
+                         <filename>librsvg2-devel-2.50.5-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="librsvg2-tools" release="6.ule3" version="2.50.5">
+                         <filename>librsvg2-tools-2.50.5-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="librsvg2-debuginfo" release="6.ule3" version="2.50.5">
+                         <filename>librsvg2-debuginfo-2.50.5-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="librsvg2-help" release="6.ule3" version="2.50.5">
+                         <filename>librsvg2-help-2.50.5-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="librsvg2-devel" release="6.ule3" version="2.50.5">
+                         <filename>librsvg2-devel-2.50.5-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="librsvg2-tools" release="6.ule3" version="2.50.5">
+                         <filename>librsvg2-tools-2.50.5-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="librsvg2-debugsource" release="6.ule3" version="2.50.5">
+                         <filename>librsvg2-debugsource-2.50.5-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="librsvg2" release="6.ule3" version="2.50.5">
+                         <filename>librsvg2-2.50.5-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="librsvg2-debuginfo" release="6.ule3" version="2.50.5">
+                         <filename>librsvg2-debuginfo-2.50.5-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1583</id>
+          <title>An update for busybox is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48174" id="CVE-2022-48174" title="CVE-2022-48174" type="cve"></reference>
+          </references>
+          <description>There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.(CVE-2022-48174)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="busybox-debuginfo" release="19.ule3" version="1.34.1">
+                         <filename>busybox-debuginfo-1.34.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="busybox" release="19.ule3" version="1.34.1">
+                         <filename>busybox-1.34.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="busybox-help" release="19.ule3" version="1.34.1">
+                         <filename>busybox-help-1.34.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="busybox-petitboot" release="19.ule3" version="1.34.1">
+                         <filename>busybox-petitboot-1.34.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="busybox-debugsource" release="19.ule3" version="1.34.1">
+                         <filename>busybox-debugsource-1.34.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="busybox" release="19.ule3" version="1.34.1">
+                         <filename>busybox-1.34.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="busybox-debuginfo" release="19.ule3" version="1.34.1">
+                         <filename>busybox-debuginfo-1.34.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="busybox-petitboot" release="19.ule3" version="1.34.1">
+                         <filename>busybox-petitboot-1.34.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="busybox-debugsource" release="19.ule3" version="1.34.1">
+                         <filename>busybox-debugsource-1.34.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="busybox-help" release="19.ule3" version="1.34.1">
+                         <filename>busybox-help-1.34.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1585</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1206" id="CVE-2023-1206" title="CVE-2023-1206" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34319" id="CVE-2023-34319" title="CVE-2023-34319" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38432" id="CVE-2023-38432" title="CVE-2023-38432" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3867" id="CVE-2023-3867" title="CVE-2023-3867" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40283" id="CVE-2023-40283" title="CVE-2023-40283" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4194" id="CVE-2023-4194" title="CVE-2023-4194" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4389" id="CVE-2023-4389" title="CVE-2023-4389" type="cve"></reference>
+          </references>
+          <description>A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.(CVE-2023-1206)A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service (DoS) of the host by sending network packets to the backend, causing the backend to crash.(CVE-2023-34319)An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.(CVE-2023-38432)(CVE-2023-3867)An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.(CVE-2023-40283)A flaw was found in the Linux kernel&#39;s TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 (&#34;tun: tun_chr_open(): correctly initialize socket uid&#34;), - 66b2c338adce (&#34;tap: tap_open(): correctly initialize socket uid&#34;), pass &#34;inode-&gt;i_uid&#34; to sock_init_data_uid() as the last parameter and that turns out to not be accurate.(CVE-2023-4194)A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.(CVE-2023-4389)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.109.0.136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.109.0.136.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.109.0.136.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1592</id>
+          <title>An update for binutils is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4285" id="CVE-2022-4285" title="CVE-2022-4285" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48064" id="CVE-2022-48064" title="CVE-2022-48064" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1972" id="CVE-2023-1972" title="CVE-2023-1972" type="cve"></reference>
+          </references>
+          <description>An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.(CVE-2022-4285)GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.(CVE-2022-48064)A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.(CVE-2023-1972)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="binutils" release="25.ule3" version="2.37">
+                         <filename>binutils-2.37-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="binutils-debugsource" release="25.ule3" version="2.37">
+                         <filename>binutils-debugsource-2.37-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="binutils-debuginfo" release="25.ule3" version="2.37">
+                         <filename>binutils-debuginfo-2.37-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="binutils-devel" release="25.ule3" version="2.37">
+                         <filename>binutils-devel-2.37-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="binutils-help" release="25.ule3" version="2.37">
+                         <filename>binutils-help-2.37-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="binutils-help" release="25.ule3" version="2.37">
+                         <filename>binutils-help-2.37-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="binutils-debuginfo" release="25.ule3" version="2.37">
+                         <filename>binutils-debuginfo-2.37-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="binutils-devel" release="25.ule3" version="2.37">
+                         <filename>binutils-devel-2.37-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="binutils" release="25.ule3" version="2.37">
+                         <filename>binutils-2.37-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="binutils-debugsource" release="25.ule3" version="2.37">
+                         <filename>binutils-debugsource-2.37-25.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1599</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40090" id="CVE-2022-40090" title="CVE-2022-40090" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.(CVE-2022-40090)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-tools" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-32.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-32.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-32.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-32.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-32.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-32.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-32.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-32.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-32.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-32.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-32.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-32.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="32.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-32.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1601</id>
+          <title>An update for openjdk-latest is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21549" id="CVE-2022-21549" title="CVE-2022-21549" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40433" id="CVE-2022-40433" title="CVE-2022-40433" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21830" id="CVE-2023-21830" title="CVE-2023-21830" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21835" id="CVE-2023-21835" title="CVE-2023-21835" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21843" id="CVE-2023-21843" title="CVE-2023-21843" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21930" id="CVE-2023-21930" title="CVE-2023-21930" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21937" id="CVE-2023-21937" title="CVE-2023-21937" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21938" id="CVE-2023-21938" title="CVE-2023-21938" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21939" id="CVE-2023-21939" title="CVE-2023-21939" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21954" id="CVE-2023-21954" title="CVE-2023-21954" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21967" id="CVE-2023-21967" title="CVE-2023-21967" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21968" id="CVE-2023-21968" title="CVE-2023-21968" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22006" id="CVE-2023-22006" title="CVE-2023-22006" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22041" id="CVE-2023-22041" title="CVE-2023-22041" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22045" id="CVE-2023-22045" title="CVE-2023-22045" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21549)An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.(CVE-2022-40433)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).  Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and  21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21830)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-21835)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).  Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21843)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2023-21930)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21937)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21938)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21939)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-21954)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21967)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21968)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).(CVE-2023-22006)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-22041)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22045)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-devel" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-devel-20.0.2.9-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-demo" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-demo-20.0.2.9-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-jmods" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-jmods-20.0.2.9-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-src" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-src-20.0.2.9-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-20.0.2.9-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-headless" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-headless-20.0.2.9-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-javadoc-20.0.2.9-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc-zip" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-javadoc-zip-20.0.2.9-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-demo" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-demo-20.0.2.9-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-20.0.2.9-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-headless" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-headless-20.0.2.9-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-javadoc-20.0.2.9-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc-zip" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-javadoc-zip-20.0.2.9-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-src" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-src-20.0.2.9-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-jmods" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-jmods-20.0.2.9-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-devel" release="1.rolling.ule3" version="20.0.2.9">
+                         <filename>java-latest-openjdk-devel-20.0.2.9-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1606</id>
+          <title>An update for ghostscript is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28879" id="CVE-2023-28879" title="CVE-2023-28879" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-36664" id="CVE-2023-36664" title="CVE-2023-36664" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38559" id="CVE-2023-38559" title="CVE-2023-38559" type="cve"></reference>
+          </references>
+          <description>In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.(CVE-2023-28879)Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).(CVE-2023-36664)A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.(CVE-2023-38559)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ghostscript-debuginfo" release="5.ule3" version="9.55.0">
+                         <filename>ghostscript-debuginfo-9.55.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript-tools-dvipdf" release="5.ule3" version="9.55.0">
+                         <filename>ghostscript-tools-dvipdf-9.55.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript" release="5.ule3" version="9.55.0">
+                         <filename>ghostscript-9.55.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript-devel" release="5.ule3" version="9.55.0">
+                         <filename>ghostscript-devel-9.55.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript-debugsource" release="5.ule3" version="9.55.0">
+                         <filename>ghostscript-debugsource-9.55.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ghostscript-help" release="5.ule3" version="9.55.0">
+                         <filename>ghostscript-help-9.55.0-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-tools-dvipdf" release="5.ule3" version="9.55.0">
+                         <filename>ghostscript-tools-dvipdf-9.55.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-debugsource" release="5.ule3" version="9.55.0">
+                         <filename>ghostscript-debugsource-9.55.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-debuginfo" release="5.ule3" version="9.55.0">
+                         <filename>ghostscript-debuginfo-9.55.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript" release="5.ule3" version="9.55.0">
+                         <filename>ghostscript-9.55.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-devel" release="5.ule3" version="9.55.0">
+                         <filename>ghostscript-devel-9.55.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1609</id>
+          <title>An update for hyperscan is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28711" id="CVE-2023-28711" title="CVE-2023-28711" type="cve"></reference>
+          </references>
+          <description>Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.(CVE-2023-28711)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="hyperscan-devel" release="1.ule3" version="5.4.2">
+                         <filename>hyperscan-devel-5.4.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hyperscan-debugsource" release="1.ule3" version="5.4.2">
+                         <filename>hyperscan-debugsource-5.4.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hyperscan" release="1.ule3" version="5.4.2">
+                         <filename>hyperscan-5.4.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="hyperscan-debuginfo" release="1.ule3" version="5.4.2">
+                         <filename>hyperscan-debuginfo-5.4.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hyperscan-debuginfo" release="1.ule3" version="5.4.2">
+                         <filename>hyperscan-debuginfo-5.4.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hyperscan-devel" release="1.ule3" version="5.4.2">
+                         <filename>hyperscan-devel-5.4.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hyperscan-debugsource" release="1.ule3" version="5.4.2">
+                         <filename>hyperscan-debugsource-5.4.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="hyperscan" release="1.ule3" version="5.4.2">
+                         <filename>hyperscan-5.4.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1610</id>
+          <title>An update for qt5-qtbase is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37369" id="CVE-2023-37369" title="CVE-2023-37369" type="cve"></reference>
+          </references>
+          <description>In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.(CVE-2023-37369)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qt5-qtbase" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debugsource" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-mysql" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debuginfo" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-gui" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-postgresql" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-private-devel" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-examples" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-devel" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-static" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-odbc" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="qt5-qtbase-common" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-common-5.15.2-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-private-devel" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debuginfo" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debugsource" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-gui" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-examples" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-mysql" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-devel" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-odbc" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-static" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-postgresql" release="9.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1613</id>
+          <title>An update for poppler is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-23804" id="CVE-2020-23804" title="CVE-2020-23804" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37050" id="CVE-2022-37050" title="CVE-2022-37050" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37051" id="CVE-2022-37051" title="CVE-2022-37051" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37052" id="CVE-2022-37052" title="CVE-2022-37052" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38349" id="CVE-2022-38349" title="CVE-2022-38349" type="cve"></reference>
+          </references>
+          <description>Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.(CVE-2020-23804)In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.(CVE-2022-37050)An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.(CVE-2022-37051)A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.(CVE-2022-37052)An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.(CVE-2022-38349)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="poppler-glib-devel" release="6.ule3" version="0.90.0">
+                         <filename>poppler-glib-devel-0.90.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-qt5-devel" release="6.ule3" version="0.90.0">
+                         <filename>poppler-qt5-devel-0.90.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-cpp" release="6.ule3" version="0.90.0">
+                         <filename>poppler-cpp-0.90.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-glib" release="6.ule3" version="0.90.0">
+                         <filename>poppler-glib-0.90.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-qt5" release="6.ule3" version="0.90.0">
+                         <filename>poppler-qt5-0.90.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-debugsource" release="6.ule3" version="0.90.0">
+                         <filename>poppler-debugsource-0.90.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-utils" release="6.ule3" version="0.90.0">
+                         <filename>poppler-utils-0.90.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-debuginfo" release="6.ule3" version="0.90.0">
+                         <filename>poppler-debuginfo-0.90.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler" release="6.ule3" version="0.90.0">
+                         <filename>poppler-0.90.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-devel" release="6.ule3" version="0.90.0">
+                         <filename>poppler-devel-0.90.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="poppler-cpp-devel" release="6.ule3" version="0.90.0">
+                         <filename>poppler-cpp-devel-0.90.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="poppler-glib-doc" release="6.ule3" version="0.90.0">
+                         <filename>poppler-glib-doc-0.90.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="poppler-help" release="6.ule3" version="0.90.0">
+                         <filename>poppler-help-0.90.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-glib-devel" release="6.ule3" version="0.90.0">
+                         <filename>poppler-glib-devel-0.90.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-debuginfo" release="6.ule3" version="0.90.0">
+                         <filename>poppler-debuginfo-0.90.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-qt5" release="6.ule3" version="0.90.0">
+                         <filename>poppler-qt5-0.90.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-glib" release="6.ule3" version="0.90.0">
+                         <filename>poppler-glib-0.90.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-cpp-devel" release="6.ule3" version="0.90.0">
+                         <filename>poppler-cpp-devel-0.90.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-devel" release="6.ule3" version="0.90.0">
+                         <filename>poppler-devel-0.90.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler" release="6.ule3" version="0.90.0">
+                         <filename>poppler-0.90.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-debugsource" release="6.ule3" version="0.90.0">
+                         <filename>poppler-debugsource-0.90.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-qt5-devel" release="6.ule3" version="0.90.0">
+                         <filename>poppler-qt5-devel-0.90.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-cpp" release="6.ule3" version="0.90.0">
+                         <filename>poppler-cpp-0.90.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="poppler-utils" release="6.ule3" version="0.90.0">
+                         <filename>poppler-utils-0.90.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1614</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3865" id="CVE-2023-3865" title="CVE-2023-3865" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3866" id="CVE-2023-3866" title="CVE-2023-3866" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4132" id="CVE-2023-4132" title="CVE-2023-4132" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4273" id="CVE-2023-4273" title="CVE-2023-4273" type="cve"></reference>
+          </references>
+          <description>(CVE-2023-3865)(CVE-2023-3866)A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.(CVE-2023-4132)A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.(CVE-2023-4273)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-devel" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.110.0.137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.110.0.137.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.110.0.137.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1621</id>
+          <title>An update for php is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31631" id="CVE-2022-31631" title="CVE-2022-31631" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0567" id="CVE-2023-0567" title="CVE-2023-0567" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0568" id="CVE-2023-0568" title="CVE-2023-0568" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0662" id="CVE-2023-0662" title="CVE-2023-0662" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3247" id="CVE-2023-3247" title="CVE-2023-3247" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3823" id="CVE-2023-3823" title="CVE-2023-3823" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3824" id="CVE-2023-3824" title="CVE-2023-3824" type="cve"></reference>
+          </references>
+          <description>A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place.(CVE-2022-31631)In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.(CVE-2023-0567)In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client&#39;s nonce. (CVE-2023-3247)In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. (CVE-2023-3823)In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. (CVE-2023-3824)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="php-pgsql" release="1.ule3" version="8.0.30">
+                         <filename>php-pgsql-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-opcache" release="1.ule3" version="8.0.30">
+                         <filename>php-opcache-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-embedded" release="1.ule3" version="8.0.30">
+                         <filename>php-embedded-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-dbg" release="1.ule3" version="8.0.30">
+                         <filename>php-dbg-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-snmp" release="1.ule3" version="8.0.30">
+                         <filename>php-snmp-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-odbc" release="1.ule3" version="8.0.30">
+                         <filename>php-odbc-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-intl" release="1.ule3" version="8.0.30">
+                         <filename>php-intl-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-debugsource" release="1.ule3" version="8.0.30">
+                         <filename>php-debugsource-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-dba" release="1.ule3" version="8.0.30">
+                         <filename>php-dba-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-gmp" release="1.ule3" version="8.0.30">
+                         <filename>php-gmp-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-cli" release="1.ule3" version="8.0.30">
+                         <filename>php-cli-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-ffi" release="1.ule3" version="8.0.30">
+                         <filename>php-ffi-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-xml" release="1.ule3" version="8.0.30">
+                         <filename>php-xml-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-help" release="1.ule3" version="8.0.30">
+                         <filename>php-help-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-gd" release="1.ule3" version="8.0.30">
+                         <filename>php-gd-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-debuginfo" release="1.ule3" version="8.0.30">
+                         <filename>php-debuginfo-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php" release="1.ule3" version="8.0.30">
+                         <filename>php-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-enchant" release="1.ule3" version="8.0.30">
+                         <filename>php-enchant-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-soap" release="1.ule3" version="8.0.30">
+                         <filename>php-soap-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-mbstring" release="1.ule3" version="8.0.30">
+                         <filename>php-mbstring-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-pdo" release="1.ule3" version="8.0.30">
+                         <filename>php-pdo-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-process" release="1.ule3" version="8.0.30">
+                         <filename>php-process-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-mysqlnd" release="1.ule3" version="8.0.30">
+                         <filename>php-mysqlnd-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-devel" release="1.ule3" version="8.0.30">
+                         <filename>php-devel-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-bcmath" release="1.ule3" version="8.0.30">
+                         <filename>php-bcmath-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-fpm" release="1.ule3" version="8.0.30">
+                         <filename>php-fpm-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-tidy" release="1.ule3" version="8.0.30">
+                         <filename>php-tidy-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-common" release="1.ule3" version="8.0.30">
+                         <filename>php-common-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="php-ldap" release="1.ule3" version="8.0.30">
+                         <filename>php-ldap-8.0.30-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-debuginfo" release="1.ule3" version="8.0.30">
+                         <filename>php-debuginfo-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-pdo" release="1.ule3" version="8.0.30">
+                         <filename>php-pdo-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-process" release="1.ule3" version="8.0.30">
+                         <filename>php-process-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-cli" release="1.ule3" version="8.0.30">
+                         <filename>php-cli-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-bcmath" release="1.ule3" version="8.0.30">
+                         <filename>php-bcmath-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-gmp" release="1.ule3" version="8.0.30">
+                         <filename>php-gmp-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-embedded" release="1.ule3" version="8.0.30">
+                         <filename>php-embedded-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-enchant" release="1.ule3" version="8.0.30">
+                         <filename>php-enchant-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-dbg" release="1.ule3" version="8.0.30">
+                         <filename>php-dbg-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-fpm" release="1.ule3" version="8.0.30">
+                         <filename>php-fpm-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-devel" release="1.ule3" version="8.0.30">
+                         <filename>php-devel-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-snmp" release="1.ule3" version="8.0.30">
+                         <filename>php-snmp-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php" release="1.ule3" version="8.0.30">
+                         <filename>php-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-tidy" release="1.ule3" version="8.0.30">
+                         <filename>php-tidy-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-help" release="1.ule3" version="8.0.30">
+                         <filename>php-help-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-mysqlnd" release="1.ule3" version="8.0.30">
+                         <filename>php-mysqlnd-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-odbc" release="1.ule3" version="8.0.30">
+                         <filename>php-odbc-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-debugsource" release="1.ule3" version="8.0.30">
+                         <filename>php-debugsource-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-opcache" release="1.ule3" version="8.0.30">
+                         <filename>php-opcache-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-common" release="1.ule3" version="8.0.30">
+                         <filename>php-common-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-gd" release="1.ule3" version="8.0.30">
+                         <filename>php-gd-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-intl" release="1.ule3" version="8.0.30">
+                         <filename>php-intl-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-ldap" release="1.ule3" version="8.0.30">
+                         <filename>php-ldap-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-dba" release="1.ule3" version="8.0.30">
+                         <filename>php-dba-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-soap" release="1.ule3" version="8.0.30">
+                         <filename>php-soap-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-xml" release="1.ule3" version="8.0.30">
+                         <filename>php-xml-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-pgsql" release="1.ule3" version="8.0.30">
+                         <filename>php-pgsql-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-mbstring" release="1.ule3" version="8.0.30">
+                         <filename>php-mbstring-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="php-ffi" release="1.ule3" version="8.0.30">
+                         <filename>php-ffi-8.0.30-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1624</id>
+          <title>An update for gdb is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-09"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39128" id="CVE-2023-39128" title="CVE-2023-39128" type="cve"></reference>
+          </references>
+          <description>GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.(CVE-2023-39128)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gdb" release="5.ule3" version="11.1">
+                         <filename>gdb-11.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb-gdbserver" release="5.ule3" version="11.1">
+                         <filename>gdb-gdbserver-11.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb-headless" release="5.ule3" version="11.1">
+                         <filename>gdb-headless-11.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb-debugsource" release="5.ule3" version="11.1">
+                         <filename>gdb-debugsource-11.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb-debuginfo" release="5.ule3" version="11.1">
+                         <filename>gdb-debuginfo-11.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gdb-help" release="5.ule3" version="11.1">
+                         <filename>gdb-help-11.1-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb" release="5.ule3" version="11.1">
+                         <filename>gdb-11.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-debuginfo" release="5.ule3" version="11.1">
+                         <filename>gdb-debuginfo-11.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-gdbserver" release="5.ule3" version="11.1">
+                         <filename>gdb-gdbserver-11.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-headless" release="5.ule3" version="11.1">
+                         <filename>gdb-headless-11.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-debugsource" release="5.ule3" version="11.1">
+                         <filename>gdb-debugsource-11.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1625</id>
+          <title>An update for libtommath is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-11"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-36328" id="CVE-2023-36328" title="CVE-2023-36328" type="cve"></reference>
+          </references>
+          <description>Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).(CVE-2023-36328)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtommath-debuginfo" release="4.ule3" version="1.2.0">
+                         <filename>libtommath-debuginfo-1.2.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtommath" release="4.ule3" version="1.2.0">
+                         <filename>libtommath-1.2.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtommath-devel" release="4.ule3" version="1.2.0">
+                         <filename>libtommath-devel-1.2.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtommath-debugsource" release="4.ule3" version="1.2.0">
+                         <filename>libtommath-debugsource-1.2.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtommath-help" release="4.ule3" version="1.2.0">
+                         <filename>libtommath-help-1.2.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtommath-help" release="4.ule3" version="1.2.0">
+                         <filename>libtommath-help-1.2.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtommath" release="4.ule3" version="1.2.0">
+                         <filename>libtommath-1.2.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtommath-debuginfo" release="4.ule3" version="1.2.0">
+                         <filename>libtommath-debuginfo-1.2.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtommath-devel" release="4.ule3" version="1.2.0">
+                         <filename>libtommath-devel-1.2.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtommath-debugsource" release="4.ule3" version="1.2.0">
+                         <filename>libtommath-debugsource-1.2.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1626</id>
+          <title>An update for nasm is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-21528" id="CVE-2020-21528" title="CVE-2020-21528" type="cve"></reference>
+          </references>
+          <description>A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.(CVE-2020-21528)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="nasm-debugsource" release="6.ule3" version="2.15.05">
+                         <filename>nasm-debugsource-2.15.05-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nasm-debuginfo" release="6.ule3" version="2.15.05">
+                         <filename>nasm-debuginfo-2.15.05-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nasm" release="6.ule3" version="2.15.05">
+                         <filename>nasm-2.15.05-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="nasm-help" release="6.ule3" version="2.15.05">
+                         <filename>nasm-help-2.15.05-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nasm-debugsource" release="6.ule3" version="2.15.05">
+                         <filename>nasm-debugsource-2.15.05-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nasm" release="6.ule3" version="2.15.05">
+                         <filename>nasm-2.15.05-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nasm-debuginfo" release="6.ule3" version="2.15.05">
+                         <filename>nasm-debuginfo-2.15.05-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1627</id>
+          <title>An update for rubygem-railties is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38037" id="CVE-2023-38037" title="CVE-2023-38037" type="cve"></reference>
+          </references>
+          <description>(CVE-2023-38037)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="rubygem-railties-doc" release="2.ule3" version="6.1.4.1">
+                         <filename>rubygem-railties-doc-6.1.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-railties" release="2.ule3" version="6.1.4.1">
+                         <filename>rubygem-railties-6.1.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1628</id>
+          <title>An update for python-GitPython is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-41040" id="CVE-2023-41040" title="CVE-2023-41040" type="cve"></reference>
+          </references>
+          <description> GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn&#39;t check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed.(CVE-2023-41040)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-GitPython-help" release="2.ule3" version="3.1.32">
+                         <filename>python-GitPython-help-3.1.32-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-GitPython" release="2.ule3" version="3.1.32">
+                         <filename>python3-GitPython-3.1.32-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1629</id>
+          <title>An update for open-vm-tools is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-20867" id="CVE-2023-20867" title="CVE-2023-20867" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-20900" id="CVE-2023-20900" title="CVE-2023-20900" type="cve"></reference>
+          </references>
+          <description>A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.(CVE-2023-20867)A malicious actor that has been granted  Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged  Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .(CVE-2023-20900)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="open-vm-tools" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-12.0.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-debuginfo" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-debuginfo-12.0.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-devel" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-devel-12.0.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-sdmp" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-sdmp-12.0.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-test" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-test-12.0.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-debugsource" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-debugsource-12.0.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-desktop" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-desktop-12.0.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-debugsource" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-debugsource-12.0.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-desktop" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-desktop-12.0.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-test" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-test-12.0.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-salt-minion" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-salt-minion-12.0.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-devel" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-devel-12.0.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-sdmp" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-sdmp-12.0.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-12.0.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-debuginfo" release="3.ule3" version="12.0.5">
+                         <filename>open-vm-tools-debuginfo-12.0.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1632</id>
+          <title>An update for tomcat is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-41080" id="CVE-2023-41080" title="CVE-2023-41080" type="cve"></reference>
+          </references>
+          <description>URL Redirection to Untrusted Site (&#39;Open Redirect&#39;) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.The vulnerability is limited to the ROOT (default) web application.(CVE-2023-41080)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="tomcat-jsvc" release="29.ule3" version="9.0.10">
+                         <filename>tomcat-jsvc-9.0.10-29.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat" release="29.ule3" version="9.0.10">
+                         <filename>tomcat-9.0.10-29.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat-help" release="29.ule3" version="9.0.10">
+                         <filename>tomcat-help-9.0.10-29.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1633</id>
+          <title>An update for rubygem-activesupport is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38037" id="CVE-2023-38037" title="CVE-2023-38037" type="cve"></reference>
+          </references>
+          <description>An insecure temporary file vulnerability was found in activesupport rubygem. Contents that will be encrypted are written to a temporary file that has the user’s current umask settings, possibly leading to information disclosure by other users on the same system.(CVE-2023-38037)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="rubygem-activesupport" release="3.ule3" version="6.1.4.1">
+                         <filename>rubygem-activesupport-6.1.4.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="rubygem-activesupport-doc" release="3.ule3" version="6.1.4.1">
+                         <filename>rubygem-activesupport-doc-6.1.4.1-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1634</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32247" id="CVE-2023-32247" title="CVE-2023-32247" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3777" id="CVE-2023-3777" title="CVE-2023-3777" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4015" id="CVE-2023-4015" title="CVE-2023-4015" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4206" id="CVE-2023-4206" title="CVE-2023-4206" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4207" id="CVE-2023-4207" title="CVE-2023-4207" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4208" id="CVE-2023-4208" title="CVE-2023-4208" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4622" id="CVE-2023-4622" title="CVE-2023-4622" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the Linux kernel&#39;s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.(CVE-2023-32247)A use-after-free vulnerability in the Linux kernel&#39;s netfilter: nf_tables component can be exploited to achieve local privilege escalation.When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain&#39;s owner rule can also release the objects in certain circumstances.We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.(CVE-2023-3777)A use-after-free vulnerability in the Linux kernel&#39;s netfilter: nf_tables component can be exploited to achieve local privilege escalation.On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used.We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2.(CVE-2023-4015)A use-after-free vulnerability in the Linux kernel&#39;s net/sched: cls_route component can be exploited to achieve local privilege escalation.When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.(CVE-2023-4206)A use-after-free vulnerability in the Linux kernel&#39;s net/sched: cls_fw component can be exploited to achieve local privilege escalation.When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.(CVE-2023-4207)A use-after-free vulnerability in the Linux kernel&#39;s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.(CVE-2023-4208)A use-after-free vulnerability in the Linux kernel&#39;s af_unix component can be exploited to achieve local privilege escalation.The unix_stream_sendpage() function tries to add data to the last skb in the peer&#39;s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.(CVE-2023-4622)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.111.0.138.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.111.0.138.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.111.0.138.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1641</id>
+          <title>An update for djvulibre is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46310" id="CVE-2021-46310" title="CVE-2021-46310" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46312" id="CVE-2021-46312" title="CVE-2021-46312" type="cve"></reference>
+          </references>
+          <description>An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.(CVE-2021-46310)An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.(CVE-2021-46312)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="djvulibre-debuginfo" release="19.ule3" version="3.5.27">
+                         <filename>djvulibre-debuginfo-3.5.27-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="djvulibre" release="19.ule3" version="3.5.27">
+                         <filename>djvulibre-3.5.27-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="djvulibre-debugsource" release="19.ule3" version="3.5.27">
+                         <filename>djvulibre-debugsource-3.5.27-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="djvulibre-help" release="19.ule3" version="3.5.27">
+                         <filename>djvulibre-help-3.5.27-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="djvulibre-devel" release="19.ule3" version="3.5.27">
+                         <filename>djvulibre-devel-3.5.27-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="djvulibre-debuginfo" release="19.ule3" version="3.5.27">
+                         <filename>djvulibre-debuginfo-3.5.27-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="djvulibre-devel" release="19.ule3" version="3.5.27">
+                         <filename>djvulibre-devel-3.5.27-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="djvulibre-help" release="19.ule3" version="3.5.27">
+                         <filename>djvulibre-help-3.5.27-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="djvulibre" release="19.ule3" version="3.5.27">
+                         <filename>djvulibre-3.5.27-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="djvulibre-debugsource" release="19.ule3" version="3.5.27">
+                         <filename>djvulibre-debugsource-3.5.27-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1644</id>
+          <title>An update for openjdk-1.8.0 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21549" id="CVE-2022-21549" title="CVE-2022-21549" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40433" id="CVE-2022-40433" title="CVE-2022-40433" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21830" id="CVE-2023-21830" title="CVE-2023-21830" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21843" id="CVE-2023-21843" title="CVE-2023-21843" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21930" id="CVE-2023-21930" title="CVE-2023-21930" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21937" id="CVE-2023-21937" title="CVE-2023-21937" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21938" id="CVE-2023-21938" title="CVE-2023-21938" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21939" id="CVE-2023-21939" title="CVE-2023-21939" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21954" id="CVE-2023-21954" title="CVE-2023-21954" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21967" id="CVE-2023-21967" title="CVE-2023-21967" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21968" id="CVE-2023-21968" title="CVE-2023-21968" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22045" id="CVE-2023-22045" title="CVE-2023-22045" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22049" id="CVE-2023-22049" title="CVE-2023-22049" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21549)An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.(CVE-2022-40433)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).  Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and  21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21830)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).  Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21843)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2023-21930)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21937)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21938)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21939)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-21954)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21967)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21968)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22045)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-22049)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debuginfo" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debugsource" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.382.b05-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc-zip" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-javadoc-1.8.0.382.b05-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debugsource" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debuginfo" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless-slowdebug" release="8.ule3" version="1.8.0.382.b05">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1649</id>
+          <title>An update for mdadm is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28736" id="CVE-2023-28736" title="CVE-2023-28736" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28938" id="CVE-2023-28938" title="CVE-2023-28938" type="cve"></reference>
+          </references>
+          <description>Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-28736)Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.(CVE-2023-28938)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mdadm" release="11.ule3" version="4.1">
+                         <filename>mdadm-4.1-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mdadm-debugsource" release="11.ule3" version="4.1">
+                         <filename>mdadm-debugsource-4.1-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mdadm-debuginfo" release="11.ule3" version="4.1">
+                         <filename>mdadm-debuginfo-4.1-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="mdadm-help" release="11.ule3" version="4.1">
+                         <filename>mdadm-help-4.1-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mdadm-debugsource" release="11.ule3" version="4.1">
+                         <filename>mdadm-debugsource-4.1-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mdadm-debuginfo" release="11.ule3" version="4.1">
+                         <filename>mdadm-debuginfo-4.1-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mdadm" release="11.ule3" version="4.1">
+                         <filename>mdadm-4.1-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1651</id>
+          <title>An update for batik is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38398" id="CVE-2022-38398" title="CVE-2022-38398" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38648" id="CVE-2022-38648" title="CVE-2022-38648" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40146" id="CVE-2022-40146" title="CVE-2022-40146" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44729" id="CVE-2022-44729" title="CVE-2022-44729" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44730" id="CVE-2022-44730" title="CVE-2022-44730" type="cve"></reference>
+          </references>
+          <description>Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38398)Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38648)Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-40146)Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.(CVE-2022-44729)Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.A malicious SVG can probe user profile / data and send it directly as parameter to a URL.(CVE-2022-44730)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="batik" release="1.ule3" version="1.17">
+                         <filename>batik-1.17-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="batik-help" release="1.ule3" version="1.17">
+                         <filename>batik-help-1.17-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1652</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2906" id="CVE-2023-2906" title="CVE-2023-2906" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3649" id="CVE-2023-3649" title="CVE-2023-3649" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4511" id="CVE-2023-4511" title="CVE-2023-4511" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4513" id="CVE-2023-4513" title="CVE-2023-4513" type="cve"></reference>
+          </references>
+          <description>Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.(CVE-2023-2906)iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file(CVE-2023-3649)BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file(CVE-2023-4511)BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file(CVE-2023-4513)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="3.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="3.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="3.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="3.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="3.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="3.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="3.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="3.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="3.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="3.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1653</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4733" id="CVE-2023-4733" title="CVE-2023-4733" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4734" id="CVE-2023-4734" title="CVE-2023-4734" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4735" id="CVE-2023-4735" title="CVE-2023-4735" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4736" id="CVE-2023-4736" title="CVE-2023-4736" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4738" id="CVE-2023-4738" title="CVE-2023-4738" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4750" id="CVE-2023-4750" title="CVE-2023-4750" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4752" id="CVE-2023-4752" title="CVE-2023-4752" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4781" id="CVE-2023-4781" title="CVE-2023-4781" type="cve"></reference>
+          </references>
+          <description>Use After Free in GitHub repository vim/vim prior to 9.0.1840.(CVE-2023-4733)Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.(CVE-2023-4734)Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.(CVE-2023-4735)Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.(CVE-2023-4736)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.(CVE-2023-4738)Use After Free in GitHub repository vim/vim prior to 9.0.1857.(CVE-2023-4750)Use After Free in GitHub repository vim/vim prior to 9.0.1858.(CVE-2023-4752)Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.(CVE-2023-4781)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="17.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="17.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="17.ule3" version="9.0">
+                         <filename>vim-X11-9.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="17.ule3" version="9.0">
+                         <filename>vim-common-9.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="17.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="17.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="17.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="17.ule3" version="9.0">
+                         <filename>vim-common-9.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="17.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="17.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="17.ule3" version="9.0">
+                         <filename>vim-X11-9.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="17.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="17.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1656</id>
+          <title>An update for freerdp is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39350" id="CVE-2023-39350" title="CVE-2023-39350" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39351" id="CVE-2023-39351" title="CVE-2023-39351" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39352" id="CVE-2023-39352" title="CVE-2023-39352" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39353" id="CVE-2023-39353" title="CVE-2023-39353" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39354" id="CVE-2023-39354" title="CVE-2023-39354" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39356" id="CVE-2023-39356" title="CVE-2023-39356" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40181" id="CVE-2023-40181" title="CVE-2023-40181" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40186" id="CVE-2023-40186" title="CVE-2023-40186" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40188" id="CVE-2023-40188" title="CVE-2023-40188" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40567" id="CVE-2023-40567" title="CVE-2023-40567" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40569" id="CVE-2023-40569" title="CVE-2023-40569" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40589" id="CVE-2023-40589" title="CVE-2023-40589" type="cve"></reference>
+          </references>
+          <description>FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39350)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling.  Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39351)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect-&gt;left` and `rect-&gt;top` are exactly equal to `surface-&gt;width` and  `surface-&gt;height`. eg. `rect-&gt;left` == `surface-&gt;width` &amp;&amp; `rect-&gt;top` == `surface-&gt;height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39352)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile-&gt;quantIdxY`, `tile-&gt;quantIdxCb`, and `tile-&gt;quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39353)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context-&gt;Planes` without  checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39354)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect-&gt;numRectangles` is less than 45. Looping through `multi_opaque_rect-&gt;`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39356)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it&#39;s possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40181)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40186)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40188)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.(CVE-2023-40567)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.(CVE-2023-40569)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40589)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="freerdp-devel" release="1.ule3" version="2.11.1">
+                         <filename>freerdp-devel-2.11.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-help" release="1.ule3" version="2.11.1">
+                         <filename>freerdp-help-2.11.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debugsource" release="1.ule3" version="2.11.1">
+                         <filename>freerdp-debugsource-2.11.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr-devel" release="1.ule3" version="2.11.1">
+                         <filename>libwinpr-devel-2.11.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr" release="1.ule3" version="2.11.1">
+                         <filename>libwinpr-2.11.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp" release="1.ule3" version="2.11.1">
+                         <filename>freerdp-2.11.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debuginfo" release="1.ule3" version="2.11.1">
+                         <filename>freerdp-debuginfo-2.11.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debuginfo" release="1.ule3" version="2.11.1">
+                         <filename>freerdp-debuginfo-2.11.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-devel" release="1.ule3" version="2.11.1">
+                         <filename>freerdp-devel-2.11.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp" release="1.ule3" version="2.11.1">
+                         <filename>freerdp-2.11.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr-devel" release="1.ule3" version="2.11.1">
+                         <filename>libwinpr-devel-2.11.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr" release="1.ule3" version="2.11.1">
+                         <filename>libwinpr-2.11.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-help" release="1.ule3" version="2.11.1">
+                         <filename>freerdp-help-2.11.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debugsource" release="1.ule3" version="2.11.1">
+                         <filename>freerdp-debugsource-2.11.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1660</id>
+          <title>An update for mutt is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4874" id="CVE-2023-4874" title="CVE-2023-4874" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4875" id="CVE-2023-4875" title="CVE-2023-4875" type="cve"></reference>
+          </references>
+          <description>Null pointer dereference when viewing a specially crafted email in Mutt &gt;1.5.2 &lt;2.2.12(CVE-2023-4874)Null pointer dereference when composing from a specially crafted draft message in Mutt &gt;1.5.2 &lt;2.2.12(CVE-2023-4875)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="5" arch="aarch64" name="mutt" release="1.ule3" version="2.2.12">
+                         <filename>mutt-2.2.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="mutt-debuginfo" release="1.ule3" version="2.2.12">
+                         <filename>mutt-debuginfo-2.2.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="aarch64" name="mutt-debugsource" release="1.ule3" version="2.2.12">
+                         <filename>mutt-debugsource-2.2.12-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="noarch" name="mutt-help" release="1.ule3" version="2.2.12">
+                         <filename>mutt-help-2.2.12-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="mutt" release="1.ule3" version="2.2.12">
+                         <filename>mutt-2.2.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="mutt-debuginfo" release="1.ule3" version="2.2.12">
+                         <filename>mutt-debuginfo-2.2.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="mutt-debugsource" release="1.ule3" version="2.2.12">
+                         <filename>mutt-debugsource-2.2.12-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1661</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-41164" id="CVE-2023-41164" title="CVE-2023-41164" type="cve"></reference>
+          </references>
+          <description>An uncontrolled resource consumption vulnerability was found in Django. Feeding certain inputs with a very large number of Unicode characters to the URI to IRI encoder function can lead to a denial of service.(CVE-2023-41164)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-Django" release="7.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-django-help" release="7.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-7.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1668</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45887" id="CVE-2022-45887" title="CVE-2022-45887" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-20588" id="CVE-2023-20588" title="CVE-2023-20588" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21400" id="CVE-2023-21400" title="CVE-2023-21400" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32249" id="CVE-2023-32249" title="CVE-2023-32249" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32251" id="CVE-2023-32251" title="CVE-2023-32251" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32253" id="CVE-2023-32253" title="CVE-2023-32253" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4881" id="CVE-2023-4881" title="CVE-2023-4881" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4921" id="CVE-2023-4921" title="CVE-2023-4921" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.(CVE-2022-45887)A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. (CVE-2023-20588)In multiple functions  of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2023-21400)VUL-0: CVE-2023-32249: kernel: Linux Kernel ksmbd Multichannel Improper Authentication Session Hijack Vulnerability(CVE-2023-32249)VUL-0: CVE-2023-32251: kernel: Linux Kernel ksmbd Improper Restriction of Excessive Authentication Attempts Protection Bypass Vulnerability(CVE-2023-32251)VUL-0: CVE-2023-32253: kernel: Linux Kernel ksmbd Session Deadlock Denial-of-Service Vulnerability(CVE-2023-32253)** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.(CVE-2023-4881)A use-after-free vulnerability in the Linux kernel&#39;s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.(CVE-2023-4921)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.112.0.139.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.112.0.139.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.112.0.139.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1673</id>
+          <title>An update for firefox is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-15670" id="CVE-2020-15670" title="CVE-2020-15670" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-15673" id="CVE-2020-15673" title="CVE-2020-15673" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-15674" id="CVE-2020-15674" title="CVE-2020-15674" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-15675" id="CVE-2020-15675" title="CVE-2020-15675" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-15680" id="CVE-2020-15680" title="CVE-2020-15680" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-15681" id="CVE-2020-15681" title="CVE-2020-15681" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-15682" id="CVE-2020-15682" title="CVE-2020-15682" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-15683" id="CVE-2020-15683" title="CVE-2020-15683" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-15684" id="CVE-2020-15684" title="CVE-2020-15684" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-16012" id="CVE-2020-16012" title="CVE-2020-16012" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-16044" id="CVE-2020-16044" title="CVE-2020-16044" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26950" id="CVE-2020-26950" title="CVE-2020-26950" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26951" id="CVE-2020-26951" title="CVE-2020-26951" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26953" id="CVE-2020-26953" title="CVE-2020-26953" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26956" id="CVE-2020-26956" title="CVE-2020-26956" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26958" id="CVE-2020-26958" title="CVE-2020-26958" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26959" id="CVE-2020-26959" title="CVE-2020-26959" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26960" id="CVE-2020-26960" title="CVE-2020-26960" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26961" id="CVE-2020-26961" title="CVE-2020-26961" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26962" id="CVE-2020-26962" title="CVE-2020-26962" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26965" id="CVE-2020-26965" title="CVE-2020-26965" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26968" id="CVE-2020-26968" title="CVE-2020-26968" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26969" id="CVE-2020-26969" title="CVE-2020-26969" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26971" id="CVE-2020-26971" title="CVE-2020-26971" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26972" id="CVE-2020-26972" title="CVE-2020-26972" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26973" id="CVE-2020-26973" title="CVE-2020-26973" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26974" id="CVE-2020-26974" title="CVE-2020-26974" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26976" id="CVE-2020-26976" title="CVE-2020-26976" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26978" id="CVE-2020-26978" title="CVE-2020-26978" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-26979" id="CVE-2020-26979" title="CVE-2020-26979" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-35111" id="CVE-2020-35111" title="CVE-2020-35111" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-35113" id="CVE-2020-35113" title="CVE-2020-35113" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-35114" id="CVE-2020-35114" title="CVE-2020-35114" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23953" id="CVE-2021-23953" title="CVE-2021-23953" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23954" id="CVE-2021-23954" title="CVE-2021-23954" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23955" id="CVE-2021-23955" title="CVE-2021-23955" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23956" id="CVE-2021-23956" title="CVE-2021-23956" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23958" id="CVE-2021-23958" title="CVE-2021-23958" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23960" id="CVE-2021-23960" title="CVE-2021-23960" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23961" id="CVE-2021-23961" title="CVE-2021-23961" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23962" id="CVE-2021-23962" title="CVE-2021-23962" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23963" id="CVE-2021-23963" title="CVE-2021-23963" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23964" id="CVE-2021-23964" title="CVE-2021-23964" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23965" id="CVE-2021-23965" title="CVE-2021-23965" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23968" id="CVE-2021-23968" title="CVE-2021-23968" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23969" id="CVE-2021-23969" title="CVE-2021-23969" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23970" id="CVE-2021-23970" title="CVE-2021-23970" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23971" id="CVE-2021-23971" title="CVE-2021-23971" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23972" id="CVE-2021-23972" title="CVE-2021-23972" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23973" id="CVE-2021-23973" title="CVE-2021-23973" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23974" id="CVE-2021-23974" title="CVE-2021-23974" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23975" id="CVE-2021-23975" title="CVE-2021-23975" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23978" id="CVE-2021-23978" title="CVE-2021-23978" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23979" id="CVE-2021-23979" title="CVE-2021-23979" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23981" id="CVE-2021-23981" title="CVE-2021-23981" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23982" id="CVE-2021-23982" title="CVE-2021-23982" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23983" id="CVE-2021-23983" title="CVE-2021-23983" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23984" id="CVE-2021-23984" title="CVE-2021-23984" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23985" id="CVE-2021-23985" title="CVE-2021-23985" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23986" id="CVE-2021-23986" title="CVE-2021-23986" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23987" id="CVE-2021-23987" title="CVE-2021-23987" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23988" id="CVE-2021-23988" title="CVE-2021-23988" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23994" id="CVE-2021-23994" title="CVE-2021-23994" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23995" id="CVE-2021-23995" title="CVE-2021-23995" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23996" id="CVE-2021-23996" title="CVE-2021-23996" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23997" id="CVE-2021-23997" title="CVE-2021-23997" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23998" id="CVE-2021-23998" title="CVE-2021-23998" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23999" id="CVE-2021-23999" title="CVE-2021-23999" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-24000" id="CVE-2021-24000" title="CVE-2021-24000" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-24001" id="CVE-2021-24001" title="CVE-2021-24001" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-24002" id="CVE-2021-24002" title="CVE-2021-24002" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29944" id="CVE-2021-29944" title="CVE-2021-29944" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29945" id="CVE-2021-29945" title="CVE-2021-29945" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29946" id="CVE-2021-29946" title="CVE-2021-29946" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29947" id="CVE-2021-29947" title="CVE-2021-29947" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29952" id="CVE-2021-29952" title="CVE-2021-29952" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29953" id="CVE-2021-29953" title="CVE-2021-29953" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29955" id="CVE-2021-29955" title="CVE-2021-29955" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29959" id="CVE-2021-29959" title="CVE-2021-29959" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29960" id="CVE-2021-29960" title="CVE-2021-29960" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29961" id="CVE-2021-29961" title="CVE-2021-29961" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29965" id="CVE-2021-29965" title="CVE-2021-29965" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29966" id="CVE-2021-29966" title="CVE-2021-29966" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29967" id="CVE-2021-29967" title="CVE-2021-29967" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29970" id="CVE-2021-29970" title="CVE-2021-29970" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29972" id="CVE-2021-29972" title="CVE-2021-29972" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29974" id="CVE-2021-29974" title="CVE-2021-29974" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29975" id="CVE-2021-29975" title="CVE-2021-29975" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29976" id="CVE-2021-29976" title="CVE-2021-29976" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29977" id="CVE-2021-29977" title="CVE-2021-29977" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29980" id="CVE-2021-29980" title="CVE-2021-29980" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29981" id="CVE-2021-29981" title="CVE-2021-29981" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29982" id="CVE-2021-29982" title="CVE-2021-29982" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29984" id="CVE-2021-29984" title="CVE-2021-29984" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29985" id="CVE-2021-29985" title="CVE-2021-29985" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29986" id="CVE-2021-29986" title="CVE-2021-29986" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29987" id="CVE-2021-29987" title="CVE-2021-29987" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29988" id="CVE-2021-29988" title="CVE-2021-29988" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29989" id="CVE-2021-29989" title="CVE-2021-29989" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29990" id="CVE-2021-29990" title="CVE-2021-29990" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-29991" id="CVE-2021-29991" title="CVE-2021-29991" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-30547" id="CVE-2021-30547" title="CVE-2021-30547" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-32810" id="CVE-2021-32810" title="CVE-2021-32810" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38491" id="CVE-2021-38491" title="CVE-2021-38491" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38493" id="CVE-2021-38493" title="CVE-2021-38493" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38494" id="CVE-2021-38494" title="CVE-2021-38494" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38496" id="CVE-2021-38496" title="CVE-2021-38496" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38497" id="CVE-2021-38497" title="CVE-2021-38497" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38498" id="CVE-2021-38498" title="CVE-2021-38498" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38499" id="CVE-2021-38499" title="CVE-2021-38499" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38500" id="CVE-2021-38500" title="CVE-2021-38500" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38501" id="CVE-2021-38501" title="CVE-2021-38501" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38503" id="CVE-2021-38503" title="CVE-2021-38503" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38504" id="CVE-2021-38504" title="CVE-2021-38504" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38506" id="CVE-2021-38506" title="CVE-2021-38506" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38507" id="CVE-2021-38507" title="CVE-2021-38507" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38508" id="CVE-2021-38508" title="CVE-2021-38508" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38509" id="CVE-2021-38509" title="CVE-2021-38509" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-38510" id="CVE-2021-38510" title="CVE-2021-38510" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4140" id="CVE-2021-4140" title="CVE-2021-4140" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43531" id="CVE-2021-43531" title="CVE-2021-43531" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43532" id="CVE-2021-43532" title="CVE-2021-43532" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43533" id="CVE-2021-43533" title="CVE-2021-43533" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43534" id="CVE-2021-43534" title="CVE-2021-43534" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43535" id="CVE-2021-43535" title="CVE-2021-43535" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43536" id="CVE-2021-43536" title="CVE-2021-43536" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43537" id="CVE-2021-43537" title="CVE-2021-43537" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43538" id="CVE-2021-43538" title="CVE-2021-43538" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43539" id="CVE-2021-43539" title="CVE-2021-43539" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43540" id="CVE-2021-43540" title="CVE-2021-43540" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43541" id="CVE-2021-43541" title="CVE-2021-43541" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43542" id="CVE-2021-43542" title="CVE-2021-43542" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43543" id="CVE-2021-43543" title="CVE-2021-43543" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43545" id="CVE-2021-43545" title="CVE-2021-43545" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43546" id="CVE-2021-43546" title="CVE-2021-43546" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0511" id="CVE-2022-0511" title="CVE-2022-0511" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0843" id="CVE-2022-0843" title="CVE-2022-0843" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1097" id="CVE-2022-1097" title="CVE-2022-1097" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1196" id="CVE-2022-1196" title="CVE-2022-1196" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1529" id="CVE-2022-1529" title="CVE-2022-1529" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1802" id="CVE-2022-1802" title="CVE-2022-1802" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-1919" id="CVE-2022-1919" title="CVE-2022-1919" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2200" id="CVE-2022-2200" title="CVE-2022-2200" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22737" id="CVE-2022-22737" title="CVE-2022-22737" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22738" id="CVE-2022-22738" title="CVE-2022-22738" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22739" id="CVE-2022-22739" title="CVE-2022-22739" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22740" id="CVE-2022-22740" title="CVE-2022-22740" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22741" id="CVE-2022-22741" title="CVE-2022-22741" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22742" id="CVE-2022-22742" title="CVE-2022-22742" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22743" id="CVE-2022-22743" title="CVE-2022-22743" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22745" id="CVE-2022-22745" title="CVE-2022-22745" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22747" id="CVE-2022-22747" title="CVE-2022-22747" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22748" id="CVE-2022-22748" title="CVE-2022-22748" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22754" id="CVE-2022-22754" title="CVE-2022-22754" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22755" id="CVE-2022-22755" title="CVE-2022-22755" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22756" id="CVE-2022-22756" title="CVE-2022-22756" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22757" id="CVE-2022-22757" title="CVE-2022-22757" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22759" id="CVE-2022-22759" title="CVE-2022-22759" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22760" id="CVE-2022-22760" title="CVE-2022-22760" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22761" id="CVE-2022-22761" title="CVE-2022-22761" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-22763" id="CVE-2022-22763" title="CVE-2022-22763" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24713" id="CVE-2022-24713" title="CVE-2022-24713" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26381" id="CVE-2022-26381" title="CVE-2022-26381" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26382" id="CVE-2022-26382" title="CVE-2022-26382" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26383" id="CVE-2022-26383" title="CVE-2022-26383" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26384" id="CVE-2022-26384" title="CVE-2022-26384" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26385" id="CVE-2022-26385" title="CVE-2022-26385" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26386" id="CVE-2022-26386" title="CVE-2022-26386" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26387" id="CVE-2022-26387" title="CVE-2022-26387" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26485" id="CVE-2022-26485" title="CVE-2022-26485" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26486" id="CVE-2022-26486" title="CVE-2022-26486" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28281" id="CVE-2022-28281" title="CVE-2022-28281" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28282" id="CVE-2022-28282" title="CVE-2022-28282" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28283" id="CVE-2022-28283" title="CVE-2022-28283" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28284" id="CVE-2022-28284" title="CVE-2022-28284" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28285" id="CVE-2022-28285" title="CVE-2022-28285" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28286" id="CVE-2022-28286" title="CVE-2022-28286" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28287" id="CVE-2022-28287" title="CVE-2022-28287" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-28289" id="CVE-2022-28289" title="CVE-2022-28289" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29909" id="CVE-2022-29909" title="CVE-2022-29909" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29911" id="CVE-2022-29911" title="CVE-2022-29911" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29912" id="CVE-2022-29912" title="CVE-2022-29912" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29914" id="CVE-2022-29914" title="CVE-2022-29914" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29915" id="CVE-2022-29915" title="CVE-2022-29915" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29916" id="CVE-2022-29916" title="CVE-2022-29916" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-29918" id="CVE-2022-29918" title="CVE-2022-29918" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31736" id="CVE-2022-31736" title="CVE-2022-31736" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31737" id="CVE-2022-31737" title="CVE-2022-31737" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31738" id="CVE-2022-31738" title="CVE-2022-31738" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31740" id="CVE-2022-31740" title="CVE-2022-31740" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31741" id="CVE-2022-31741" title="CVE-2022-31741" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31742" id="CVE-2022-31742" title="CVE-2022-31742" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31743" id="CVE-2022-31743" title="CVE-2022-31743" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31744" id="CVE-2022-31744" title="CVE-2022-31744" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31745" id="CVE-2022-31745" title="CVE-2022-31745" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-31748" id="CVE-2022-31748" title="CVE-2022-31748" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3266" id="CVE-2022-3266" title="CVE-2022-3266" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34468" id="CVE-2022-34468" title="CVE-2022-34468" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34469" id="CVE-2022-34469" title="CVE-2022-34469" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34470" id="CVE-2022-34470" title="CVE-2022-34470" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34471" id="CVE-2022-34471" title="CVE-2022-34471" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34472" id="CVE-2022-34472" title="CVE-2022-34472" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34473" id="CVE-2022-34473" title="CVE-2022-34473" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34474" id="CVE-2022-34474" title="CVE-2022-34474" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34475" id="CVE-2022-34475" title="CVE-2022-34475" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34476" id="CVE-2022-34476" title="CVE-2022-34476" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34477" id="CVE-2022-34477" title="CVE-2022-34477" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34479" id="CVE-2022-34479" title="CVE-2022-34479" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34480" id="CVE-2022-34480" title="CVE-2022-34480" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34481" id="CVE-2022-34481" title="CVE-2022-34481" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34482" id="CVE-2022-34482" title="CVE-2022-34482" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34483" id="CVE-2022-34483" title="CVE-2022-34483" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34484" id="CVE-2022-34484" title="CVE-2022-34484" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-34485" id="CVE-2022-34485" title="CVE-2022-34485" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36318" id="CVE-2022-36318" title="CVE-2022-36318" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36319" id="CVE-2022-36319" title="CVE-2022-36319" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38472" id="CVE-2022-38472" title="CVE-2022-38472" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38473" id="CVE-2022-38473" title="CVE-2022-38473" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38477" id="CVE-2022-38477" title="CVE-2022-38477" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-38478" id="CVE-2022-38478" title="CVE-2022-38478" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40956" id="CVE-2022-40956" title="CVE-2022-40956" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40957" id="CVE-2022-40957" title="CVE-2022-40957" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40958" id="CVE-2022-40958" title="CVE-2022-40958" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40959" id="CVE-2022-40959" title="CVE-2022-40959" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40960" id="CVE-2022-40960" title="CVE-2022-40960" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40962" id="CVE-2022-40962" title="CVE-2022-40962" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42928" id="CVE-2022-42928" title="CVE-2022-42928" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45408" id="CVE-2022-45408" title="CVE-2022-45408" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45409" id="CVE-2022-45409" title="CVE-2022-45409" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45410" id="CVE-2022-45410" title="CVE-2022-45410" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45411" id="CVE-2022-45411" title="CVE-2022-45411" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45412" id="CVE-2022-45412" title="CVE-2022-45412" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45416" id="CVE-2022-45416" title="CVE-2022-45416" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45418" id="CVE-2022-45418" title="CVE-2022-45418" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45420" id="CVE-2022-45420" title="CVE-2022-45420" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45421" id="CVE-2022-45421" title="CVE-2022-45421" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46871" id="CVE-2022-46871" title="CVE-2022-46871" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46874" id="CVE-2022-46874" title="CVE-2022-46874" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46875" id="CVE-2022-46875" title="CVE-2022-46875" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46878" id="CVE-2022-46878" title="CVE-2022-46878" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-46882" id="CVE-2022-46882" title="CVE-2022-46882" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0767" id="CVE-2023-0767" title="CVE-2023-0767" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1945" id="CVE-2023-1945" title="CVE-2023-1945" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23598" id="CVE-2023-23598" title="CVE-2023-23598" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23599" id="CVE-2023-23599" title="CVE-2023-23599" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23601" id="CVE-2023-23601" title="CVE-2023-23601" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23602" id="CVE-2023-23602" title="CVE-2023-23602" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23603" id="CVE-2023-23603" title="CVE-2023-23603" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25728" id="CVE-2023-25728" title="CVE-2023-25728" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25729" id="CVE-2023-25729" title="CVE-2023-25729" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25730" id="CVE-2023-25730" title="CVE-2023-25730" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25732" id="CVE-2023-25732" title="CVE-2023-25732" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25735" id="CVE-2023-25735" title="CVE-2023-25735" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25737" id="CVE-2023-25737" title="CVE-2023-25737" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25739" id="CVE-2023-25739" title="CVE-2023-25739" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25742" id="CVE-2023-25742" title="CVE-2023-25742" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25751" id="CVE-2023-25751" title="CVE-2023-25751" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-25752" id="CVE-2023-25752" title="CVE-2023-25752" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28162" id="CVE-2023-28162" title="CVE-2023-28162" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28164" id="CVE-2023-28164" title="CVE-2023-28164" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28176" id="CVE-2023-28176" title="CVE-2023-28176" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29533" id="CVE-2023-29533" title="CVE-2023-29533" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29535" id="CVE-2023-29535" title="CVE-2023-29535" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29536" id="CVE-2023-29536" title="CVE-2023-29536" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29539" id="CVE-2023-29539" title="CVE-2023-29539" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29541" id="CVE-2023-29541" title="CVE-2023-29541" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29548" id="CVE-2023-29548" title="CVE-2023-29548" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-29550" id="CVE-2023-29550" title="CVE-2023-29550" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32205" id="CVE-2023-32205" title="CVE-2023-32205" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32206" id="CVE-2023-32206" title="CVE-2023-32206" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32207" id="CVE-2023-32207" title="CVE-2023-32207" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32211" id="CVE-2023-32211" title="CVE-2023-32211" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32212" id="CVE-2023-32212" title="CVE-2023-32212" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32213" id="CVE-2023-32213" title="CVE-2023-32213" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32215" id="CVE-2023-32215" title="CVE-2023-32215" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37201" id="CVE-2023-37201" title="CVE-2023-37201" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37202" id="CVE-2023-37202" title="CVE-2023-37202" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37207" id="CVE-2023-37207" title="CVE-2023-37207" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37208" id="CVE-2023-37208" title="CVE-2023-37208" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37211" id="CVE-2023-37211" title="CVE-2023-37211" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4045" id="CVE-2023-4045" title="CVE-2023-4045" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4046" id="CVE-2023-4046" title="CVE-2023-4046" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4047" id="CVE-2023-4047" title="CVE-2023-4047" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4048" id="CVE-2023-4048" title="CVE-2023-4048" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4049" id="CVE-2023-4049" title="CVE-2023-4049" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4050" id="CVE-2023-4050" title="CVE-2023-4050" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4054" id="CVE-2023-4054" title="CVE-2023-4054" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4055" id="CVE-2023-4055" title="CVE-2023-4055" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4056" id="CVE-2023-4056" title="CVE-2023-4056" type="cve"></reference>
+          </references>
+          <description>Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 80, Firefox ESR &lt; 78.2, Thunderbird &lt; 78.2, and Firefox for Android &lt; 80.(CVE-2020-15670)Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 81, Thunderbird &lt; 78.3, and Firefox ESR &lt; 78.3.(CVE-2020-15673)Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 81.(CVE-2020-15674)When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox &lt; 81.(CVE-2020-15675)If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox &lt; 82.(CVE-2020-15680)When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another&#39;s entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox &lt; 82.(CVE-2020-15681)When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn&#39;t control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox &lt; 82.(CVE-2020-15682)Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 78.4, Firefox &lt; 82, and Thunderbird &lt; 78.4.(CVE-2020-15683)Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 82.(CVE-2020-15684)Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.(CVE-2020-16012)Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.(CVE-2020-16044)In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox &lt; 82.0.3, Firefox ESR &lt; 78.4.1, and Thunderbird &lt; 78.4.2.(CVE-2020-26950)(CVE-2020-26951)(CVE-2020-26953)(CVE-2020-26956)(CVE-2020-26958)(CVE-2020-26959)(CVE-2020-26960)(CVE-2020-26961)(CVE-2020-26962)(CVE-2020-26965)(CVE-2020-26968)(CVE-2020-26969)Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox &lt; 84, Thunderbird &lt; 78.6, and Firefox ESR &lt; 78.6.(CVE-2020-26971)The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox &lt; 84.(CVE-2020-26972)Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox &lt; 84, Thunderbird &lt; 78.6, and Firefox ESR &lt; 78.6.(CVE-2020-26973)When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox &lt; 84, Thunderbird &lt; 78.6, and Firefox ESR &lt; 78.6.(CVE-2020-26974)When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox &lt; 84.(CVE-2020-26976)Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network&#39;s hosts as well as services running on the user&#39;s local machine. This vulnerability affects Firefox &lt; 84, Thunderbird &lt; 78.6, and Firefox ESR &lt; 78.6.(CVE-2020-26978)When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability affects Firefox &lt; 84.(CVE-2020-26979)When an extension with the proxy permission registered to receive &lt;all_urls&gt;, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox &lt; 84, Thunderbird &lt; 78.6, and Firefox ESR &lt; 78.6.(CVE-2020-35111)Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 84, Thunderbird &lt; 78.6, and Firefox ESR &lt; 78.6.(CVE-2020-35113)Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 84.(CVE-2020-35114)If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox &lt; 85, Thunderbird &lt; 78.7, and Firefox ESR &lt; 78.7.(CVE-2021-23953)Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox &lt; 85, Thunderbird &lt; 78.7, and Firefox ESR &lt; 78.7.(CVE-2021-23954)The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox &lt; 85.(CVE-2021-23955)An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox &lt; 85.(CVE-2021-23956)The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox &lt; 85.(CVE-2021-23958)Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox &lt; 85, Thunderbird &lt; 78.7, and Firefox ESR &lt; 78.7.(CVE-2021-23960)Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network&#39;s hosts as well as services running on the user&#39;s local machine. This vulnerability affects Firefox &lt; 85.(CVE-2021-23961)Incorrect use of the &#39;&lt;RowCountChanged&gt;&#39; method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox &lt; 85.(CVE-2021-23962)When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox &lt; 85.(CVE-2021-23963)Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 85, Thunderbird &lt; 78.7, and Firefox ESR &lt; 78.7.(CVE-2021-23964)Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 85.(CVE-2021-23965)If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox &lt; 86, Thunderbird &lt; 78.8, and Firefox ESR &lt; 78.8.(CVE-2021-23968)As specified in the W3C Content Security Policy draft, when creating a violation report, &#34;User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.&#34; Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination&#39;s origin. This vulnerability affects Firefox &lt; 86, Thunderbird &lt; 78.8, and Firefox ESR &lt; 78.8.(CVE-2021-23969)Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox &lt; 86.(CVE-2021-23970)When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect&#39;s Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox &lt; 86.(CVE-2021-23971)One phishing tactic on the web is to provide a link with HTTP Auth. For example &#39;https://www.phishingtarget.com@evil.com&#39;. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox &lt; 86.(CVE-2021-23972)When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox &lt; 86, Thunderbird &lt; 78.8, and Firefox ESR &lt; 78.8.(CVE-2021-23973)The DOMParser API did not properly process &#39;&lt;noscript&gt;&#39; elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox &lt; 86.(CVE-2021-23974)The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox &lt; 86.(CVE-2021-23975)Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 86, Thunderbird &lt; 78.8, and Firefox ESR &lt; 78.8.(CVE-2021-23978)Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 86.(CVE-2021-23979)A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR &lt; 78.9, Firefox &lt; 87, and Thunderbird &lt; 78.9.(CVE-2021-23981)Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network&#39;s hosts as well as services running on the user&#39;s local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR &lt; 78.9, Firefox &lt; 87, and Thunderbird &lt; 78.9.(CVE-2021-23982)By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox &lt; 87.(CVE-2021-23983)A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR &lt; 78.9, Firefox &lt; 87, and Thunderbird &lt; 78.9.(CVE-2021-23984)If an attacker is able to alter specific about:config values (for example malware running on the user&#39;s computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user&#39;s browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox &lt; 87.(CVE-2021-23985)A malicious extension with the &#39;search&#39; permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox &lt; 87.(CVE-2021-23986)Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 78.9, Firefox &lt; 87, and Thunderbird &lt; 78.9.(CVE-2021-23987)Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 87.(CVE-2021-23988)A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox &lt; 88.(CVE-2021-23994)When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox &lt; 88.(CVE-2021-23995)By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage&#39;s viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox &lt; 88.(CVE-2021-23996)Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 88.(CVE-2021-23997)Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox &lt; 88.(CVE-2021-23998)If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox &lt; 88.(CVE-2021-23999)A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as &lt;input type=&#34;file&#34;&gt;) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox &lt; 88.(CVE-2021-24000)A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox &lt; 88.(CVE-2021-24001)When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox &lt; 88.(CVE-2021-24002)Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 88.(CVE-2021-29944)The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox &lt; 88.(CVE-2021-29945)Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox &lt; 88.(CVE-2021-29946)Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 88.(CVE-2021-29947)When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox &lt; 88.0.1 and Firefox for Android &lt; 88.1.3.(CVE-2021-29952)A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox &lt; 88.0.1 and Firefox for Android &lt; 88.1.3.(CVE-2021-29953)A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR &lt; 78.9 and Firefox &lt; 87.(CVE-2021-29955)When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox &lt; 89.(CVE-2021-29959)Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox &lt; 89.(CVE-2021-29960)When styling and rendering an oversized `&lt;select&gt;` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox &lt; 89.(CVE-2021-29961)A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 89.(CVE-2021-29965)Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 89.(CVE-2021-29966)Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 78.11, Firefox &lt; 89, and Firefox ESR &lt; 78.11.(CVE-2021-29967)A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird &lt; 78.12, Firefox ESR &lt; 78.12, and Firefox &lt; 90.(CVE-2021-29970)A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox &lt; 90.(CVE-2021-29972)When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox &lt; 90.(CVE-2021-29974)Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox &lt; 90.(CVE-2021-29975)Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 78.12, Firefox ESR &lt; 78.12, and Firefox &lt; 90.(CVE-2021-29976)Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 90.(CVE-2021-29977)Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 78.13, Thunderbird &lt; 91, Firefox ESR &lt; 78.13, and Firefox &lt; 91.(CVE-2021-29980)An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox &lt; 91 and Thunderbird &lt; 91.(CVE-2021-29981)Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox &lt; 91 and Thunderbird &lt; 91.(CVE-2021-29982)Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 78.13, Thunderbird &lt; 91, Firefox ESR &lt; 78.13, and Firefox &lt; 91.(CVE-2021-29984)A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 78.13, Thunderbird &lt; 91, Firefox ESR &lt; 78.13, and Firefox &lt; 91.(CVE-2021-29985)A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird &lt; 78.13, Thunderbird &lt; 91, Firefox ESR &lt; 78.13, and Firefox &lt; 91.(CVE-2021-29986)After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 91 and Thunderbird &lt; 91.(CVE-2021-29987)Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 78.13, Thunderbird &lt; 91, Firefox ESR &lt; 78.13, and Firefox &lt; 91.(CVE-2021-29988)Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 78.13, Firefox ESR &lt; 78.13, and Firefox &lt; 91.(CVE-2021-29989)Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 91.(CVE-2021-29990)Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox &lt; 91.0.1 and Thunderbird &lt; 91.0.1.(CVE-2021-29991)Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.(CVE-2021-30547)crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.(CVE-2021-32810)Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox &lt; 92.(CVE-2021-38491)Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 78.14, Thunderbird &lt; 78.14, and Firefox &lt; 92.(CVE-2021-38493)Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 92.(CVE-2021-38494)During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 78.15, Thunderbird &lt; 91.2, Firefox ESR &lt; 91.2, Firefox ESR &lt; 78.15, and Firefox &lt; 93.(CVE-2021-38496)Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox &lt; 93, Thunderbird &lt; 91.2, and Firefox ESR &lt; 91.2.(CVE-2021-38497)During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox &lt; 93, Thunderbird &lt; 91.2, and Firefox ESR &lt; 91.2.(CVE-2021-38498)Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 93.(CVE-2021-38499)Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 78.15, Thunderbird &lt; 91.2, Firefox ESR &lt; 91.2, Firefox ESR &lt; 78.15, and Firefox &lt; 93.(CVE-2021-38500)Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 93, Thunderbird &lt; 91.2, and Firefox ESR &lt; 91.2.(CVE-2021-38501)The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox &lt; 94, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.(CVE-2021-38503)When interacting with an HTML input element&#39;s file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox &lt; 94, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.(CVE-2021-38504)Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox &lt; 94, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.(CVE-2021-38506)The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox &lt; 94, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.(CVE-2021-38507)By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox &lt; 94, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.(CVE-2021-38508)Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker&#39;s choosing. This vulnerability affects Firefox &lt; 94, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.(CVE-2021-38509)The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user&#39;s computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 94, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.(CVE-2021-38510)It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird &lt; 91.5.(CVE-2021-4140)When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to. This was fixed to provide the pre-redirect URL. This is related to CVE-2021-43532 but in the context of Web Extensions. This vulnerability affects Firefox &lt; 94.(CVE-2021-43531)The &#39;Copy Image Link&#39; context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox &lt; 94.(CVE-2021-43532)When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox &lt; 94.(CVE-2021-43533)Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 94, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.(CVE-2021-43534)A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox &lt; 93, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.(CVE-2021-43535)Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.(CVE-2021-43536)An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.(CVE-2021-43537)By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.(CVE-2021-43538)Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.(CVE-2021-43539)WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox &lt; 95.(CVE-2021-43540)When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.(CVE-2021-43541)Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.(CVE-2021-43542)Documents loaded with the CSP sandbox directive could have escaped the sandbox&#39;s script restriction by embedding additional content. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.(CVE-2021-43543)Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.(CVE-2021-43545)It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.(CVE-2021-43546)Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 97.(CVE-2022-0511)Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 98.(CVE-2022-0843)&lt;code&gt;NSSToken&lt;/code&gt; objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird &lt; 91.8, Firefox &lt; 99, and Firefox ESR &lt; 91.8.(CVE-2022-1097)After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird &lt; 91.8 and Firefox ESR &lt; 91.8.(CVE-2022-1196)An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR &lt; 91.9.1, Firefox &lt; 100.0.2, Firefox for Android &lt; 100.3.0, and Thunderbird &lt; 91.9.1.(CVE-2022-1529)If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR &lt; 91.9.1, Firefox &lt; 100.0.2, Firefox for Android &lt; 100.3.0, and Thunderbird &lt; 91.9.1.(CVE-2022-1802)Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2022-1919)If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102, and Thunderbird &lt; 91.11.(CVE-2022-2200)Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird &lt; 91.5.(CVE-2022-22737)Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird &lt; 91.5.(CVE-2022-22738)Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird &lt; 91.5.(CVE-2022-22739)Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird &lt; 91.5.(CVE-2022-22740)When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird &lt; 91.5.(CVE-2022-22741)When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird &lt; 91.5.(CVE-2022-22742)When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird &lt; 91.5.(CVE-2022-22743)Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird &lt; 91.5.(CVE-2022-22745)After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird &lt; 91.5.(CVE-2022-22747)Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird &lt; 91.5.(CVE-2022-22748)If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox &lt; 97, Thunderbird &lt; 91.6, and Firefox ESR &lt; 91.6.(CVE-2022-22754)By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox &lt; 97.(CVE-2022-22755)If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox &lt; 97, Thunderbird &lt; 91.6, and Firefox ESR &lt; 91.6.(CVE-2022-22756)Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user&#39;s browser to control it. &lt;br&gt;*This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox &lt; 97.(CVE-2022-22757)If a document created a sandboxed iframe without &lt;code&gt;allow-scripts&lt;/code&gt;, and subsequently appended an element to the iframe&#39;s document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe&#39;s sandbox. This vulnerability affects Firefox &lt; 97, Thunderbird &lt; 91.6, and Firefox ESR &lt; 91.6.(CVE-2022-22759)When importing resources using Web Workers, error messages would distinguish the difference between &lt;code&gt;application/javascript&lt;/code&gt; responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox &lt; 97, Thunderbird &lt; 91.6, and Firefox ESR &lt; 91.6.(CVE-2022-22760)Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension&#39;s Content Security Policy. This vulnerability affects Firefox &lt; 97, Thunderbird &lt; 91.6, and Firefox ESR &lt; 91.6.(CVE-2022-22761)When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox &lt; 96, Thunderbird &lt; 91.6, and Firefox ESR &lt; 91.6.(CVE-2022-22763)regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it&#39;s considered part of the crate&#39;s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it&#39;s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.(CVE-2022-24713)An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox &lt; 98, Firefox ESR &lt; 91.7, and Thunderbird &lt; 91.7.(CVE-2022-26381)While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox &lt; 98.(CVE-2022-26382)When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox &lt; 98, Firefox ESR &lt; 91.7, and Thunderbird &lt; 91.7.(CVE-2022-26383)If an attacker could control the contents of an iframe sandboxed with &lt;code&gt;allow-popups&lt;/code&gt; but not &lt;code&gt;allow-scripts&lt;/code&gt;, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox &lt; 98, Firefox ESR &lt; 91.7, and Thunderbird &lt; 91.7.(CVE-2022-26384)In unusual circumstances, an individual thread may outlive the thread&#39;s manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox &lt; 98.(CVE-2022-26385)Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in &lt;code&gt;/tmp&lt;/code&gt;, but this behavior was changed to download them to &lt;code&gt;/tmp&lt;/code&gt; where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. &lt;br&gt;*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR &lt; 91.7 and Thunderbird &lt; 91.7.(CVE-2022-26386)When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox &lt; 98, Firefox ESR &lt; 91.7, and Thunderbird &lt; 91.7.(CVE-2022-26387)Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox &lt; 97.0.2, Firefox ESR &lt; 91.6.1, Firefox for Android &lt; 97.3.0, Thunderbird &lt; 91.6.2, and Focus &lt; 97.3.0.(CVE-2022-26485)An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox &lt; 97.0.2, Firefox ESR &lt; 91.6.1, Firefox for Android &lt; 97.3.0, Thunderbird &lt; 91.6.2, and Focus &lt; 97.3.0.(CVE-2022-26486)If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 91.8, Firefox &lt; 99, and Firefox ESR &lt; 91.8.(CVE-2022-28281)By using a link with &lt;code&gt;rel=&#34;localization&#34;&lt;/code&gt; a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird &lt; 91.8, Firefox &lt; 99, and Firefox ESR &lt; 91.8.(CVE-2022-28282)The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox &lt; 99.(CVE-2022-28283)SVG&#39;s &lt;code&gt;&lt;use&gt;&lt;/code&gt; element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko&#39;s implementation was aligned with theirs. This vulnerability affects Firefox &lt; 99.(CVE-2022-28284)When generating the assembly code for &lt;code&gt;MLoadTypedArrayElementHole&lt;/code&gt;, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird &lt; 91.8, Firefox &lt; 99, and Firefox ESR &lt; 91.8.(CVE-2022-28285)Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird &lt; 91.8, Firefox &lt; 99, and Firefox ESR &lt; 91.8.(CVE-2022-28286)In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox &lt; 99.(CVE-2022-28287)Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 91.8, Firefox &lt; 99, and Firefox ESR &lt; 91.8.(CVE-2022-28289)Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird &lt; 91.9, Firefox ESR &lt; 91.9, and Firefox &lt; 100.(CVE-2022-29909)An improper implementation of the new iframe sandbox keyword &lt;code&gt;allow-top-navigation-by-user-activation&lt;/code&gt; could lead to script execution without &lt;code&gt;allow-scripts&lt;/code&gt; being present. This vulnerability affects Thunderbird &lt; 91.9, Firefox ESR &lt; 91.9, and Firefox &lt; 100.(CVE-2022-29911)Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird &lt; 91.9, Firefox ESR &lt; 91.9, and Firefox &lt; 100.(CVE-2022-29912)When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird &lt; 91.9, Firefox ESR &lt; 91.9, and Firefox &lt; 100.(CVE-2022-29914)The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox &lt; 100.(CVE-2022-29915)Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird &lt; 91.9, Firefox ESR &lt; 91.9, and Firefox &lt; 100.(CVE-2022-29916)Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 100.(CVE-2022-29918)A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird &lt; 91.10, Firefox &lt; 101, and Firefox ESR &lt; 91.10.(CVE-2022-31736)A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 91.10, Firefox &lt; 101, and Firefox ESR &lt; 91.10.(CVE-2022-31737)When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird &lt; 91.10, Firefox &lt; 101, and Firefox ESR &lt; 91.10.(CVE-2022-31738)On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 91.10, Firefox &lt; 101, and Firefox ESR &lt; 91.10.(CVE-2022-31740)A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird &lt; 91.10, Firefox &lt; 101, and Firefox ESR &lt; 91.10.(CVE-2022-31741)An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird &lt; 91.10, Firefox &lt; 101, and Firefox ESR &lt; 91.10.(CVE-2022-31742)Firefox&#39;s HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox &lt; 101.(CVE-2022-31743)An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page&#39;s Content Security Policy. This vulnerability affects Firefox ESR &lt; 91.11, Thunderbird &lt; 102, Thunderbird &lt; 91.11, and Firefox &lt; 101.(CVE-2022-31744)If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox &lt; 101.(CVE-2022-31745)Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 101.(CVE-2022-31748)An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR &lt; 102.3, Thunderbird &lt; 102.3, and Firefox &lt; 105.(CVE-2022-3266)An iframe that was not permitted to run scripts could do so if the user clicked on a &lt;code&gt;javascript:&lt;/code&gt; link. This vulnerability affects Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102, and Thunderbird &lt; 91.11.(CVE-2022-34468)When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. &lt;br&gt;*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 102.(CVE-2022-34469)Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102, and Thunderbird &lt; 91.11.(CVE-2022-34470)When downloading an update for an addon, the downloaded addon update&#39;s version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox &lt; 102.(CVE-2022-34471)If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102, and Thunderbird &lt; 91.11.(CVE-2022-34472)The HTML Sanitizer should have sanitized the &lt;code&gt;href&lt;/code&gt; attribute of SVG &lt;code&gt;&lt;use&gt;&lt;/code&gt; tags; however it incorrectly did not sanitize &lt;code&gt;xlink:href&lt;/code&gt; attributes. This vulnerability affects Firefox &lt; 102.(CVE-2022-34473)Even when an iframe was sandboxed with &lt;code&gt;allow-top-navigation-by-user-activation&lt;/code&gt;, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox &lt; 102.(CVE-2022-34474)SVG &lt;code&gt;&lt;use&gt;&lt;/code&gt; tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox &lt; 102.(CVE-2022-34475)ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox &lt; 102.(CVE-2022-34476)The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox &lt; 102.(CVE-2022-34477)A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. &lt;br&gt;*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102, and Thunderbird &lt; 91.11.(CVE-2022-34479)Within the &lt;code&gt;lg_init()&lt;/code&gt; function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox &lt; 102.(CVE-2022-34480)In the &lt;code&gt;nsTArray_Impl::ReplaceElementsAt()&lt;/code&gt; function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102, and Thunderbird &lt; 91.11.(CVE-2022-34481)An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox &lt; 102.(CVE-2022-34482)An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox &lt; 102.(CVE-2022-34483)The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102, and Thunderbird &lt; 91.11.(CVE-2022-34484)Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 102.(CVE-2022-34485)When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR &lt; 102.1, Firefox ESR &lt; 91.12, Firefox &lt; 103, Thunderbird &lt; 102.1, and Thunderbird &lt; 91.12.(CVE-2022-36318)When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR &lt; 102.1, Firefox ESR &lt; 91.12, Firefox &lt; 103, Thunderbird &lt; 102.1, and Thunderbird &lt; 91.12.(CVE-2022-36319)An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird &lt; 102.2, Thunderbird &lt; 91.13, Firefox ESR &lt; 91.13, Firefox ESR &lt; 102.2, and Firefox &lt; 104.(CVE-2022-38472)A cross-origin iframe referencing an XSLT document would inherit the parent domain&#39;s permissions (such as microphone or camera access). This vulnerability affects Thunderbird &lt; 102.2, Thunderbird &lt; 91.13, Firefox ESR &lt; 91.13, Firefox ESR &lt; 102.2, and Firefox &lt; 104.(CVE-2022-38473)Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 102.2, Thunderbird &lt; 102.2, and Firefox &lt; 104.(CVE-2022-38477)Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 102.2, Thunderbird &lt; 91.13, Firefox ESR &lt; 91.13, Firefox ESR &lt; 102.2, and Firefox &lt; 104.(CVE-2022-38478)When injecting an HTML base element, some requests would ignore the CSP&#39;s base-uri settings and accept the injected element&#39;s base instead. This vulnerability affects Firefox ESR &lt; 102.3, Thunderbird &lt; 102.3, and Firefox &lt; 105.(CVE-2022-40956)Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.&lt;br&gt;*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR &lt; 102.3, Thunderbird &lt; 102.3, and Firefox &lt; 105.(CVE-2022-40957)By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR &lt; 102.3, Thunderbird &lt; 102.3, and Firefox &lt; 105.(CVE-2022-40958)During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR &lt; 102.3, Thunderbird &lt; 102.3, and Firefox &lt; 105.(CVE-2022-40959)Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR &lt; 102.3, Thunderbird &lt; 102.3, and Firefox &lt; 105.(CVE-2022-40960)Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 102.3, Thunderbird &lt; 102.3, and Firefox &lt; 105.(CVE-2022-40962)Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox &lt; 106, Firefox ESR &lt; 102.4, and Thunderbird &lt; 102.4.(CVE-2022-42928)Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 107.(CVE-2022-45408)The garbage collector could have been aborted in several states and zones and &lt;code&gt;GCRuntime::finishCollection&lt;/code&gt; may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 107.(CVE-2022-45409)When a ServiceWorker intercepted a request with &lt;code&gt;FetchEvent&lt;/code&gt;, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 107.(CVE-2022-45410)Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on &lt;code&gt;fetch()&lt;/code&gt; and XMLHttpRequest; however some webservers have implemented non-standard headers such as &lt;code&gt;X-Http-Method-Override&lt;/code&gt; that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 107.(CVE-2022-45411)When resolving a symlink such as &lt;code&gt;file:///proc/self/fd/1&lt;/code&gt;, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. &lt;br&gt;*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 107.(CVE-2022-45412)Keyboard events reference strings like &#34;KeyA&#34; that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 107.(CVE-2022-45416)If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 107.(CVE-2022-45418)Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 107.(CVE-2022-45420)Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 107.(CVE-2022-45421)An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox &lt; 108.(CVE-2022-46871)A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.&lt;br/&gt;*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox &lt; 108, Thunderbird &lt; 102.6.1, Thunderbird &lt; 102.6, and Firefox ESR &lt; 102.6.(CVE-2022-46874)The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user&#39;s computer. &lt;br&gt;*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 108, Firefox ESR &lt; 102.6, and Thunderbird &lt; 102.6.(CVE-2022-46875)Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 108, Firefox ESR &lt; 102.6, and Thunderbird &lt; 102.6.(CVE-2022-46878)A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox &lt; 107, Firefox ESR &lt; 102.6, and Thunderbird &lt; 102.6.(CVE-2022-46882)An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox &lt; 110, Thunderbird &lt; 102.8, and Firefox ESR &lt; 102.8.(CVE-2023-0767)Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 102.10 and Firefox ESR &lt; 102.10.(CVE-2023-1945)Due to the Firefox GTK wrapper code&#39;s use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to &lt;code&gt;DataTransfer.setData&lt;/code&gt;. This vulnerability affects Firefox &lt; 109, Thunderbird &lt; 102.7, and Firefox ESR &lt; 102.7.(CVE-2023-23598)When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox &lt; 109, Thunderbird &lt; 102.7, and Firefox ESR &lt; 102.7.(CVE-2023-23599)Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox &lt; 109, Thunderbird &lt; 102.7, and Firefox ESR &lt; 102.7.(CVE-2023-23601)A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox &lt; 109, Thunderbird &lt; 102.7, and Firefox ESR &lt; 102.7.(CVE-2023-23602)Regular expressions used to filter out forbidden properties and values from style directives in calls to &lt;code&gt;console.log&lt;/code&gt; weren&#39;t accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox &lt; 109, Thunderbird &lt; 102.7, and Firefox ESR &lt; 102.7.(CVE-2023-23603)The &lt;code&gt;Content-Security-Policy-Report-Only&lt;/code&gt; header could allow an attacker to leak a child iframe&#39;s unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox &lt; 110, Thunderbird &lt; 102.8, and Firefox ESR &lt; 102.8.(CVE-2023-25728)Permission prompts for opening external schemes were only shown for &lt;code&gt;ContentPrincipals&lt;/code&gt; resulting in extensions being able to open them without user interaction via &lt;code&gt;ExpandedPrincipals&lt;/code&gt;. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox &lt; 110, Thunderbird &lt; 102.8, and Firefox ESR &lt; 102.8.(CVE-2023-25729)A background script invoking &lt;code&gt;requestFullscreen&lt;/code&gt; and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox &lt; 110, Thunderbird &lt; 102.8, and Firefox ESR &lt; 102.8.(CVE-2023-25730)When encoding data from an &lt;code&gt;inputStream&lt;/code&gt; in &lt;code&gt;xpcom&lt;/code&gt; the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox &lt; 110, Thunderbird &lt; 102.8, and Firefox ESR &lt; 102.8.(CVE-2023-25732)Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox &lt; 110, Thunderbird &lt; 102.8, and Firefox ESR &lt; 102.8.(CVE-2023-25735)An invalid downcast from &lt;code&gt;nsTextNode&lt;/code&gt; to &lt;code&gt;SVGElement&lt;/code&gt; could have lead to undefined behavior. This vulnerability affects Firefox &lt; 110, Thunderbird &lt; 102.8, and Firefox ESR &lt; 102.8.(CVE-2023-25737)Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in &lt;code&gt;ScriptLoadContext&lt;/code&gt;. This vulnerability affects Firefox &lt; 110, Thunderbird &lt; 102.8, and Firefox ESR &lt; 102.8.(CVE-2023-25739)When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox &lt; 110, Thunderbird &lt; 102.8, and Firefox ESR &lt; 102.8.(CVE-2023-25742)Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox &lt; 111, Firefox ESR &lt; 102.9, and Thunderbird &lt; 102.9.(CVE-2023-25751)When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox &lt; 111, Firefox ESR &lt; 102.9, and Thunderbird &lt; 102.9.(CVE-2023-25752)While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox &lt; 111, Firefox ESR &lt; 102.9, and Thunderbird &lt; 102.9.(CVE-2023-28162)Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox &lt; 111, Firefox ESR &lt; 102.9, and Thunderbird &lt; 102.9.(CVE-2023-28164)Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 111, Firefox ESR &lt; 102.9, and Thunderbird &lt; 102.9.(CVE-2023-28176)A website could have obscured the fullscreen notification by using a combination of &lt;code&gt;window.open&lt;/code&gt;, fullscreen requests, &lt;code&gt;window.name&lt;/code&gt; assignments, and &lt;code&gt;setInterval&lt;/code&gt; calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox &lt; 112, Focus for Android &lt; 112, Firefox ESR &lt; 102.10, Firefox for Android &lt; 112, and Thunderbird &lt; 102.10.(CVE-2023-29533)Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox &lt; 112, Focus for Android &lt; 112, Firefox ESR &lt; 102.10, Firefox for Android &lt; 112, and Thunderbird &lt; 102.10.(CVE-2023-29535)An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox &lt; 112, Focus for Android &lt; 112, Firefox ESR &lt; 102.10, Firefox for Android &lt; 112, and Thunderbird &lt; 102.10.(CVE-2023-29536)When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox &lt; 112, Focus for Android &lt; 112, Firefox ESR &lt; 102.10, Firefox for Android &lt; 112, and Thunderbird &lt; 102.10.(CVE-2023-29539)Firefox did not properly handle downloads of files ending in &lt;code&gt;.desktop&lt;/code&gt;, which can be interpreted to run attacker-controlled commands. &lt;br&gt;*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox &lt; 112, Focus for Android &lt; 112, Firefox ESR &lt; 102.10, Firefox for Android &lt; 112, and Thunderbird &lt; 102.10.(CVE-2023-29541)A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox &lt; 112, Focus for Android &lt; 112, Firefox ESR &lt; 102.10, Firefox for Android &lt; 112, and Thunderbird &lt; 102.10.(CVE-2023-29548)Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 112, Focus for Android &lt; 112, Firefox ESR &lt; 102.10, Firefox for Android &lt; 112, and Thunderbird &lt; 102.10.(CVE-2023-29550)In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox &lt; 113, Firefox ESR &lt; 102.11, and Thunderbird &lt; 102.11.(CVE-2023-32205)An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox &lt; 113, Firefox ESR &lt; 102.11, and Thunderbird &lt; 102.11.(CVE-2023-32206)A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox &lt; 113, Firefox ESR &lt; 102.11, and Thunderbird &lt; 102.11.(CVE-2023-32207)A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox &lt; 113, Firefox ESR &lt; 102.11, and Thunderbird &lt; 102.11.(CVE-2023-32211)An attacker could have positioned a &lt;code&gt;datalist&lt;/code&gt; element to obscure the address bar. This vulnerability affects Firefox &lt; 113, Firefox ESR &lt; 102.11, and Thunderbird &lt; 102.11.(CVE-2023-32212)When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox &lt; 113, Firefox ESR &lt; 102.11, and Thunderbird &lt; 102.11.(CVE-2023-32213)Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 113, Firefox ESR &lt; 102.11, and Thunderbird &lt; 102.11.(CVE-2023-32215)An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox &lt; 115, Firefox ESR &lt; 102.13, and Thunderbird &lt; 102.13.(CVE-2023-37201)Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox &lt; 115, Firefox ESR &lt; 102.13, and Thunderbird &lt; 102.13.(CVE-2023-37202)A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox &lt; 115, Firefox ESR &lt; 102.13, and Thunderbird &lt; 102.13.(CVE-2023-37207)When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox &lt; 115, Firefox ESR &lt; 102.13, and Thunderbird &lt; 102.13.(CVE-2023-37208)Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 115, Firefox ESR &lt; 102.13, and Thunderbird &lt; 102.13.(CVE-2023-37211)Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, and Firefox ESR &lt; 115.1.(CVE-2023-4045)In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, and Firefox ESR &lt; 115.1.(CVE-2023-4046)A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, and Firefox ESR &lt; 115.1.(CVE-2023-4047)An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, and Firefox ESR &lt; 115.1.(CVE-2023-4048)Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, and Firefox ESR &lt; 115.1.(CVE-2023-4049)In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, and Firefox ESR &lt; 115.1.(CVE-2023-4050)When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, Firefox ESR &lt; 115.1, Thunderbird &lt; 102.14, and Thunderbird &lt; 115.1.(CVE-2023-4054)When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, and Firefox ESR &lt; 115.1.(CVE-2023-4055)Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, and Firefox ESR &lt; 115.1.(CVE-2023-4056)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="firefox-debuginfo" release="1.ule3" version="102.14.0">
+                         <filename>firefox-debuginfo-102.14.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox" release="1.ule3" version="102.14.0">
+                         <filename>firefox-102.14.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debugsource" release="1.ule3" version="102.14.0">
+                         <filename>firefox-debugsource-102.14.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox" release="1.ule3" version="102.14.0">
+                         <filename>firefox-102.14.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debugsource" release="1.ule3" version="102.14.0">
+                         <filename>firefox-debugsource-102.14.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debuginfo" release="1.ule3" version="102.14.0">
+                         <filename>firefox-debuginfo-102.14.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1675</id>
+          <title>An update for giflib is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39742" id="CVE-2023-39742" title="CVE-2023-39742" type="cve"></reference>
+          </references>
+          <description>giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.(CVE-2023-39742)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="giflib-devel" release="5.ule3" version="5.2.1">
+                         <filename>giflib-devel-5.2.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="giflib" release="5.ule3" version="5.2.1">
+                         <filename>giflib-5.2.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="giflib-utils" release="5.ule3" version="5.2.1">
+                         <filename>giflib-utils-5.2.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="giflib-help" release="5.ule3" version="5.2.1">
+                         <filename>giflib-help-5.2.1-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="giflib-devel" release="5.ule3" version="5.2.1">
+                         <filename>giflib-devel-5.2.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="giflib-utils" release="5.ule3" version="5.2.1">
+                         <filename>giflib-utils-5.2.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="giflib" release="5.ule3" version="5.2.1">
+                         <filename>giflib-5.2.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1676</id>
+          <title>An update for pmix is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-41915" id="CVE-2023-41915" title="CVE-2023-41915" type="cve"></reference>
+          </references>
+          <description>OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.(CVE-2023-41915)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="pmix-debuginfo" release="2.ule3" version="4.2.6">
+                         <filename>pmix-debuginfo-4.2.6-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pmix-debugsource" release="2.ule3" version="4.2.6">
+                         <filename>pmix-debugsource-4.2.6-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pmix-tools" release="2.ule3" version="4.2.6">
+                         <filename>pmix-tools-4.2.6-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pmix" release="2.ule3" version="4.2.6">
+                         <filename>pmix-4.2.6-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pmix-devel" release="2.ule3" version="4.2.6">
+                         <filename>pmix-devel-4.2.6-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pmix-devel" release="2.ule3" version="4.2.6">
+                         <filename>pmix-devel-4.2.6-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pmix-debuginfo" release="2.ule3" version="4.2.6">
+                         <filename>pmix-debuginfo-4.2.6-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pmix" release="2.ule3" version="4.2.6">
+                         <filename>pmix-4.2.6-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pmix-tools" release="2.ule3" version="4.2.6">
+                         <filename>pmix-tools-4.2.6-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pmix-debugsource" release="2.ule3" version="4.2.6">
+                         <filename>pmix-debugsource-4.2.6-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1677</id>
+          <title>An update for python3 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40217" id="CVE-2023-40217" title="CVE-2023-40217" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as &#34;not connected&#34; and won&#39;t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)(CVE-2023-40217)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3" release="26.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debuginfo" release="26.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debug" release="26.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unversioned-command" release="26.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-devel" release="26.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-debugsource" release="26.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-help" release="26.ule3" version="3.9.9">
+                         <filename>python3-help-3.9.9-26.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debuginfo" release="26.ule3" version="3.9.9">
+                         <filename>python3-debuginfo-3.9.9-26.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unversioned-command" release="26.ule3" version="3.9.9">
+                         <filename>python3-unversioned-command-3.9.9-26.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debug" release="26.ule3" version="3.9.9">
+                         <filename>python3-debug-3.9.9-26.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3" release="26.ule3" version="3.9.9">
+                         <filename>python3-3.9.9-26.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-debugsource" release="26.ule3" version="3.9.9">
+                         <filename>python3-debugsource-3.9.9-26.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-devel" release="26.ule3" version="3.9.9">
+                         <filename>python3-devel-3.9.9-26.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1680</id>
+          <title>An update for mosquitto is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28366" id="CVE-2023-28366" title="CVE-2023-28366" type="cve"></reference>
+          </references>
+          <description>The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.(CVE-2023-28366)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mosquitto-debuginfo" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debuginfo-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto-devel" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-devel-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto-debugsource" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debugsource-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-debuginfo" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debuginfo-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-devel" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-devel-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-debugsource" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debugsource-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1681</id>
+          <title>An update for libwebp is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4863" id="CVE-2023-4863" title="CVE-2023-4863" type="cve"></reference>
+          </references>
+          <description>Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)(CVE-2023-4863)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libwebp" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-1.2.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwebp-tools" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-tools-1.2.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwebp-devel" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-devel-1.2.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwebp-java" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-java-1.2.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwebp-debuginfo" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-debuginfo-1.2.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwebp-debugsource" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-debugsource-1.2.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libwebp-help" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-help-1.2.1-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp-tools" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-tools-1.2.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-1.2.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp-devel" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-devel-1.2.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp-debuginfo" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-debuginfo-1.2.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp-java" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-java-1.2.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwebp-debugsource" release="4.ule3" version="1.2.1">
+                         <filename>libwebp-debugsource-1.2.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1682</id>
+          <title>An update for grpc is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4785" id="CVE-2023-4785" title="CVE-2023-4785" type="cve"></reference>
+          </references>
+          <description>Lack of error handling in the TCP server in Google&#39;s gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. (CVE-2023-4785)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="grpc-debuginfo" release="5.ule3" version="1.41.1">
+                         <filename>grpc-debuginfo-1.41.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="grpc-debugsource" release="5.ule3" version="1.41.1">
+                         <filename>grpc-debugsource-1.41.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-grpcio" release="5.ule3" version="1.41.1">
+                         <filename>python3-grpcio-1.41.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="grpc" release="5.ule3" version="1.41.1">
+                         <filename>grpc-1.41.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="grpc-devel" release="5.ule3" version="1.41.1">
+                         <filename>grpc-devel-1.41.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="grpc-plugins" release="5.ule3" version="1.41.1">
+                         <filename>grpc-plugins-1.41.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grpc-debuginfo" release="5.ule3" version="1.41.1">
+                         <filename>grpc-debuginfo-1.41.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grpc-plugins" release="5.ule3" version="1.41.1">
+                         <filename>grpc-plugins-1.41.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grpc-debugsource" release="5.ule3" version="1.41.1">
+                         <filename>grpc-debugsource-1.41.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-grpcio" release="5.ule3" version="1.41.1">
+                         <filename>python3-grpcio-1.41.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grpc" release="5.ule3" version="1.41.1">
+                         <filename>grpc-1.41.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grpc-devel" release="5.ule3" version="1.41.1">
+                         <filename>grpc-devel-1.41.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1684</id>
+          <title>An update for firefox is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1999" id="CVE-2023-1999" title="CVE-2023-1999" type="cve"></reference>
+          </references>
+          <description>There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. (CVE-2023-1999)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="firefox" release="1.ule3" version="102.14.0">
+                         <filename>firefox-102.14.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debugsource" release="1.ule3" version="102.14.0">
+                         <filename>firefox-debugsource-102.14.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debuginfo" release="1.ule3" version="102.14.0">
+                         <filename>firefox-debuginfo-102.14.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox" release="1.ule3" version="102.14.0">
+                         <filename>firefox-102.14.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debuginfo" release="1.ule3" version="102.14.0">
+                         <filename>firefox-debuginfo-102.14.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debugsource" release="1.ule3" version="102.14.0">
+                         <filename>firefox-debugsource-102.14.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1686</id>
+          <title>An update for iSulad is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33635" id="CVE-2021-33635" title="CVE-2021-33635" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33636" id="CVE-2021-33636" title="CVE-2021-33636" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33637" id="CVE-2021-33637" title="CVE-2021-33637" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33638" id="CVE-2021-33638" title="CVE-2021-33638" type="cve"></reference>
+          </references>
+          <description>When malicious images are pulled by isula pull, attackers can execute arbitrary code.(CVE-2021-33635)When the isula load command is used to load malicious images, attackers can execute arbitrary code.(CVE-2021-33636)When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.(CVE-2021-33637)When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.(CVE-2021-33638)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="iSulad" release="13.ule3" version="2.0.18">
+                         <filename>iSulad-2.0.18-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="iSulad-debuginfo" release="13.ule3" version="2.0.18">
+                         <filename>iSulad-debuginfo-2.0.18-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="iSulad-debugsource" release="13.ule3" version="2.0.18">
+                         <filename>iSulad-debugsource-2.0.18-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iSulad" release="13.ule3" version="2.0.18">
+                         <filename>iSulad-2.0.18-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iSulad-debuginfo" release="13.ule3" version="2.0.18">
+                         <filename>iSulad-debuginfo-2.0.18-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iSulad-debugsource" release="13.ule3" version="2.0.18">
+                         <filename>iSulad-debugsource-2.0.18-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1687</id>
+          <title>An update for shadow is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4641" id="CVE-2023-4641" title="CVE-2023-4641" type="cve"></reference>
+          </references>
+          <description>When gpasswd(1) asks for the new password, it asks twice (as is usual for confirming the new password).  Each of those 2 password prompts uses agetpass() to get the password.  If the second agetpass() fails, the first password, which has been copied into the &#39;static&#39; buffer &#39;pass&#39; via STRFCPY(), wasn&#39;t being zeroed.(CVE-2023-4641)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="shadow-debugsource" release="11.ule3" version="4.9">
+                         <filename>shadow-debugsource-4.9-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="shadow-subid-devel" release="11.ule3" version="4.9">
+                         <filename>shadow-subid-devel-4.9-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="shadow-debuginfo" release="11.ule3" version="4.9">
+                         <filename>shadow-debuginfo-4.9-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="shadow" release="11.ule3" version="4.9">
+                         <filename>shadow-4.9-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="shadow-help" release="11.ule3" version="4.9">
+                         <filename>shadow-help-4.9-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow" release="11.ule3" version="4.9">
+                         <filename>shadow-4.9-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow-debuginfo" release="11.ule3" version="4.9">
+                         <filename>shadow-debuginfo-4.9-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow-subid-devel" release="11.ule3" version="4.9">
+                         <filename>shadow-subid-devel-4.9-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow-debugsource" release="11.ule3" version="4.9">
+                         <filename>shadow-debugsource-4.9-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1688</id>
+          <title>An update for glibc is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4806" id="CVE-2023-4806" title="CVE-2023-4806" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4813" id="CVE-2023-4813" title="CVE-2023-4813" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5156" id="CVE-2023-5156" title="CVE-2023-5156" type="cve"></reference>
+          </references>
+          <description>A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.(CVE-2023-4806)A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.(CVE-2023-4813)A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.(CVE-2023-5156)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="glibc-compat-2.17" release="136.ule3" version="2.34">
+                         <filename>glibc-compat-2.17-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nss_modules" release="136.ule3" version="2.34">
+                         <filename>nss_modules-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-common" release="136.ule3" version="2.34">
+                         <filename>glibc-common-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-debugsource" release="136.ule3" version="2.34">
+                         <filename>glibc-debugsource-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-nss-devel" release="136.ule3" version="2.34">
+                         <filename>glibc-nss-devel-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nscd" release="136.ule3" version="2.34">
+                         <filename>nscd-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-locale-archive" release="136.ule3" version="2.34">
+                         <filename>glibc-locale-archive-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="glibc-all-langpacks" release="136.ule3" version="2.34">
+                         <filename>glibc-all-langpacks-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-debugutils" release="136.ule3" version="2.34">
+                         <filename>glibc-debugutils-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-devel" release="136.ule3" version="2.34">
+                         <filename>glibc-devel-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc" release="136.ule3" version="2.34">
+                         <filename>glibc-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-locale-source" release="136.ule3" version="2.34">
+                         <filename>glibc-locale-source-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-debuginfo" release="136.ule3" version="2.34">
+                         <filename>glibc-debuginfo-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libnsl" release="136.ule3" version="2.34">
+                         <filename>libnsl-2.34-136.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="glibc-help" release="136.ule3" version="2.34">
+                         <filename>glibc-help-2.34-136.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nss_modules" release="136.ule3" version="2.34">
+                         <filename>nss_modules-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-debuginfo" release="136.ule3" version="2.34">
+                         <filename>glibc-debuginfo-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-common" release="136.ule3" version="2.34">
+                         <filename>glibc-common-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-compat-2.17" release="136.ule3" version="2.34">
+                         <filename>glibc-compat-2.17-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-locale-source" release="136.ule3" version="2.34">
+                         <filename>glibc-locale-source-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-debugutils" release="136.ule3" version="2.34">
+                         <filename>glibc-debugutils-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-debugsource" release="136.ule3" version="2.34">
+                         <filename>glibc-debugsource-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc" release="136.ule3" version="2.34">
+                         <filename>glibc-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nscd" release="136.ule3" version="2.34">
+                         <filename>nscd-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-devel" release="136.ule3" version="2.34">
+                         <filename>glibc-devel-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-all-langpacks" release="136.ule3" version="2.34">
+                         <filename>glibc-all-langpacks-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-locale-archive" release="136.ule3" version="2.34">
+                         <filename>glibc-locale-archive-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-nss-devel" release="136.ule3" version="2.34">
+                         <filename>glibc-nss-devel-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libnsl" release="136.ule3" version="2.34">
+                         <filename>libnsl-2.34-136.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1689</id>
+          <title>An update for bind is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3341" id="CVE-2023-3341" title="CVE-2023-3341" type="cve"></reference>
+          </references>
+          <description>The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel&#39;s configured TCP port is necessary.This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.(CVE-2023-3341)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="32" arch="aarch64" name="bind-debugsource" release="20.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-utils" release="20.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-debuginfo" release="20.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-utils" release="20.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind" release="20.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-devel" release="20.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-devel" release="20.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-dnssec-utils" release="20.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-chroot" release="20.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-libs" release="20.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11" release="20.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-libs" release="20.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="bind-dnssec-doc" release="20.ule3" version="9.16.23">
+                         <filename>bind-dnssec-doc-9.16.23-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="bind-license" release="20.ule3" version="9.16.23">
+                         <filename>bind-license-9.16.23-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="python3-bind" release="20.ule3" version="9.16.23">
+                         <filename>python3-bind-9.16.23-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-utils" release="20.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-libs" release="20.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11" release="20.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-dnssec-utils" release="20.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-devel" release="20.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-devel" release="20.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-chroot" release="20.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind" release="20.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debugsource" release="20.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debuginfo" release="20.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-libs" release="20.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-utils" release="20.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1692</id>
+          <title>An update for lcr is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33634" id="CVE-2021-33634" title="CVE-2021-33634" type="cve"></reference>
+          </references>
+          <description>Isula uses the lxc runtime (default) to run malicious images, which can cause DOS.(CVE-2021-33634)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="lcr-debuginfo" release="7.ule3" version="2.0.9">
+                         <filename>lcr-debuginfo-2.0.9-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lcr-devel" release="7.ule3" version="2.0.9">
+                         <filename>lcr-devel-2.0.9-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lcr" release="7.ule3" version="2.0.9">
+                         <filename>lcr-2.0.9-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="lcr-debugsource" release="7.ule3" version="2.0.9">
+                         <filename>lcr-debugsource-2.0.9-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lcr-devel" release="7.ule3" version="2.0.9">
+                         <filename>lcr-devel-2.0.9-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lcr-debuginfo" release="7.ule3" version="2.0.9">
+                         <filename>lcr-debuginfo-2.0.9-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lcr-debugsource" release="7.ule3" version="2.0.9">
+                         <filename>lcr-debugsource-2.0.9-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="lcr" release="7.ule3" version="2.0.9">
+                         <filename>lcr-2.0.9-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1697</id>
+          <title>An update for python-gevent is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-41419" id="CVE-2023-41419" title="CVE-2023-41419" type="cve"></reference>
+          </references>
+          <description>An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.(CVE-2023-41419)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-gevent-debuginfo" release="2.ule3" version="20.6.1">
+                         <filename>python-gevent-debuginfo-20.6.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-gevent" release="2.ule3" version="20.6.1">
+                         <filename>python3-gevent-20.6.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-gevent-debugsource" release="2.ule3" version="20.6.1">
+                         <filename>python-gevent-debugsource-20.6.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-gevent-help" release="2.ule3" version="20.6.1">
+                         <filename>python-gevent-help-20.6.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-gevent-debuginfo" release="2.ule3" version="20.6.1">
+                         <filename>python-gevent-debuginfo-20.6.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-gevent" release="2.ule3" version="20.6.1">
+                         <filename>python3-gevent-20.6.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-gevent-debugsource" release="2.ule3" version="20.6.1">
+                         <filename>python-gevent-debugsource-20.6.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1700</id>
+          <title>An update for snappy-java is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-09-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43642" id="CVE-2023-43642" title="CVE-2023-43642" type="cve"></reference>
+          </references>
+          <description>snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.(CVE-2023-43642)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="snappy-java" release="3.ule3" version="1.1.2.4">
+                         <filename>snappy-java-1.1.2.4-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="snappy-java-javadoc" release="3.ule3" version="1.1.2.4">
+                         <filename>snappy-java-javadoc-1.1.2.4-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="snappy-java" release="3.ule3" version="1.1.2.4">
+                         <filename>snappy-java-1.1.2.4-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1706</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5371" id="CVE-2023-5371" title="CVE-2023-5371" type="cve"></reference>
+          </references>
+          <description>RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file(CVE-2023-5371)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="4.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="4.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="4.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="4.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="4.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="4.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="4.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="4.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="4.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="4.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1707</id>
+          <title>An update for python-urllib3 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43804" id="CVE-2023-43804" title="CVE-2023-43804" type="cve"></reference>
+          </references>
+          <description>urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn&#39;t treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn&#39;t disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.(CVE-2023-43804)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-urllib3" release="7.ule3" version="1.26.7">
+                         <filename>python3-urllib3-1.26.7-7.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1708</id>
+          <title>An update for libX11 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43785" id="CVE-2023-43785" title="CVE-2023-43785" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43786" id="CVE-2023-43786" title="CVE-2023-43786" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43787" id="CVE-2023-43787" title="CVE-2023-43787" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.(CVE-2023-43785)A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.(CVE-2023-43786)A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.(CVE-2023-43787)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libX11" release="8.ule3" version="1.7.2">
+                         <filename>libX11-1.7.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libX11-debuginfo" release="8.ule3" version="1.7.2">
+                         <filename>libX11-debuginfo-1.7.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libX11-devel" release="8.ule3" version="1.7.2">
+                         <filename>libX11-devel-1.7.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libX11-debugsource" release="8.ule3" version="1.7.2">
+                         <filename>libX11-debugsource-1.7.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libX11-help" release="8.ule3" version="1.7.2">
+                         <filename>libX11-help-1.7.2-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11-debugsource" release="8.ule3" version="1.7.2">
+                         <filename>libX11-debugsource-1.7.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11" release="8.ule3" version="1.7.2">
+                         <filename>libX11-1.7.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11-devel" release="8.ule3" version="1.7.2">
+                         <filename>libX11-devel-1.7.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libX11-debuginfo" release="8.ule3" version="1.7.2">
+                         <filename>libX11-debuginfo-1.7.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1709</id>
+          <title>An update for gstreamer1-plugins-bad-free is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40474" id="CVE-2023-40474" title="CVE-2023-40474" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40475" id="CVE-2023-40475" title="CVE-2023-40475" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40476" id="CVE-2023-40476" title="CVE-2023-40476" type="cve"></reference>
+          </references>
+          <description>VUL-0: CVE-2023-40474: gstreamer-plugins-bad: GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability(CVE-2023-40474)VUL-0: CVE-2023-40475: gstreamer-plugins-bad: GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability(CVE-2023-40475)VUL-0: CVE-2023-40476: gstreamer-plugins-bad: GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability(CVE-2023-40476)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gstreamer1-plugins-bad-free" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-1.16.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-bad-free-devel" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-devel-1.16.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-bad-free-debuginfo" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-debuginfo-1.16.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-bad-free-debugsource" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-debugsource-1.16.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-bad-free" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-1.16.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-bad-free-debuginfo" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-debuginfo-1.16.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-bad-free-devel" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-devel-1.16.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-bad-free-debugsource" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-debugsource-1.16.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1710</id>
+          <title>An update for libXpm is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43788" id="CVE-2023-43788" title="CVE-2023-43788" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43789" id="CVE-2023-43789" title="CVE-2023-43789" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system.(CVE-2023-43788)A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.(CVE-2023-43789)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libXpm-devel" release="5.ule3" version="3.5.13">
+                         <filename>libXpm-devel-3.5.13-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libXpm-debuginfo" release="5.ule3" version="3.5.13">
+                         <filename>libXpm-debuginfo-3.5.13-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libXpm" release="5.ule3" version="3.5.13">
+                         <filename>libXpm-3.5.13-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libXpm-debugsource" release="5.ule3" version="3.5.13">
+                         <filename>libXpm-debugsource-3.5.13-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libXpm-help" release="5.ule3" version="3.5.13">
+                         <filename>libXpm-help-3.5.13-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libXpm" release="5.ule3" version="3.5.13">
+                         <filename>libXpm-3.5.13-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libXpm-debuginfo" release="5.ule3" version="3.5.13">
+                         <filename>libXpm-debuginfo-3.5.13-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libXpm-devel" release="5.ule3" version="3.5.13">
+                         <filename>libXpm-devel-3.5.13-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libXpm-debugsource" release="5.ule3" version="3.5.13">
+                         <filename>libXpm-debugsource-3.5.13-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1715</id>
+          <title>An update for firefox is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4573" id="CVE-2023-4573" title="CVE-2023-4573" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4574" id="CVE-2023-4574" title="CVE-2023-4574" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4575" id="CVE-2023-4575" title="CVE-2023-4575" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4581" id="CVE-2023-4581" title="CVE-2023-4581" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4584" id="CVE-2023-4584" title="CVE-2023-4584" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4863" id="CVE-2023-4863" title="CVE-2023-4863" type="cve"></reference>
+          </references>
+          <description>When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox &lt; 117, Firefox ESR &lt; 102.15, Firefox ESR &lt; 115.2, Thunderbird &lt; 102.15, and Thunderbird &lt; 115.2.(CVE-2023-4573)When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox &lt; 117, Firefox ESR &lt; 102.15, Firefox ESR &lt; 115.2, Thunderbird &lt; 102.15, and Thunderbird &lt; 115.2.(CVE-2023-4574)When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox &lt; 117, Firefox ESR &lt; 102.15, Firefox ESR &lt; 115.2, Thunderbird &lt; 102.15, and Thunderbird &lt; 115.2.(CVE-2023-4575)Excel `.xll` add-in files did not have a blocklist entry in Firefox&#39;s executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox &lt; 117, Firefox ESR &lt; 102.15, Firefox ESR &lt; 115.2, Thunderbird &lt; 102.15, and Thunderbird &lt; 115.2.(CVE-2023-4581)Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 117, Firefox ESR &lt; 102.15, Firefox ESR &lt; 115.2, Thunderbird &lt; 102.15, and Thunderbird &lt; 115.2.(CVE-2023-4584)Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)(CVE-2023-4863)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="firefox-debuginfo" release="2.ule3" version="102.15.0">
+                         <filename>firefox-debuginfo-102.15.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox" release="2.ule3" version="102.15.0">
+                         <filename>firefox-102.15.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debugsource" release="2.ule3" version="102.15.0">
+                         <filename>firefox-debugsource-102.15.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox" release="2.ule3" version="102.15.0">
+                         <filename>firefox-102.15.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debugsource" release="2.ule3" version="102.15.0">
+                         <filename>firefox-debugsource-102.15.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debuginfo" release="2.ule3" version="102.15.0">
+                         <filename>firefox-debuginfo-102.15.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1718</id>
+          <title>An update for mosquitto is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0809" id="CVE-2023-0809" title="CVE-2023-0809" type="cve"></reference>
+          </references>
+          <description>In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.(CVE-2023-0809)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mosquitto" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto-debuginfo" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debuginfo-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto-devel" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-devel-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto-debugsource" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debugsource-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-debugsource" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debugsource-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-debuginfo" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debuginfo-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-devel" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-devel-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1720</id>
+          <title>An update for grub2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4692" id="CVE-2023-4692" title="CVE-2023-4692" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4693" id="CVE-2023-4693" title="CVE-2023-4693" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds write flaw was found in grub2&#39;s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub&#39;s heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.(CVE-2023-4692)An out-of-bounds read flaw was found on grub2&#39;s NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.(CVE-2023-4693)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="grub2-efi-aa64" release="38.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-2.06-38.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-tools-extra" release="38.ule3" version="2.06">
+                         <filename>grub2-tools-extra-2.06-38.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-tools-minimal" release="38.ule3" version="2.06">
+                         <filename>grub2-tools-minimal-2.06-38.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-debugsource" release="38.ule3" version="2.06">
+                         <filename>grub2-debugsource-2.06-38.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-debuginfo" release="38.ule3" version="2.06">
+                         <filename>grub2-debuginfo-2.06-38.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-tools" release="38.ule3" version="2.06">
+                         <filename>grub2-tools-2.06-38.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-efi-aa64-cdboot" release="38.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-cdboot-2.06-38.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-x64-modules" release="38.ule3" version="2.06">
+                         <filename>grub2-efi-x64-modules-2.06-38.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-aa64-modules" release="38.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-modules-2.06-38.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-ia32-modules" release="38.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-modules-2.06-38.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-common" release="38.ule3" version="2.06">
+                         <filename>grub2-common-2.06-38.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-help" release="38.ule3" version="2.06">
+                         <filename>grub2-help-2.06-38.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-pc-modules" release="38.ule3" version="2.06">
+                         <filename>grub2-pc-modules-2.06-38.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-extra" release="38.ule3" version="2.06">
+                         <filename>grub2-tools-extra-2.06-38.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-x64-cdboot" release="38.ule3" version="2.06">
+                         <filename>grub2-efi-x64-cdboot-2.06-38.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-debugsource" release="38.ule3" version="2.06">
+                         <filename>grub2-debugsource-2.06-38.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-ia32-cdboot" release="38.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-cdboot-2.06-38.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-minimal" release="38.ule3" version="2.06">
+                         <filename>grub2-tools-minimal-2.06-38.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-debuginfo" release="38.ule3" version="2.06">
+                         <filename>grub2-debuginfo-2.06-38.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-x64" release="38.ule3" version="2.06">
+                         <filename>grub2-efi-x64-2.06-38.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-efi" release="38.ule3" version="2.06">
+                         <filename>grub2-tools-efi-2.06-38.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-ia32" release="38.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-2.06-38.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools" release="38.ule3" version="2.06">
+                         <filename>grub2-tools-2.06-38.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-pc" release="38.ule3" version="2.06">
+                         <filename>grub2-pc-2.06-38.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1721</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5344" id="CVE-2023-5344" title="CVE-2023-5344" type="cve"></reference>
+          </references>
+          <description>Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.(CVE-2023-5344)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="18.ule3" version="9.0">
+                         <filename>vim-X11-9.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="18.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="18.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="18.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="18.ule3" version="9.0">
+                         <filename>vim-common-9.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="18.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="18.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="18.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="18.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="18.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="18.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="18.ule3" version="9.0">
+                         <filename>vim-common-9.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="18.ule3" version="9.0">
+                         <filename>vim-X11-9.0-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1722</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43665" id="CVE-2023-43665" title="CVE-2023-43665" type="cve"></reference>
+          </references>
+          <description>An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs.(CVE-2023-43665)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-Django" release="8.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-django-help" release="8.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-8.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1725</id>
+          <title>An update for glibc is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4911" id="CVE-2023-4911" title="CVE-2023-4911" type="cve"></reference>
+          </references>
+          <description>A buffer overflow was discovered in the GNU C Library&#39;s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.(CVE-2023-4911)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="glibc-all-langpacks" release="137.ule3" version="2.34">
+                         <filename>glibc-all-langpacks-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-nss-devel" release="137.ule3" version="2.34">
+                         <filename>glibc-nss-devel-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-debugsource" release="137.ule3" version="2.34">
+                         <filename>glibc-debugsource-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-debugutils" release="137.ule3" version="2.34">
+                         <filename>glibc-debugutils-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nss_modules" release="137.ule3" version="2.34">
+                         <filename>nss_modules-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-locale-source" release="137.ule3" version="2.34">
+                         <filename>glibc-locale-source-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-debuginfo" release="137.ule3" version="2.34">
+                         <filename>glibc-debuginfo-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-devel" release="137.ule3" version="2.34">
+                         <filename>glibc-devel-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nscd" release="137.ule3" version="2.34">
+                         <filename>nscd-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-common" release="137.ule3" version="2.34">
+                         <filename>glibc-common-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-locale-archive" release="137.ule3" version="2.34">
+                         <filename>glibc-locale-archive-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc" release="137.ule3" version="2.34">
+                         <filename>glibc-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glibc-compat-2.17" release="137.ule3" version="2.34">
+                         <filename>glibc-compat-2.17-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libnsl" release="137.ule3" version="2.34">
+                         <filename>libnsl-2.34-137.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="glibc-help" release="137.ule3" version="2.34">
+                         <filename>glibc-help-2.34-137.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-devel" release="137.ule3" version="2.34">
+                         <filename>glibc-devel-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-debuginfo" release="137.ule3" version="2.34">
+                         <filename>glibc-debuginfo-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nss_modules" release="137.ule3" version="2.34">
+                         <filename>nss_modules-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nscd" release="137.ule3" version="2.34">
+                         <filename>nscd-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-nss-devel" release="137.ule3" version="2.34">
+                         <filename>glibc-nss-devel-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-locale-archive" release="137.ule3" version="2.34">
+                         <filename>glibc-locale-archive-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libnsl" release="137.ule3" version="2.34">
+                         <filename>libnsl-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-debugutils" release="137.ule3" version="2.34">
+                         <filename>glibc-debugutils-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-all-langpacks" release="137.ule3" version="2.34">
+                         <filename>glibc-all-langpacks-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc" release="137.ule3" version="2.34">
+                         <filename>glibc-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-compat-2.17" release="137.ule3" version="2.34">
+                         <filename>glibc-compat-2.17-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-common" release="137.ule3" version="2.34">
+                         <filename>glibc-common-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-locale-source" release="137.ule3" version="2.34">
+                         <filename>glibc-locale-source-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glibc-debugsource" release="137.ule3" version="2.34">
+                         <filename>glibc-debugsource-2.34-137.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1729</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-42753" id="CVE-2023-42753" title="CVE-2023-42753" type="cve"></reference>
+          </references>
+          <description>An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h-&gt;nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.(CVE-2023-42753)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.113.0.140.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.113.0.140.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.113.0.140.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1732</id>
+          <title>An update for openvswitch is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5366" id="CVE-2023-5366" title="CVE-2023-5366" type="cve"></reference>
+          </references>
+          <description>A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.(CVE-2023-5366)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openvswitch-debugsource" release="5.ule3" version="2.12.4">
+                         <filename>openvswitch-debugsource-2.12.4-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-help" release="5.ule3" version="2.12.4">
+                         <filename>openvswitch-help-2.12.4-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch" release="5.ule3" version="2.12.4">
+                         <filename>openvswitch-2.12.4-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-devel" release="5.ule3" version="2.12.4">
+                         <filename>openvswitch-devel-2.12.4-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-debuginfo" release="5.ule3" version="2.12.4">
+                         <filename>openvswitch-debuginfo-2.12.4-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debugsource" release="5.ule3" version="2.12.4">
+                         <filename>openvswitch-debugsource-2.12.4-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch" release="5.ule3" version="2.12.4">
+                         <filename>openvswitch-2.12.4-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debuginfo" release="5.ule3" version="2.12.4">
+                         <filename>openvswitch-debuginfo-2.12.4-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-help" release="5.ule3" version="2.12.4">
+                         <filename>openvswitch-help-2.12.4-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-devel" release="5.ule3" version="2.12.4">
+                         <filename>openvswitch-devel-2.12.4-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1733</id>
+          <title>An update for ImageMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5341" id="CVE-2023-5341" title="CVE-2023-5341" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in ImageMagick &lt;=7.1.1, where heap use-after-free was found in coders/bmp.c.References:https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1(CVE-2023-5341)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-help" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-c++-devel" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-devel" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debugsource" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-perl" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="ImageMagick-debuginfo" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-perl" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-perl-7.1.1.8-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debuginfo" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debuginfo-7.1.1.8-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-help" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-help-7.1.1.8-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-7.1.1.8-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-devel" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-devel-7.1.1.8-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-debugsource" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-debugsource-7.1.1.8-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++-devel" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-devel-7.1.1.8-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="ImageMagick-c++" release="5.ule3" version="7.1.1.8">
+                         <filename>ImageMagick-c++-7.1.1.8-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1735</id>
+          <title>An update for gcc is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4039" id="CVE-2023-4039" title="CVE-2023-4039" type="cve"></reference>
+          </references>
+          <description>A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables.The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity.(CVE-2023-4039)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gcc-gfortran" release="19.ule3" version="10.3.1">
+                         <filename>gcc-gfortran-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libquadmath" release="19.ule3" version="10.3.1">
+                         <filename>libquadmath-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libitm" release="19.ule3" version="10.3.1">
+                         <filename>libitm-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gcc" release="19.ule3" version="10.3.1">
+                         <filename>gcc-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfortran-static" release="19.ule3" version="10.3.1">
+                         <filename>libgfortran-static-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgomp" release="19.ule3" version="10.3.1">
+                         <filename>libgomp-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libquadmath-devel" release="19.ule3" version="10.3.1">
+                         <filename>libquadmath-devel-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libstdc++" release="19.ule3" version="10.3.1">
+                         <filename>libstdc++-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libobjc" release="19.ule3" version="10.3.1">
+                         <filename>libobjc-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libatomic" release="19.ule3" version="10.3.1">
+                         <filename>libatomic-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libubsan-static" release="19.ule3" version="10.3.1">
+                         <filename>libubsan-static-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libitm-devel" release="19.ule3" version="10.3.1">
+                         <filename>libitm-devel-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtsan-static" release="19.ule3" version="10.3.1">
+                         <filename>libtsan-static-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libstdc++-devel" release="19.ule3" version="10.3.1">
+                         <filename>libstdc++-devel-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gcc-gdb-plugin" release="19.ule3" version="10.3.1">
+                         <filename>gcc-gdb-plugin-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gcc-objc" release="19.ule3" version="10.3.1">
+                         <filename>gcc-objc-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gcc-plugin-devel" release="19.ule3" version="10.3.1">
+                         <filename>gcc-plugin-devel-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libitm-static" release="19.ule3" version="10.3.1">
+                         <filename>libitm-static-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfortran" release="19.ule3" version="10.3.1">
+                         <filename>libgfortran-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libubsan" release="19.ule3" version="10.3.1">
+                         <filename>libubsan-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libasan" release="19.ule3" version="10.3.1">
+                         <filename>libasan-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="liblsan-static" release="19.ule3" version="10.3.1">
+                         <filename>liblsan-static-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gcc-debugsource" release="19.ule3" version="10.3.1">
+                         <filename>gcc-debugsource-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="liblsan" release="19.ule3" version="10.3.1">
+                         <filename>liblsan-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtsan" release="19.ule3" version="10.3.1">
+                         <filename>libtsan-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libatomic-static" release="19.ule3" version="10.3.1">
+                         <filename>libatomic-static-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgcc" release="19.ule3" version="10.3.1">
+                         <filename>libgcc-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libquadmath-static" release="19.ule3" version="10.3.1">
+                         <filename>libquadmath-static-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gcc-objc++" release="19.ule3" version="10.3.1">
+                         <filename>gcc-objc++-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gcc-debuginfo" release="19.ule3" version="10.3.1">
+                         <filename>gcc-debuginfo-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libasan-static" release="19.ule3" version="10.3.1">
+                         <filename>libasan-static-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cpp" release="19.ule3" version="10.3.1">
+                         <filename>cpp-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gcc-c++" release="19.ule3" version="10.3.1">
+                         <filename>gcc-c++-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libstdc++-static" release="19.ule3" version="10.3.1">
+                         <filename>libstdc++-static-10.3.1-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libquadmath-static" release="19.ule3" version="10.3.1">
+                         <filename>libquadmath-static-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfortran" release="19.ule3" version="10.3.1">
+                         <filename>libgfortran-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libquadmath-devel" release="19.ule3" version="10.3.1">
+                         <filename>libquadmath-devel-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libstdc++-static" release="19.ule3" version="10.3.1">
+                         <filename>libstdc++-static-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libatomic" release="19.ule3" version="10.3.1">
+                         <filename>libatomic-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblsan-static" release="19.ule3" version="10.3.1">
+                         <filename>liblsan-static-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libubsan" release="19.ule3" version="10.3.1">
+                         <filename>libubsan-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgomp" release="19.ule3" version="10.3.1">
+                         <filename>libgomp-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gcc-objc" release="19.ule3" version="10.3.1">
+                         <filename>gcc-objc-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gcc-gfortran" release="19.ule3" version="10.3.1">
+                         <filename>gcc-gfortran-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gcc-plugin-devel" release="19.ule3" version="10.3.1">
+                         <filename>gcc-plugin-devel-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gcc-debuginfo" release="19.ule3" version="10.3.1">
+                         <filename>gcc-debuginfo-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gcc-gdb-plugin" release="19.ule3" version="10.3.1">
+                         <filename>gcc-gdb-plugin-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libobjc" release="19.ule3" version="10.3.1">
+                         <filename>libobjc-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libitm" release="19.ule3" version="10.3.1">
+                         <filename>libitm-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libubsan-static" release="19.ule3" version="10.3.1">
+                         <filename>libubsan-static-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gcc-c++" release="19.ule3" version="10.3.1">
+                         <filename>gcc-c++-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libitm-devel" release="19.ule3" version="10.3.1">
+                         <filename>libitm-devel-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libitm-static" release="19.ule3" version="10.3.1">
+                         <filename>libitm-static-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgcc" release="19.ule3" version="10.3.1">
+                         <filename>libgcc-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libstdc++" release="19.ule3" version="10.3.1">
+                         <filename>libstdc++-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libquadmath" release="19.ule3" version="10.3.1">
+                         <filename>libquadmath-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cpp" release="19.ule3" version="10.3.1">
+                         <filename>cpp-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtsan-static" release="19.ule3" version="10.3.1">
+                         <filename>libtsan-static-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfortran-static" release="19.ule3" version="10.3.1">
+                         <filename>libgfortran-static-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gcc-debugsource" release="19.ule3" version="10.3.1">
+                         <filename>gcc-debugsource-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libasan-static" release="19.ule3" version="10.3.1">
+                         <filename>libasan-static-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblsan" release="19.ule3" version="10.3.1">
+                         <filename>liblsan-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libstdc++-devel" release="19.ule3" version="10.3.1">
+                         <filename>libstdc++-devel-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libasan" release="19.ule3" version="10.3.1">
+                         <filename>libasan-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gcc" release="19.ule3" version="10.3.1">
+                         <filename>gcc-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gcc-objc++" release="19.ule3" version="10.3.1">
+                         <filename>gcc-objc++-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtsan" release="19.ule3" version="10.3.1">
+                         <filename>libtsan-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libatomic-static" release="19.ule3" version="10.3.1">
+                         <filename>libatomic-static-10.3.1-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1736</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3354" id="CVE-2023-3354" title="CVE-2023-3354" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.(CVE-2023-3354)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="10" arch="aarch64" name="qemu-block-ssh" release="77.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-rbd" release="77.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-hw-usb-host" release="77.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-aarch64" release="77.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-iscsi" release="77.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-debugsource" release="77.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-img" release="77.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-debuginfo" release="77.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-x86_64" release="77.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu" release="77.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-riscv" release="77.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-arm" release="77.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-guest-agent" release="77.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-curl" release="77.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-77.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="noarch" name="qemu-help" release="77.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-77.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-seabios" release="77.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-img" release="77.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-arm" release="77.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-hw-usb-host" release="77.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-x86_64" release="77.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debugsource" release="77.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-rbd" release="77.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-guest-agent" release="77.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-curl" release="77.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debuginfo" release="77.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-riscv" release="77.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-ssh" release="77.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu" release="77.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-iscsi" release="77.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-aarch64" release="77.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-77.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1739</id>
+          <title>An update for openjdk-11 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40433" id="CVE-2022-40433" title="CVE-2022-40433" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21835" id="CVE-2023-21835" title="CVE-2023-21835" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21843" id="CVE-2023-21843" title="CVE-2023-21843" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21930" id="CVE-2023-21930" title="CVE-2023-21930" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21937" id="CVE-2023-21937" title="CVE-2023-21937" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21938" id="CVE-2023-21938" title="CVE-2023-21938" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21939" id="CVE-2023-21939" title="CVE-2023-21939" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21954" id="CVE-2023-21954" title="CVE-2023-21954" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21967" id="CVE-2023-21967" title="CVE-2023-21967" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21968" id="CVE-2023-21968" title="CVE-2023-21968" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22006" id="CVE-2023-22006" title="CVE-2023-22006" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22036" id="CVE-2023-22036" title="CVE-2023-22036" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22041" id="CVE-2023-22041" title="CVE-2023-22041" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22045" id="CVE-2023-22045" title="CVE-2023-22045" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22049" id="CVE-2023-22049" title="CVE-2023-22049" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.(CVE-2022-40433)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-21835)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).  Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21843)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2023-21930)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21937)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21938)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21939)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-21954)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21967)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21968)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).(CVE-2023-22006)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility).  Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-22036)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-22041)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22045)Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-22049)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-demo-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-headless-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-slowdebug-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-jmods-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debugsource" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-debugsource-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-src-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-javadoc-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc-zip" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debuginfo" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-debuginfo-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-devel-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.20.8-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-devel-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc-zip" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-headless-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-slowdebug-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-demo-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debuginfo" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-debuginfo-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-javadoc-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debugsource" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-debugsource-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-src-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-jmods-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel-slowdebug" release="2.ule3" version="11.0.20.8">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.20.8-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1740</id>
+          <title>An update for libvpx is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-13"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-44488" id="CVE-2023-44488" title="CVE-2023-44488" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5217" id="CVE-2023-5217" title="CVE-2023-5217" type="cve"></reference>
+          </references>
+          <description>VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.(CVE-2023-44488)Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2023-5217)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libvpx" release="10.ule3" version="1.7.0">
+                         <filename>libvpx-1.7.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvpx-debugsource" release="10.ule3" version="1.7.0">
+                         <filename>libvpx-debugsource-1.7.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvpx-debuginfo" release="10.ule3" version="1.7.0">
+                         <filename>libvpx-debuginfo-1.7.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvpx-devel" release="10.ule3" version="1.7.0">
+                         <filename>libvpx-devel-1.7.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvpx-devel" release="10.ule3" version="1.7.0">
+                         <filename>libvpx-devel-1.7.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvpx" release="10.ule3" version="1.7.0">
+                         <filename>libvpx-1.7.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvpx-debuginfo" release="10.ule3" version="1.7.0">
+                         <filename>libvpx-debuginfo-1.7.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvpx-debugsource" release="10.ule3" version="1.7.0">
+                         <filename>libvpx-debugsource-1.7.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1741</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-42755" id="CVE-2023-42755" title="CVE-2023-42755" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.(CVE-2023-42755)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.114.0.141.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.114.0.141.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.114.0.141.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1742</id>
+          <title>An update for libxml2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45322" id="CVE-2023-45322" title="CVE-2023-45322" type="cve"></reference>
+          </references>
+          <description>** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor&#39;s position is &#34;I don&#39;t think these issues are critical enough to warrant a CVE ID ... because an attacker typically can&#39;t control when memory allocations fail.&#34;(CVE-2023-45322)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libxml2-debugsource" release="18.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2" release="18.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-libxml2" release="18.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-devel" release="18.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-debuginfo" release="18.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libxml2-help" release="18.ule3" version="2.9.12">
+                         <filename>libxml2-help-2.9.12-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-devel" release="18.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2" release="18.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debuginfo" release="18.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debugsource" release="18.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-libxml2" release="18.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1744</id>
+          <title>An update for libcue is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43641" id="CVE-2023-43641" title="CVE-2023-43641" type="cve"></reference>
+          </references>
+          <description>libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.(CVE-2023-43641)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libcue-debuginfo" release="2.ule3" version="2.2.1">
+                         <filename>libcue-debuginfo-2.2.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcue" release="2.ule3" version="2.2.1">
+                         <filename>libcue-2.2.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcue-debugsource" release="2.ule3" version="2.2.1">
+                         <filename>libcue-debugsource-2.2.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcue-devel" release="2.ule3" version="2.2.1">
+                         <filename>libcue-devel-2.2.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcue-debuginfo" release="2.ule3" version="2.2.1">
+                         <filename>libcue-debuginfo-2.2.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcue-debugsource" release="2.ule3" version="2.2.1">
+                         <filename>libcue-debugsource-2.2.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcue-devel" release="2.ule3" version="2.2.1">
+                         <filename>libcue-devel-2.2.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcue" release="2.ule3" version="2.2.1">
+                         <filename>libcue-2.2.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1748</id>
+          <title>An update for xerces-j2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-2799" id="CVE-2018-2799" title="CVE-2018-2799" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2018-2799)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="xerces-j2" release="1.ule3" version="2.12.2">
+                         <filename>xerces-j2-2.12.2-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xerces-j2-help" release="1.ule3" version="2.12.2">
+                         <filename>xerces-j2-help-2.12.2-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1749</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5441" id="CVE-2023-5441" title="CVE-2023-5441" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5535" id="CVE-2023-5535" title="CVE-2023-5535" type="cve"></reference>
+          </references>
+          <description>NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.(CVE-2023-5441)Use After Free in GitHub repository vim/vim prior to v9.0.2010.(CVE-2023-5535)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="19.ule3" version="9.0">
+                         <filename>vim-common-9.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="19.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="19.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="19.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="19.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="19.ule3" version="9.0">
+                         <filename>vim-X11-9.0-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="19.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="19.ule3" version="9.0">
+                         <filename>vim-common-9.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="19.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="19.ule3" version="9.0">
+                         <filename>vim-X11-9.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="19.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="19.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="19.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1750</id>
+          <title>An update for mariadb is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5157" id="CVE-2023-5157" title="CVE-2023-5157" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.(CVE-2023-5157)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="mariadb-errmsg" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-errmsg-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-server-utils" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-utils-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-devel" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-devel-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-gssapi-server" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-gssapi-server-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-rocksdb-engine" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-rocksdb-engine-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-debugsource" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-debugsource-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-embedded-devel" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-embedded-devel-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-server-galera" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-galera-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-backup" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-backup-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-embedded" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-embedded-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-pam" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-pam-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-config" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-config-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-oqgraph-engine" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-oqgraph-engine-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-server" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-test" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-test-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-common" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-common-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-debuginfo" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-debuginfo-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-config" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-config-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-server-utils" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-utils-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-server" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-test" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-test-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-errmsg" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-errmsg-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-oqgraph-engine" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-oqgraph-engine-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-embedded" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-embedded-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-embedded-devel" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-embedded-devel-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-pam" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-pam-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-devel" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-devel-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-backup" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-backup-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-gssapi-server" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-gssapi-server-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-server-galera" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-galera-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-debuginfo" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-debuginfo-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-debugsource" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-debugsource-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-common" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-common-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1751</id>
+          <title>An update for zlib is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45853" id="CVE-2023-45853" title="CVE-2023-45853" type="cve"></reference>
+          </references>
+          <description>MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.(CVE-2023-45853)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="zlib" release="24.ule3" version="1.2.11">
+                         <filename>zlib-1.2.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="minizip" release="24.ule3" version="1.2.11">
+                         <filename>minizip-1.2.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib-debuginfo" release="24.ule3" version="1.2.11">
+                         <filename>zlib-debuginfo-1.2.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="minizip-devel" release="24.ule3" version="1.2.11">
+                         <filename>minizip-devel-1.2.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib-debugsource" release="24.ule3" version="1.2.11">
+                         <filename>zlib-debugsource-1.2.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zlib-devel" release="24.ule3" version="1.2.11">
+                         <filename>zlib-devel-1.2.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="zlib-help" release="24.ule3" version="1.2.11">
+                         <filename>zlib-help-1.2.11-24.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-devel" release="24.ule3" version="1.2.11">
+                         <filename>zlib-devel-1.2.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="minizip" release="24.ule3" version="1.2.11">
+                         <filename>minizip-1.2.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib" release="24.ule3" version="1.2.11">
+                         <filename>zlib-1.2.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-debugsource" release="24.ule3" version="1.2.11">
+                         <filename>zlib-debugsource-1.2.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="minizip-devel" release="24.ule3" version="1.2.11">
+                         <filename>minizip-devel-1.2.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zlib-debuginfo" release="24.ule3" version="1.2.11">
+                         <filename>zlib-debuginfo-1.2.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1752</id>
+          <title>An update for cups is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4504" id="CVE-2023-4504" title="CVE-2023-4504" type="cve"></reference>
+          </references>
+          <description>Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.(CVE-2023-4504)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="cups-debugsource" release="10.ule3" version="2.4.0">
+                         <filename>cups-debugsource-2.4.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups" release="10.ule3" version="2.4.0">
+                         <filename>cups-2.4.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-lpd" release="10.ule3" version="2.4.0">
+                         <filename>cups-lpd-2.4.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-client" release="10.ule3" version="2.4.0">
+                         <filename>cups-client-2.4.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-debuginfo" release="10.ule3" version="2.4.0">
+                         <filename>cups-debuginfo-2.4.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-ipptool" release="10.ule3" version="2.4.0">
+                         <filename>cups-ipptool-2.4.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-printerapp" release="10.ule3" version="2.4.0">
+                         <filename>cups-printerapp-2.4.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-libs" release="10.ule3" version="2.4.0">
+                         <filename>cups-libs-2.4.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="cups-devel" release="10.ule3" version="2.4.0">
+                         <filename>cups-devel-2.4.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="cups-help" release="10.ule3" version="2.4.0">
+                         <filename>cups-help-2.4.0-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="cups-filesystem" release="10.ule3" version="2.4.0">
+                         <filename>cups-filesystem-2.4.0-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-client" release="10.ule3" version="2.4.0">
+                         <filename>cups-client-2.4.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-debugsource" release="10.ule3" version="2.4.0">
+                         <filename>cups-debugsource-2.4.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-devel" release="10.ule3" version="2.4.0">
+                         <filename>cups-devel-2.4.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-libs" release="10.ule3" version="2.4.0">
+                         <filename>cups-libs-2.4.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-lpd" release="10.ule3" version="2.4.0">
+                         <filename>cups-lpd-2.4.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-printerapp" release="10.ule3" version="2.4.0">
+                         <filename>cups-printerapp-2.4.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-debuginfo" release="10.ule3" version="2.4.0">
+                         <filename>cups-debuginfo-2.4.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups-ipptool" release="10.ule3" version="2.4.0">
+                         <filename>cups-ipptool-2.4.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="cups" release="10.ule3" version="2.4.0">
+                         <filename>cups-2.4.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1755</id>
+          <title>An update for samba is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4091" id="CVE-2023-4091" title="CVE-2023-4091" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-42669" id="CVE-2023-42669" title="CVE-2023-42669" type="cve"></reference>
+          </references>
+          <description>A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module &#34;acl_xattr&#34; is configured with &#34;acl_xattr:ignore system acls = yes&#34;. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba&#39;s permissions.(CVE-2023-4091)A vulnerability was found in Samba&#39;s &#34;rpcecho&#34; development server, a non-Windows RPC server used to test Samba&#39;s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the &#34;rpcecho&#34; service operates with only one worker in the main RPC task, allowing calls to the &#34;rpcecho&#34; server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a &#34;sleep()&#34; call in the &#34;dcesrv_echo_TestSleep()&#34; function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the &#34;rpcecho&#34; server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as &#34;rpcecho&#34; runs in the main RPC task.(CVE-2023-42669)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="samba-debugsource" release="23.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ctdb" release="23.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-help" release="23.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient-devel" release="23.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsmbclient" release="23.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common-tools" release="23.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind" release="23.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-clients" release="23.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-modules" release="23.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba" release="23.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-test" release="23.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-libs" release="23.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-samba-dc" release="23.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient" release="23.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba" release="23.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-winbind-krb5-locator" release="23.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-test" release="23.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-common" release="23.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-krb5-printing" release="23.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-provision" release="23.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc-bind-dlz" release="23.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-client" release="23.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-devel" release="23.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-debuginfo" release="23.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="samba-dc" release="23.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwbclient-devel" release="23.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="samba-pidl" release="23.ule3" version="4.15.3">
+                         <filename>samba-pidl-4.15.3-23.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-client" release="23.ule3" version="4.15.3">
+                         <filename>samba-client-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba" release="23.ule3" version="4.15.3">
+                         <filename>samba-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-krb5-locator" release="23.ule3" version="4.15.3">
+                         <filename>samba-winbind-krb5-locator-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient" release="23.ule3" version="4.15.3">
+                         <filename>libsmbclient-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba" release="23.ule3" version="4.15.3">
+                         <filename>python3-samba-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind" release="23.ule3" version="4.15.3">
+                         <filename>samba-winbind-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-clients" release="23.ule3" version="4.15.3">
+                         <filename>samba-winbind-clients-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common" release="23.ule3" version="4.15.3">
+                         <filename>samba-common-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc" release="23.ule3" version="4.15.3">
+                         <filename>samba-dc-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient-devel" release="23.ule3" version="4.15.3">
+                         <filename>libwbclient-devel-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debugsource" release="23.ule3" version="4.15.3">
+                         <filename>samba-debugsource-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-krb5-printing" release="23.ule3" version="4.15.3">
+                         <filename>samba-krb5-printing-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-devel" release="23.ule3" version="4.15.3">
+                         <filename>samba-devel-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-debuginfo" release="23.ule3" version="4.15.3">
+                         <filename>samba-debuginfo-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-dc" release="23.ule3" version="4.15.3">
+                         <filename>python3-samba-dc-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-samba-test" release="23.ule3" version="4.15.3">
+                         <filename>python3-samba-test-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmbclient-devel" release="23.ule3" version="4.15.3">
+                         <filename>libsmbclient-devel-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-help" release="23.ule3" version="4.15.3">
+                         <filename>samba-help-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-vfs-glusterfs" release="23.ule3" version="4.15.3">
+                         <filename>samba-vfs-glusterfs-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-libs" release="23.ule3" version="4.15.3">
+                         <filename>samba-libs-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-test" release="23.ule3" version="4.15.3">
+                         <filename>samba-test-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ctdb" release="23.ule3" version="4.15.3">
+                         <filename>ctdb-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-winbind-modules" release="23.ule3" version="4.15.3">
+                         <filename>samba-winbind-modules-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwbclient" release="23.ule3" version="4.15.3">
+                         <filename>libwbclient-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-bind-dlz" release="23.ule3" version="4.15.3">
+                         <filename>samba-dc-bind-dlz-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-common-tools" release="23.ule3" version="4.15.3">
+                         <filename>samba-common-tools-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="samba-dc-provision" release="23.ule3" version="4.15.3">
+                         <filename>samba-dc-provision-4.15.3-23.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1758</id>
+          <title>An update for avahi is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38470" id="CVE-2023-38470" title="CVE-2023-38470" type="cve"></reference>
+          </references>
+          <description>A reachable assertion was found in avahi_escape_label.References:https://github.com/lathiat/avahi/issues/454(CVE-2023-38470)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="avahi-compat-libdns_sd" release="16.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-dnsconfd" release="16.ule3" version="0.8">
+                         <filename>avahi-dnsconfd-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-glib-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-glib-devel-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-gobject" release="16.ule3" version="0.8">
+                         <filename>avahi-gobject-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-autoipd" release="16.ule3" version="0.8">
+                         <filename>avahi-autoipd-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-libs" release="16.ule3" version="0.8">
+                         <filename>avahi-libs-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-ui-devel-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui" release="16.ule3" version="0.8">
+                         <filename>avahi-ui-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-debugsource" release="16.ule3" version="0.8">
+                         <filename>avahi-debugsource-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-howl" release="16.ule3" version="0.8">
+                         <filename>avahi-compat-howl-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi" release="16.ule3" version="0.8">
+                         <filename>avahi-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-gobject-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-gobject-devel-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-debuginfo" release="16.ule3" version="0.8">
+                         <filename>avahi-debuginfo-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-glib" release="16.ule3" version="0.8">
+                         <filename>avahi-glib-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-tools" release="16.ule3" version="0.8">
+                         <filename>avahi-tools-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-howl-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-compat-howl-devel-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-devel-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui-gtk3" release="16.ule3" version="0.8">
+                         <filename>avahi-ui-gtk3-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-libdns_sd-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-devel-0.8-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="avahi-help" release="16.ule3" version="0.8">
+                         <filename>avahi-help-0.8-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui" release="16.ule3" version="0.8">
+                         <filename>avahi-ui-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-autoipd" release="16.ule3" version="0.8">
+                         <filename>avahi-autoipd-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-gobject-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-gobject-devel-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-libdns_sd" release="16.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-howl-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-compat-howl-devel-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-devel-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-libs" release="16.ule3" version="0.8">
+                         <filename>avahi-libs-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-glib" release="16.ule3" version="0.8">
+                         <filename>avahi-glib-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui-gtk3" release="16.ule3" version="0.8">
+                         <filename>avahi-ui-gtk3-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-debugsource" release="16.ule3" version="0.8">
+                         <filename>avahi-debugsource-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-glib-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-glib-devel-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-debuginfo" release="16.ule3" version="0.8">
+                         <filename>avahi-debuginfo-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-tools" release="16.ule3" version="0.8">
+                         <filename>avahi-tools-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-libdns_sd-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-devel-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui-devel" release="16.ule3" version="0.8">
+                         <filename>avahi-ui-devel-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi" release="16.ule3" version="0.8">
+                         <filename>avahi-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-howl" release="16.ule3" version="0.8">
+                         <filename>avahi-compat-howl-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-dnsconfd" release="16.ule3" version="0.8">
+                         <filename>avahi-dnsconfd-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-gobject" release="16.ule3" version="0.8">
+                         <filename>avahi-gobject-0.8-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1761</id>
+          <title>An update for ceph is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-20"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43040" id="CVE-2023-43040" title="CVE-2023-43040" type="cve"></reference>
+          </references>
+          <description>A flaw was found in rgw. This flaw allows an unprivileged user to write to any bucket(s) accessible by a given key if a POST&#39;s form-data contains a key called &#39;bucket&#39; with a value matching the bucket&#39;s name used to sign the request. This issue results in a user being able to upload to any bucket accessible by the specified access key as long as the bucket in the POST policy matches the bucket in the said POST form part.(CVE-2023-43040)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="libradosstriper-devel" release="18.ule3" version="16.2.7">
+                         <filename>libradosstriper-devel-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-debuginfo" release="18.ule3" version="16.2.7">
+                         <filename>ceph-debuginfo-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libcephfs-devel" release="18.ule3" version="16.2.7">
+                         <filename>libcephfs-devel-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-immutable-object-cache" release="18.ule3" version="16.2.7">
+                         <filename>ceph-immutable-object-cache-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-mds" release="18.ule3" version="16.2.7">
+                         <filename>ceph-mds-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rbd-nbd" release="18.ule3" version="16.2.7">
+                         <filename>rbd-nbd-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-mon" release="18.ule3" version="16.2.7">
+                         <filename>ceph-mon-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-osd" release="18.ule3" version="16.2.7">
+                         <filename>ceph-osd-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-test" release="18.ule3" version="16.2.7">
+                         <filename>ceph-test-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rbd-fuse" release="18.ule3" version="16.2.7">
+                         <filename>rbd-fuse-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-ceph-argparse" release="18.ule3" version="16.2.7">
+                         <filename>python3-ceph-argparse-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-fuse" release="18.ule3" version="16.2.7">
+                         <filename>ceph-fuse-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librbd1" release="18.ule3" version="16.2.7">
+                         <filename>librbd1-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-mgr" release="18.ule3" version="16.2.7">
+                         <filename>ceph-mgr-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librbd-devel" release="18.ule3" version="16.2.7">
+                         <filename>librbd-devel-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libradosstriper1" release="18.ule3" version="16.2.7">
+                         <filename>libradosstriper1-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-selinux" release="18.ule3" version="16.2.7">
+                         <filename>ceph-selinux-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-rgw" release="18.ule3" version="16.2.7">
+                         <filename>python3-rgw-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-debugsource" release="18.ule3" version="16.2.7">
+                         <filename>ceph-debugsource-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-rados" release="18.ule3" version="16.2.7">
+                         <filename>python3-rados-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-common" release="18.ule3" version="16.2.7">
+                         <filename>ceph-common-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-rbd" release="18.ule3" version="16.2.7">
+                         <filename>python3-rbd-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="cephfs-mirror" release="18.ule3" version="16.2.7">
+                         <filename>cephfs-mirror-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libcephsqlite-devel" release="18.ule3" version="16.2.7">
+                         <filename>libcephsqlite-devel-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librgw-devel" release="18.ule3" version="16.2.7">
+                         <filename>librgw-devel-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librados-devel" release="18.ule3" version="16.2.7">
+                         <filename>librados-devel-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libcephsqlite" release="18.ule3" version="16.2.7">
+                         <filename>libcephsqlite-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-radosgw" release="18.ule3" version="16.2.7">
+                         <filename>ceph-radosgw-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libcephfs2" release="18.ule3" version="16.2.7">
+                         <filename>libcephfs2-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-base" release="18.ule3" version="16.2.7">
+                         <filename>ceph-base-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librgw2" release="18.ule3" version="16.2.7">
+                         <filename>librgw2-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-ceph-common" release="18.ule3" version="16.2.7">
+                         <filename>python3-ceph-common-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libradospp-devel" release="18.ule3" version="16.2.7">
+                         <filename>libradospp-devel-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rados-objclass-devel" release="18.ule3" version="16.2.7">
+                         <filename>rados-objclass-devel-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph-resource-agents" release="18.ule3" version="16.2.7">
+                         <filename>ceph-resource-agents-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="librados2" release="18.ule3" version="16.2.7">
+                         <filename>librados2-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="python3-cephfs" release="18.ule3" version="16.2.7">
+                         <filename>python3-cephfs-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="rbd-mirror" release="18.ule3" version="16.2.7">
+                         <filename>rbd-mirror-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="ceph" release="18.ule3" version="16.2.7">
+                         <filename>ceph-16.2.7-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-rados" release="18.ule3" version="16.2.7">
+                         <filename>python3-rados-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephfs2" release="18.ule3" version="16.2.7">
+                         <filename>libcephfs2-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-base" release="18.ule3" version="16.2.7">
+                         <filename>ceph-base-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-test" release="18.ule3" version="16.2.7">
+                         <filename>ceph-test-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librgw-devel" release="18.ule3" version="16.2.7">
+                         <filename>librgw-devel-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rados-objclass-devel" release="18.ule3" version="16.2.7">
+                         <filename>rados-objclass-devel-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephsqlite" release="18.ule3" version="16.2.7">
+                         <filename>libcephsqlite-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-cephfs" release="18.ule3" version="16.2.7">
+                         <filename>python3-cephfs-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-ceph-argparse" release="18.ule3" version="16.2.7">
+                         <filename>python3-ceph-argparse-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-debuginfo" release="18.ule3" version="16.2.7">
+                         <filename>ceph-debuginfo-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rbd-nbd" release="18.ule3" version="16.2.7">
+                         <filename>rbd-nbd-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libradospp-devel" release="18.ule3" version="16.2.7">
+                         <filename>libradospp-devel-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephsqlite-devel" release="18.ule3" version="16.2.7">
+                         <filename>libcephsqlite-devel-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-ceph-common" release="18.ule3" version="16.2.7">
+                         <filename>python3-ceph-common-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-rbd" release="18.ule3" version="16.2.7">
+                         <filename>python3-rbd-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librbd1" release="18.ule3" version="16.2.7">
+                         <filename>librbd1-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libcephfs-devel" release="18.ule3" version="16.2.7">
+                         <filename>libcephfs-devel-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librados-devel" release="18.ule3" version="16.2.7">
+                         <filename>librados-devel-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libradosstriper1" release="18.ule3" version="16.2.7">
+                         <filename>libradosstriper1-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-mgr" release="18.ule3" version="16.2.7">
+                         <filename>ceph-mgr-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-mds" release="18.ule3" version="16.2.7">
+                         <filename>ceph-mds-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librados2" release="18.ule3" version="16.2.7">
+                         <filename>librados2-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-resource-agents" release="18.ule3" version="16.2.7">
+                         <filename>ceph-resource-agents-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librgw2" release="18.ule3" version="16.2.7">
+                         <filename>librgw2-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-immutable-object-cache" release="18.ule3" version="16.2.7">
+                         <filename>ceph-immutable-object-cache-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-selinux" release="18.ule3" version="16.2.7">
+                         <filename>ceph-selinux-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rbd-fuse" release="18.ule3" version="16.2.7">
+                         <filename>rbd-fuse-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-radosgw" release="18.ule3" version="16.2.7">
+                         <filename>ceph-radosgw-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libradosstriper-devel" release="18.ule3" version="16.2.7">
+                         <filename>libradosstriper-devel-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="cephfs-mirror" release="18.ule3" version="16.2.7">
+                         <filename>cephfs-mirror-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="librbd-devel" release="18.ule3" version="16.2.7">
+                         <filename>librbd-devel-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-osd" release="18.ule3" version="16.2.7">
+                         <filename>ceph-osd-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-fuse" release="18.ule3" version="16.2.7">
+                         <filename>ceph-fuse-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="rbd-mirror" release="18.ule3" version="16.2.7">
+                         <filename>rbd-mirror-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph" release="18.ule3" version="16.2.7">
+                         <filename>ceph-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-debugsource" release="18.ule3" version="16.2.7">
+                         <filename>ceph-debugsource-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-mon" release="18.ule3" version="16.2.7">
+                         <filename>ceph-mon-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="python3-rgw" release="18.ule3" version="16.2.7">
+                         <filename>python3-rgw-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="ceph-common" release="18.ule3" version="16.2.7">
+                         <filename>ceph-common-16.2.7-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1762</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38545" id="CVE-2023-38545" title="CVE-2023-38545" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38546" id="CVE-2023-38546" title="CVE-2023-38546" type="cve"></reference>
+          </references>
+          <description>This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake.When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes.If the host name is detected to be longer, curl switches to local nameresolving and instead passes on the resolved address only. Due to this bug,the local variable that means &#34;let the host resolve the name&#34; could get thewrong value during a slow SOCKS5 handshake, and contrary to the intention,copy the too long host name to the target buffer instead of copying just theresolved address there.The target buffer being a heap based buffer, and the host name coming from theURL that curl has been told to operate with.(CVE-2023-38545)This flaw allows an attacker to insert cookies at will into a running programusing libcurl, if the specific series of conditions are met.libcurl performs transfers. In its API, an application creates &#34;easy handles&#34;that are the individual handles for single transfers.libcurl provides a function call that duplicates en easy handle called[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).If a transfer has cookies enabled when the handle is duplicated, thecookie-enable state is also cloned - but without cloning the actualcookies. If the source handle did not read any cookies from a specific file ondisk, the cloned version of the handle would instead store the file name as`none` (using the four ASCII letters, no quotes).Subsequent use of the cloned handle that does not explicitly set a source toload cookies from would then inadvertently load cookies from a file named`none` - if such a file exists and is readable in the current directory of theprogram using libcurl. And if using the correct file format of course.(CVE-2023-38546)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="curl" release="24.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="24.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="24.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="24.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="24.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="24.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-24.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="24.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="24.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="24.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="24.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="24.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-24.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1771</id>
+          <title>An update for nghttp2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-44487" id="CVE-2023-44487" title="CVE-2023-44487" type="cve"></reference>
+          </references>
+          <description>The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="nghttp2-debugsource" release="4.ule3" version="1.46.0">
+                         <filename>nghttp2-debugsource-1.46.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libnghttp2-devel" release="4.ule3" version="1.46.0">
+                         <filename>libnghttp2-devel-1.46.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libnghttp2" release="4.ule3" version="1.46.0">
+                         <filename>libnghttp2-1.46.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nghttp2" release="4.ule3" version="1.46.0">
+                         <filename>nghttp2-1.46.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nghttp2-debuginfo" release="4.ule3" version="1.46.0">
+                         <filename>nghttp2-debuginfo-1.46.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="nghttp2-help" release="4.ule3" version="1.46.0">
+                         <filename>nghttp2-help-1.46.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nghttp2-debuginfo" release="4.ule3" version="1.46.0">
+                         <filename>nghttp2-debuginfo-1.46.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libnghttp2" release="4.ule3" version="1.46.0">
+                         <filename>libnghttp2-1.46.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libnghttp2-devel" release="4.ule3" version="1.46.0">
+                         <filename>libnghttp2-devel-1.46.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nghttp2-debugsource" release="4.ule3" version="1.46.0">
+                         <filename>nghttp2-debugsource-1.46.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nghttp2" release="4.ule3" version="1.46.0">
+                         <filename>nghttp2-1.46.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1772</id>
+          <title>An update for mosquitto is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-10-28"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3592" id="CVE-2023-3592" title="CVE-2023-3592" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5632" id="CVE-2023-5632" title="CVE-2023-5632" type="cve"></reference>
+          </references>
+          <description>In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.(CVE-2023-3592)In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6(CVE-2023-5632)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mosquitto-debuginfo" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debuginfo-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto-devel" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-devel-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto-debugsource" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debugsource-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mosquitto" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-2.0.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-debugsource" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debugsource-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-devel" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-devel-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mosquitto-debuginfo" release="1.ule3" version="2.0.16">
+                         <filename>mosquitto-debuginfo-2.0.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1775</id>
+          <title>An update for firefox is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5217" id="CVE-2023-5217" title="CVE-2023-5217" type="cve"></reference>
+          </references>
+          <description>Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2023-5217)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="firefox-debugsource" release="3.ule3" version="102.15.0">
+                         <filename>firefox-debugsource-102.15.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox" release="3.ule3" version="102.15.0">
+                         <filename>firefox-102.15.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debuginfo" release="3.ule3" version="102.15.0">
+                         <filename>firefox-debuginfo-102.15.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debuginfo" release="3.ule3" version="102.15.0">
+                         <filename>firefox-debuginfo-102.15.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox" release="3.ule3" version="102.15.0">
+                         <filename>firefox-102.15.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debugsource" release="3.ule3" version="102.15.0">
+                         <filename>firefox-debugsource-102.15.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1776</id>
+          <title>An update for squid is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46846" id="CVE-2023-46846" title="CVE-2023-46846" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46847" id="CVE-2023-46847" title="CVE-2023-46847" type="cve"></reference>
+          </references>
+          <description>Description: Due to chunked decoder lenience Squid is vulnerable toRequest/Response smuggling attacks when parsing HTTP/1.1and ICAP messagesReference: https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqhAffected versions: 2.6-6.3. Patched in 6.4.(CVE-2023-46846)Description: Due to a buffer overflow bug Squid is vulnerable to a Denial ofService attack against HTTP Digest AuthenticationReference: https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4gAffected versions: 3.2.0.1-5.9, 6.0-6.3(CVE-2023-46847)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="7" arch="aarch64" name="squid-debugsource" release="18.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debuginfo" release="18.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid" release="18.ule3" version="4.9">
+                         <filename>squid-4.9-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debuginfo" release="18.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid" release="18.ule3" version="4.9">
+                         <filename>squid-4.9-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debugsource" release="18.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1777</id>
+          <title>An update for nginx is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-44487" id="CVE-2023-44487" title="CVE-2023-44487" type="cve"></reference>
+          </references>
+          <description>The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="nginx-mod-devel" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-devel-1.21.5-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-mod-http-image-filter" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-image-filter-1.21.5-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-mod-http-xslt-filter" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-xslt-filter-1.21.5-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-debuginfo" release="5.ule3" version="1.21.5">
+                         <filename>nginx-debuginfo-1.21.5-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-mod-http-perl" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-perl-1.21.5-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-mod-stream" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-stream-1.21.5-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-mod-mail" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-mail-1.21.5-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx-debugsource" release="5.ule3" version="1.21.5">
+                         <filename>nginx-debugsource-1.21.5-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nginx" release="5.ule3" version="1.21.5">
+                         <filename>nginx-1.21.5-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="nginx-help" release="5.ule3" version="1.21.5">
+                         <filename>nginx-help-1.21.5-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="nginx-filesystem" release="5.ule3" version="1.21.5">
+                         <filename>nginx-filesystem-1.21.5-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="nginx-all-modules" release="5.ule3" version="1.21.5">
+                         <filename>nginx-all-modules-1.21.5-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-debuginfo" release="5.ule3" version="1.21.5">
+                         <filename>nginx-debuginfo-1.21.5-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-debugsource" release="5.ule3" version="1.21.5">
+                         <filename>nginx-debugsource-1.21.5-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-mod-mail" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-mail-1.21.5-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-mod-stream" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-stream-1.21.5-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-mod-http-perl" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-perl-1.21.5-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-mod-http-xslt-filter" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-xslt-filter-1.21.5-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-mod-http-image-filter" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-http-image-filter-1.21.5-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx" release="5.ule3" version="1.21.5">
+                         <filename>nginx-1.21.5-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nginx-mod-devel" release="5.ule3" version="1.21.5">
+                         <filename>nginx-mod-devel-1.21.5-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1778</id>
+          <title>An update for activemq is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46604" id="CVE-2023-46604" title="CVE-2023-46604" type="cve"></reference>
+          </references>
+          <description>Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.(CVE-2023-46604)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="activemq-javadoc" release="1.ule3" version="5.15.16">
+                         <filename>activemq-javadoc-5.15.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="activemq" release="1.ule3" version="5.15.16">
+                         <filename>activemq-5.15.16-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1781</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-44033" id="CVE-2022-44033" title="CVE-2022-44033" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45919" id="CVE-2022-45919" title="CVE-2022-45919" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2593" id="CVE-2023-2593" title="CVE-2023-2593" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2898" id="CVE-2023-2898" title="CVE-2023-2898" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31083" id="CVE-2023-31083" title="CVE-2023-31083" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31085" id="CVE-2023-31085" title="CVE-2023-31085" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32246" id="CVE-2023-32246" title="CVE-2023-32246" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32254" id="CVE-2023-32254" title="CVE-2023-32254" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34324" id="CVE-2023-34324" title="CVE-2023-34324" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39189" id="CVE-2023-39189" title="CVE-2023-39189" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39192" id="CVE-2023-39192" title="CVE-2023-39192" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39193" id="CVE-2023-39193" title="CVE-2023-39193" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39194" id="CVE-2023-39194" title="CVE-2023-39194" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-42754" id="CVE-2023-42754" title="CVE-2023-42754" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45862" id="CVE-2023-45862" title="CVE-2023-45862" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45863" id="CVE-2023-45863" title="CVE-2023-45863" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45871" id="CVE-2023-45871" title="CVE-2023-45871" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5717" id="CVE-2023-5717" title="CVE-2023-5717" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().(CVE-2022-44033)An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.(CVE-2022-45919)VUL-0: CVE-2023-2593: kernel: Linux Kernel ksmbd Memory Exhaustion Denial-of-Service Vulnerability(CVE-2023-2593)There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.(CVE-2023-2898)An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu-&gt;proto is set. A NULL pointer dereference may occur.(CVE-2023-31083)An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd-&gt;erasesize), used indirectly by ctrl_cdev_ioctl, when mtd-&gt;erasesize is 0.(CVE-2023-31085)VUL-0: CVE-2023-32246: kernel: Linux Kernel ksmbd RCU Callback Race Condition Local Privilege Escalation Vulnerability(CVE-2023-32246)A flaw was found in the Linux kernel&#39;s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.(CVE-2023-32254)Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable.A (malicious) guest administrator could cause a denial of service (DoS) in a backend domain (other than dom0) by disabling a paravirtualized device. A malicious backend could cause DoS in a guest running a Linux kernel by disabling a paravirtualized device.(CVE-2023-34324)A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.(CVE-2023-39189)A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.(CVE-2023-39192)A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.(CVE-2023-39193)A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.(CVE-2023-39194)A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.(CVE-2023-42754)An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.(CVE-2023-45862)An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.(CVE-2023-45863)An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.(CVE-2023-45871)A heap out-of-bounds write vulnerability in the Linux kernel&#39;s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.If perf_read_group() is called while an event&#39;s sibling_list is smaller than its child&#39;s sibling_list, it can increment or write to memory locations outside of the allocated buffer.We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.(CVE-2023-5717)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-headers" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.115.0.142.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.115.0.142.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.115.0.142.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1784</id>
+          <title>An update for traceroute is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46316" id="CVE-2023-46316" title="CVE-2023-46316" type="cve"></reference>
+          </references>
+          <description>In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.(CVE-2023-46316)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="3" arch="aarch64" name="traceroute-debugsource" release="2.ule3" version="2.1.2">
+                         <filename>traceroute-debugsource-2.1.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="3" arch="aarch64" name="traceroute" release="2.ule3" version="2.1.2">
+                         <filename>traceroute-2.1.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="3" arch="aarch64" name="traceroute-debuginfo" release="2.ule3" version="2.1.2">
+                         <filename>traceroute-debuginfo-2.1.2-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="3" arch="noarch" name="traceroute-help" release="2.ule3" version="2.1.2">
+                         <filename>traceroute-help-2.1.2-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="3" arch="x86_64" name="traceroute-debuginfo" release="2.ule3" version="2.1.2">
+                         <filename>traceroute-debuginfo-2.1.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="3" arch="x86_64" name="traceroute-debugsource" release="2.ule3" version="2.1.2">
+                         <filename>traceroute-debugsource-2.1.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="3" arch="x86_64" name="traceroute" release="2.ule3" version="2.1.2">
+                         <filename>traceroute-2.1.2-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1785</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3255" id="CVE-2023-3255" title="CVE-2023-3255" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.(CVE-2023-3255)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="10" arch="aarch64" name="qemu-debuginfo" release="80.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-hw-usb-host" release="80.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-x86_64" release="80.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-aarch64" release="80.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-rbd" release="80.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-guest-agent" release="80.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-debugsource" release="80.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-curl" release="80.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-img" release="80.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-ssh" release="80.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu" release="80.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-iscsi" release="80.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-arm" release="80.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-riscv" release="80.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-80.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="noarch" name="qemu-help" release="80.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-80.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-x86_64" release="80.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-img" release="80.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu" release="80.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-ssh" release="80.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-aarch64" release="80.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-guest-agent" release="80.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-curl" release="80.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debugsource" release="80.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-arm" release="80.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-iscsi" release="80.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debuginfo" release="80.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-seabios" release="80.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-riscv" release="80.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-hw-usb-host" release="80.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-rbd" release="80.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-80.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1788</id>
+          <title>An update for tomcat is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45648" id="CVE-2023-45648" title="CVE-2023-45648" type="cve"></reference>
+          </references>
+          <description>Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.(CVE-2023-45648)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="tomcat-jsvc" release="30.ule3" version="9.0.10">
+                         <filename>tomcat-jsvc-9.0.10-30.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat" release="30.ule3" version="9.0.10">
+                         <filename>tomcat-9.0.10-30.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat-help" release="30.ule3" version="9.0.10">
+                         <filename>tomcat-help-9.0.10-30.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1789</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39318" id="CVE-2023-39318" title="CVE-2023-39318" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39319" id="CVE-2023-39319" title="CVE-2023-39319" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39323" id="CVE-2023-39323" title="CVE-2023-39323" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39325" id="CVE-2023-39325" title="CVE-2023-39325" type="cve"></reference>
+          </references>
+          <description>The html/template package does not properly handle HTML-like &#34;&#34; comment tokens, nor hashbang &#34;#!&#34; comment tokens, in &lt;script&gt; contexts. This may cause the template parser to improperly interpret the contents of &lt;script&gt; contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.(CVE-2023-39318)The html/template package does not apply the proper rules for handling occurrences of &#34;&lt;script&#34;, &#34;&lt;!--&#34;, and &#34;&lt;/script&#34; within JS literals in &lt;script&gt; contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.(CVE-2023-39319)Line directives (&#34;//line&#34;) can be used to bypass the restrictions on &#34;//go:cgo_&#34; directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running &#34;go build&#34;. The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.(CVE-2023-39323)A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="25.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="25.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-25.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="25.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-25.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="25.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-25.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1790</id>
+          <title>An update for httpd is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-31122" id="CVE-2023-31122" title="CVE-2023-31122" type="cve"></reference>
+          </references>
+          <description>Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.(CVE-2023-31122)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="mod_ssl" release="19.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_session" release="19.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd" release="19.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-devel" release="19.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-debugsource" release="19.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-tools" release="19.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_md" release="19.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mod_proxy_html" release="19.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_ldap" release="19.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-debuginfo" release="19.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-filesystem" release="19.ule3" version="2.4.51">
+                         <filename>httpd-filesystem-2.4.51-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-help" release="19.ule3" version="2.4.51">
+                         <filename>httpd-help-2.4.51-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-tools" release="19.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd" release="19.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_ldap" release="19.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_md" release="19.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-devel" release="19.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_proxy_html" release="19.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debugsource" release="19.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debuginfo" release="19.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_session" release="19.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_ssl" release="19.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1791</id>
+          <title>An update for qt5-qtbase is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-33285" id="CVE-2023-33285" title="CVE-2023-33285" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.(CVE-2023-33285)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qt5-qtbase-debugsource" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-gui" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-static" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debuginfo" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-odbc" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-private-devel" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-examples" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-postgresql" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-devel" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-mysql" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-11.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="qt5-qtbase-common" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-common-5.15.2-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-mysql" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-examples" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-postgresql" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-gui" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-static" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debugsource" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-private-devel" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-devel" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debuginfo" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-odbc" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-11.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase" release="11.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-11.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1792</id>
+          <title>An update for sqlite-jdbc is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32697" id="CVE-2023-32697" title="CVE-2023-32697" type="cve"></reference>
+          </references>
+          <description>SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.(CVE-2023-32697)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sqlite-jdbc" release="2.ule3" version="3.15.1">
+                         <filename>sqlite-jdbc-3.15.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sqlite-jdbc-javadoc" release="2.ule3" version="3.15.1">
+                         <filename>sqlite-jdbc-javadoc-3.15.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-jdbc" release="2.ule3" version="3.15.1">
+                         <filename>sqlite-jdbc-3.15.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1793</id>
+          <title>An update for avahi is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38471" id="CVE-2023-38471" title="CVE-2023-38471" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38472" id="CVE-2023-38472" title="CVE-2023-38472" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38473" id="CVE-2023-38473" title="CVE-2023-38473" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.(CVE-2023-38471)A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.(CVE-2023-38472)A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.(CVE-2023-38473)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="avahi-libs" release="17.ule3" version="0.8">
+                         <filename>avahi-libs-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-gobject-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-gobject-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-libdns_sd" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-glib" release="17.ule3" version="0.8">
+                         <filename>avahi-glib-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-debuginfo" release="17.ule3" version="0.8">
+                         <filename>avahi-debuginfo-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-debugsource" release="17.ule3" version="0.8">
+                         <filename>avahi-debugsource-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-libdns_sd-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-tools" release="17.ule3" version="0.8">
+                         <filename>avahi-tools-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-howl-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-howl-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-gobject" release="17.ule3" version="0.8">
+                         <filename>avahi-gobject-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-autoipd" release="17.ule3" version="0.8">
+                         <filename>avahi-autoipd-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-dnsconfd" release="17.ule3" version="0.8">
+                         <filename>avahi-dnsconfd-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-howl" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-howl-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui-gtk3" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-gtk3-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-glib-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-glib-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi" release="17.ule3" version="0.8">
+                         <filename>avahi-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="avahi-help" release="17.ule3" version="0.8">
+                         <filename>avahi-help-0.8-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-glib" release="17.ule3" version="0.8">
+                         <filename>avahi-glib-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-autoipd" release="17.ule3" version="0.8">
+                         <filename>avahi-autoipd-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui-gtk3" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-gtk3-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-glib-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-glib-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-howl-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-howl-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi" release="17.ule3" version="0.8">
+                         <filename>avahi-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-debuginfo" release="17.ule3" version="0.8">
+                         <filename>avahi-debuginfo-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-gobject-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-gobject-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-debugsource" release="17.ule3" version="0.8">
+                         <filename>avahi-debugsource-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-gobject" release="17.ule3" version="0.8">
+                         <filename>avahi-gobject-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-tools" release="17.ule3" version="0.8">
+                         <filename>avahi-tools-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-libs" release="17.ule3" version="0.8">
+                         <filename>avahi-libs-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-howl" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-howl-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-libdns_sd" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-dnsconfd" release="17.ule3" version="0.8">
+                         <filename>avahi-dnsconfd-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-libdns_sd-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1794</id>
+          <title>An update for squid is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46724" id="CVE-2023-46724" title="CVE-2023-46724" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46728" id="CVE-2023-46728" title="CVE-2023-46728" type="cve"></reference>
+          </references>
+          <description> Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid&#39;s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.(CVE-2023-46724)Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid&#39;s Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.(CVE-2023-46728)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="7" arch="aarch64" name="squid-debugsource" release="20.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid" release="20.ule3" version="4.9">
+                         <filename>squid-4.9-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debuginfo" release="20.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid" release="20.ule3" version="4.9">
+                         <filename>squid-4.9-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debugsource" release="20.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debuginfo" release="20.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1795</id>
+          <title>An update for xorg-x11-server is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5367" id="CVE-2023-5367" title="CVE-2023-5367" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5380" id="CVE-2023-5380" title="CVE-2023-5380" type="cve"></reference>
+          </references>
+          <description>A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.(CVE-2023-5367)A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.(CVE-2023-5380)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xorg-x11-server-Xvfb" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debugsource" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xdmx" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-devel" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xephyr" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-common" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xnest" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debuginfo" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-help" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-help-1.20.11-23.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-source" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-source-1.20.11-23.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-common" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debugsource" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xdmx" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-devel" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xnest" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debuginfo" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xvfb" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xephyr" release="23.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-23.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1796</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46246" id="CVE-2023-46246" title="CVE-2023-46246" type="cve"></reference>
+          </references>
+          <description>Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it&#39;s possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.(CVE-2023-46246)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="21.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="21.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="21.ule3" version="9.0">
+                         <filename>vim-common-9.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="21.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="21.ule3" version="9.0">
+                         <filename>vim-X11-9.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="21.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="21.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="21.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="21.ule3" version="9.0">
+                         <filename>vim-common-9.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="21.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="21.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="21.ule3" version="9.0">
+                         <filename>vim-X11-9.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="21.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-21.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1797</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37453" id="CVE-2023-37453" title="CVE-2023-37453" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46813" id="CVE-2023-46813" title="CVE-2023-46813" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46862" id="CVE-2023-46862" title="CVE-2023-46862" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5178" id="CVE-2023-5178" title="CVE-2023-5178" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.(CVE-2023-37453)An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.(CVE-2023-46813)An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.(CVE-2023-46862)A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges.(CVE-2023-5178)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-devel" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.116.0.143.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.116.0.143.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.116.0.143.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1800</id>
+          <title>An update for shim is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40546" id="CVE-2023-40546" title="CVE-2023-40546" type="cve"></reference>
+          </references>
+          <description>A vulnerability classified as critical has been found in rhboot shim up to 15.7 on ARM. This affects the function mirror_one_esl of the file mok.c of the component mok. Applying the patch 66e6579dbf921152f647a0c16da1d3b2f40861ca is able to eliminate this problem. The bugfix is ready for download at github.com.(CVE-2023-40546)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="shim" release="10.ule3" version="15.4">
+                         <filename>shim-15.4-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debugsource" release="10.ule3" version="15.4">
+                         <filename>shim-debugsource-15.4-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debuginfo" release="10.ule3" version="15.4">
+                         <filename>shim-debuginfo-15.4-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shim" release="10.ule3" version="15.4">
+                         <filename>shim-15.4-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1803</id>
+          <title>An update for httpd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45802" id="CVE-2023-45802" title="CVE-2023-45802" type="cve"></reference>
+          </references>
+          <description>When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request&#39;s memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During &#34;normal&#34; HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.Users are recommended to upgrade to version 2.4.58, which fixes the issue.(CVE-2023-45802)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="mod_proxy_html" release="20.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_ldap" release="20.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_md" release="20.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-tools" release="20.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_session" release="20.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-devel" release="20.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd" release="20.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-debugsource" release="20.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="httpd-debuginfo" release="20.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mod_ssl" release="20.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-help" release="20.ule3" version="2.4.51">
+                         <filename>httpd-help-2.4.51-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="httpd-filesystem" release="20.ule3" version="2.4.51">
+                         <filename>httpd-filesystem-2.4.51-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_proxy_html" release="20.ule3" version="2.4.51">
+                         <filename>mod_proxy_html-2.4.51-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_ldap" release="20.ule3" version="2.4.51">
+                         <filename>mod_ldap-2.4.51-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_session" release="20.ule3" version="2.4.51">
+                         <filename>mod_session-2.4.51-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-devel" release="20.ule3" version="2.4.51">
+                         <filename>httpd-devel-2.4.51-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_md" release="20.ule3" version="2.4.51">
+                         <filename>mod_md-2.4.51-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debugsource" release="20.ule3" version="2.4.51">
+                         <filename>httpd-debugsource-2.4.51-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mod_ssl" release="20.ule3" version="2.4.51">
+                         <filename>mod_ssl-2.4.51-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-tools" release="20.ule3" version="2.4.51">
+                         <filename>httpd-tools-2.4.51-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd-debuginfo" release="20.ule3" version="2.4.51">
+                         <filename>httpd-debuginfo-2.4.51-20.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="httpd" release="20.ule3" version="2.4.51">
+                         <filename>httpd-2.4.51-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1812</id>
+          <title>An update for avahi is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38469" id="CVE-2023-38469" title="CVE-2023-38469" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.(CVE-2023-38469)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="avahi-gobject" release="17.ule3" version="0.8">
+                         <filename>avahi-gobject-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-autoipd" release="17.ule3" version="0.8">
+                         <filename>avahi-autoipd-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-dnsconfd" release="17.ule3" version="0.8">
+                         <filename>avahi-dnsconfd-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-howl" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-howl-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui-gtk3" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-gtk3-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-glib-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-glib-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi" release="17.ule3" version="0.8">
+                         <filename>avahi-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-libs" release="17.ule3" version="0.8">
+                         <filename>avahi-libs-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-gobject-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-gobject-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-libdns_sd" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-glib" release="17.ule3" version="0.8">
+                         <filename>avahi-glib-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-debuginfo" release="17.ule3" version="0.8">
+                         <filename>avahi-debuginfo-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-ui" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-debugsource" release="17.ule3" version="0.8">
+                         <filename>avahi-debugsource-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-libdns_sd-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-tools" release="17.ule3" version="0.8">
+                         <filename>avahi-tools-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="avahi-compat-howl-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-howl-devel-0.8-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="avahi-help" release="17.ule3" version="0.8">
+                         <filename>avahi-help-0.8-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-gobject" release="17.ule3" version="0.8">
+                         <filename>avahi-gobject-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-tools" release="17.ule3" version="0.8">
+                         <filename>avahi-tools-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-libs" release="17.ule3" version="0.8">
+                         <filename>avahi-libs-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-howl" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-howl-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-libdns_sd" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-dnsconfd" release="17.ule3" version="0.8">
+                         <filename>avahi-dnsconfd-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-libdns_sd-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-libdns_sd-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-glib" release="17.ule3" version="0.8">
+                         <filename>avahi-glib-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-autoipd" release="17.ule3" version="0.8">
+                         <filename>avahi-autoipd-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-ui-gtk3" release="17.ule3" version="0.8">
+                         <filename>avahi-ui-gtk3-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-glib-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-glib-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-compat-howl-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-compat-howl-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi" release="17.ule3" version="0.8">
+                         <filename>avahi-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-debuginfo" release="17.ule3" version="0.8">
+                         <filename>avahi-debuginfo-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-gobject-devel" release="17.ule3" version="0.8">
+                         <filename>avahi-gobject-devel-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avahi-debugsource" release="17.ule3" version="0.8">
+                         <filename>avahi-debugsource-0.8-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1813</id>
+          <title>An update for openjdk-1.8.0 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22067" id="CVE-2023-22067" title="CVE-2023-22067" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22081" id="CVE-2023-22081" title="CVE-2023-22081" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA).  Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and  21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-22067)Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and  22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-22081)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debugsource" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debuginfo" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.392.b08-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc-zip" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-javadoc-zip-1.8.0.392.b08-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-javadoc-1.8.0.392.b08-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debuginfo" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debugsource" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src-slowdebug" release="3.ule3" version="1.8.0.392.b08">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.392.b08-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1814</id>
+          <title>An update for openjdk-latest is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-10"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22025" id="CVE-2023-22025" title="CVE-2023-22025" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22081" id="CVE-2023-22081" title="CVE-2023-22081" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and  22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-22025)Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and  22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-22081)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-javadoc-21.0.0.35-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-devel" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-devel-21.0.0.35-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-demo" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-demo-21.0.0.35-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-jmods" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-jmods-21.0.0.35-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-21.0.0.35-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-src" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-src-21.0.0.35-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-javadoc-zip" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-javadoc-zip-21.0.0.35-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-latest-openjdk-headless" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-headless-21.0.0.35-1.rolling.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-headless" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-headless-21.0.0.35-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-jmods" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-jmods-21.0.0.35-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc-zip" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-javadoc-zip-21.0.0.35-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-src" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-src-21.0.0.35-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-devel" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-devel-21.0.0.35-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-demo" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-demo-21.0.0.35-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-21.0.0.35-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-latest-openjdk-javadoc" release="1.rolling.ule3" version="21.0.0.35">
+                         <filename>java-latest-openjdk-javadoc-21.0.0.35-1.rolling.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1816</id>
+          <title>An update for zziplib is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-18770" id="CVE-2020-18770" title="CVE-2020-18770" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.(CVE-2020-18770)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="zziplib-debuginfo" release="5.ule3" version="0.13.71">
+                         <filename>zziplib-debuginfo-0.13.71-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zziplib-debugsource" release="5.ule3" version="0.13.71">
+                         <filename>zziplib-debugsource-0.13.71-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zziplib-devel" release="5.ule3" version="0.13.71">
+                         <filename>zziplib-devel-0.13.71-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zziplib" release="5.ule3" version="0.13.71">
+                         <filename>zziplib-0.13.71-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="zziplib-help" release="5.ule3" version="0.13.71">
+                         <filename>zziplib-help-0.13.71-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zziplib-debugsource" release="5.ule3" version="0.13.71">
+                         <filename>zziplib-debugsource-0.13.71-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zziplib-debuginfo" release="5.ule3" version="0.13.71">
+                         <filename>zziplib-debuginfo-0.13.71-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zziplib-devel" release="5.ule3" version="0.13.71">
+                         <filename>zziplib-devel-0.13.71-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zziplib" release="5.ule3" version="0.13.71">
+                         <filename>zziplib-0.13.71-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1818</id>
+          <title>An update for GraphicsMagick is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-21679" id="CVE-2020-21679" title="CVE-2020-21679" type="cve"></reference>
+          </references>
+          <description>Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.(CVE-2020-21679)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="GraphicsMagick-debuginfo" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-debuginfo-1.3.41-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick-devel" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-devel-1.3.41-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick-c++" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-c++-1.3.41-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-1.3.41-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick-perl" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-perl-1.3.41-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick-c++-devel" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-c++-devel-1.3.41-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="GraphicsMagick-debugsource" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-debugsource-1.3.41-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="GraphicsMagick-help" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-help-1.3.41-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-perl" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-perl-1.3.41-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-1.3.41-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-debugsource" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-debugsource-1.3.41-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-c++-devel" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-c++-devel-1.3.41-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-c++" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-c++-1.3.41-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-debuginfo" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-debuginfo-1.3.41-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="GraphicsMagick-devel" release="1.ule3" version="1.3.41">
+                         <filename>GraphicsMagick-devel-1.3.41-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1821</id>
+          <title>An update for openssl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5678" id="CVE-2023-5678" title="CVE-2023-5678" type="cve"></reference>
+          </references>
+          <description>Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays.  Likewise, applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn&#39;t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn&#39;t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions.  An application calling any of those otherfunctions may similarly be affected.  The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when using the&#34;-pubcheck&#34; option, as well as the OpenSSL genpkey command line application.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-5678)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="openssl-libs" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-perl" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debuginfo" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-devel" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debugsource" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="openssl-help" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-help-1.1.1m-24.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debugsource" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-devel" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-libs" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-perl" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debuginfo" release="24.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-24.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1826</id>
+          <title>An update for gdb is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39129" id="CVE-2023-39129" title="CVE-2023-39129" type="cve"></reference>
+          </references>
+          <description>GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.(CVE-2023-39129)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gdb" release="6.ule3" version="11.1">
+                         <filename>gdb-11.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb-headless" release="6.ule3" version="11.1">
+                         <filename>gdb-headless-11.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb-debuginfo" release="6.ule3" version="11.1">
+                         <filename>gdb-debuginfo-11.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb-debugsource" release="6.ule3" version="11.1">
+                         <filename>gdb-debugsource-11.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb-gdbserver" release="6.ule3" version="11.1">
+                         <filename>gdb-gdbserver-11.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gdb-help" release="6.ule3" version="11.1">
+                         <filename>gdb-help-11.1-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-gdbserver" release="6.ule3" version="11.1">
+                         <filename>gdb-gdbserver-11.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-debugsource" release="6.ule3" version="11.1">
+                         <filename>gdb-debugsource-11.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb" release="6.ule3" version="11.1">
+                         <filename>gdb-11.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-headless" release="6.ule3" version="11.1">
+                         <filename>gdb-headless-11.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-debuginfo" release="6.ule3" version="11.1">
+                         <filename>gdb-debuginfo-11.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1830</id>
+          <title>An update for mariadb is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-0778" id="CVE-2022-0778" title="CVE-2022-0778" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32085" id="CVE-2022-32085" title="CVE-2022-32085" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32087" id="CVE-2022-32087" title="CVE-2022-32087" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32091" id="CVE-2022-32091" title="CVE-2022-32091" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47015" id="CVE-2022-47015" title="CVE-2022-47015" type="cve"></reference>
+          </references>
+          <description>The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778)MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.(CVE-2022-32085)MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.(CVE-2022-32087)MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.(CVE-2022-32091)MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.(CVE-2022-47015)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="mariadb-server" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-rocksdb-engine" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-rocksdb-engine-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-config" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-config-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-embedded" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-embedded-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-errmsg" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-errmsg-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-backup" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-backup-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-devel" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-devel-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-server-utils" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-utils-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-debugsource" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-debugsource-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-gssapi-server" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-gssapi-server-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-debuginfo" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-debuginfo-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-oqgraph-engine" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-oqgraph-engine-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-server-galera" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-galera-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-embedded-devel" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-embedded-devel-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-test" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-test-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-pam" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-pam-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="mariadb-common" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-common-10.5.22-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-config" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-config-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-embedded-devel" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-embedded-devel-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-server-utils" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-utils-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-server-galera" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-galera-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-common" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-common-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-debugsource" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-debugsource-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-test" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-test-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-server" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-server-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-embedded" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-embedded-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-backup" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-backup-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-pam" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-pam-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-debuginfo" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-debuginfo-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-gssapi-server" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-gssapi-server-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-errmsg" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-errmsg-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-oqgraph-engine" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-oqgraph-engine-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="mariadb-devel" release="1.ule3" version="10.5.22">
+                         <filename>mariadb-devel-10.5.22-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1831</id>
+          <title>An update for open-vm-tools is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34058" id="CVE-2023-34058" title="CVE-2023-34058" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34059" id="CVE-2023-34059" title="CVE-2023-34059" type="cve"></reference>
+          </references>
+          <description>VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted  Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged  Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .(CVE-2023-34058)open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.(CVE-2023-34059)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="open-vm-tools" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-12.0.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-debugsource" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-debugsource-12.0.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-sdmp" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-sdmp-12.0.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-debuginfo" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-debuginfo-12.0.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-devel" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-devel-12.0.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-test" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-test-12.0.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="open-vm-tools-desktop" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-desktop-12.0.5-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-salt-minion" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-salt-minion-12.0.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-12.0.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-sdmp" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-sdmp-12.0.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-devel" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-devel-12.0.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-debugsource" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-debugsource-12.0.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-debuginfo" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-debuginfo-12.0.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-desktop" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-desktop-12.0.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="open-vm-tools-test" release="4.ule3" version="12.0.5">
+                         <filename>open-vm-tools-test-12.0.5-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1836</id>
+          <title>An update for mysql is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21509" id="CVE-2022-21509" title="CVE-2022-21509" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21515" id="CVE-2022-21515" title="CVE-2022-21515" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21517" id="CVE-2022-21517" title="CVE-2022-21517" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21522" id="CVE-2022-21522" title="CVE-2022-21522" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21525" id="CVE-2022-21525" title="CVE-2022-21525" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21526" id="CVE-2022-21526" title="CVE-2022-21526" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21527" id="CVE-2022-21527" title="CVE-2022-21527" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21528" id="CVE-2022-21528" title="CVE-2022-21528" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21529" id="CVE-2022-21529" title="CVE-2022-21529" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21530" id="CVE-2022-21530" title="CVE-2022-21530" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21531" id="CVE-2022-21531" title="CVE-2022-21531" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21534" id="CVE-2022-21534" title="CVE-2022-21534" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21537" id="CVE-2022-21537" title="CVE-2022-21537" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21538" id="CVE-2022-21538" title="CVE-2022-21538" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21539" id="CVE-2022-21539" title="CVE-2022-21539" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21547" id="CVE-2022-21547" title="CVE-2022-21547" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21553" id="CVE-2022-21553" title="CVE-2022-21553" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21569" id="CVE-2022-21569" title="CVE-2022-21569" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21592" id="CVE-2022-21592" title="CVE-2022-21592" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21594" id="CVE-2022-21594" title="CVE-2022-21594" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21599" id="CVE-2022-21599" title="CVE-2022-21599" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21604" id="CVE-2022-21604" title="CVE-2022-21604" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21608" id="CVE-2022-21608" title="CVE-2022-21608" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21611" id="CVE-2022-21611" title="CVE-2022-21611" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21617" id="CVE-2022-21617" title="CVE-2022-21617" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21625" id="CVE-2022-21625" title="CVE-2022-21625" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21632" id="CVE-2022-21632" title="CVE-2022-21632" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21633" id="CVE-2022-21633" title="CVE-2022-21633" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21635" id="CVE-2022-21635" title="CVE-2022-21635" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21637" id="CVE-2022-21637" title="CVE-2022-21637" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21638" id="CVE-2022-21638" title="CVE-2022-21638" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21640" id="CVE-2022-21640" title="CVE-2022-21640" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21641" id="CVE-2022-21641" title="CVE-2022-21641" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32221" id="CVE-2022-32221" title="CVE-2022-32221" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39400" id="CVE-2022-39400" title="CVE-2022-39400" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39408" id="CVE-2022-39408" title="CVE-2022-39408" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39410" id="CVE-2022-39410" title="CVE-2022-39410" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-43551" id="CVE-2022-43551" title="CVE-2022-43551" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21836" id="CVE-2023-21836" title="CVE-2023-21836" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21863" id="CVE-2023-21863" title="CVE-2023-21863" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21864" id="CVE-2023-21864" title="CVE-2023-21864" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21865" id="CVE-2023-21865" title="CVE-2023-21865" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21867" id="CVE-2023-21867" title="CVE-2023-21867" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21868" id="CVE-2023-21868" title="CVE-2023-21868" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21869" id="CVE-2023-21869" title="CVE-2023-21869" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21870" id="CVE-2023-21870" title="CVE-2023-21870" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21871" id="CVE-2023-21871" title="CVE-2023-21871" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21872" id="CVE-2023-21872" title="CVE-2023-21872" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21873" id="CVE-2023-21873" title="CVE-2023-21873" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21874" id="CVE-2023-21874" title="CVE-2023-21874" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21875" id="CVE-2023-21875" title="CVE-2023-21875" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21876" id="CVE-2023-21876" title="CVE-2023-21876" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21877" id="CVE-2023-21877" title="CVE-2023-21877" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21878" id="CVE-2023-21878" title="CVE-2023-21878" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21879" id="CVE-2023-21879" title="CVE-2023-21879" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21880" id="CVE-2023-21880" title="CVE-2023-21880" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21881" id="CVE-2023-21881" title="CVE-2023-21881" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21882" id="CVE-2023-21882" title="CVE-2023-21882" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21883" id="CVE-2023-21883" title="CVE-2023-21883" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21887" id="CVE-2023-21887" title="CVE-2023-21887" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21911" id="CVE-2023-21911" title="CVE-2023-21911" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21912" id="CVE-2023-21912" title="CVE-2023-21912" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21913" id="CVE-2023-21913" title="CVE-2023-21913" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21917" id="CVE-2023-21917" title="CVE-2023-21917" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21919" id="CVE-2023-21919" title="CVE-2023-21919" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21920" id="CVE-2023-21920" title="CVE-2023-21920" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21929" id="CVE-2023-21929" title="CVE-2023-21929" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21933" id="CVE-2023-21933" title="CVE-2023-21933" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21935" id="CVE-2023-21935" title="CVE-2023-21935" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21940" id="CVE-2023-21940" title="CVE-2023-21940" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21945" id="CVE-2023-21945" title="CVE-2023-21945" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21946" id="CVE-2023-21946" title="CVE-2023-21946" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21947" id="CVE-2023-21947" title="CVE-2023-21947" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21953" id="CVE-2023-21953" title="CVE-2023-21953" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21955" id="CVE-2023-21955" title="CVE-2023-21955" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21962" id="CVE-2023-21962" title="CVE-2023-21962" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21963" id="CVE-2023-21963" title="CVE-2023-21963" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21966" id="CVE-2023-21966" title="CVE-2023-21966" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21972" id="CVE-2023-21972" title="CVE-2023-21972" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21976" id="CVE-2023-21976" title="CVE-2023-21976" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21977" id="CVE-2023-21977" title="CVE-2023-21977" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21980" id="CVE-2023-21980" title="CVE-2023-21980" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-21982" id="CVE-2023-21982" title="CVE-2023-21982" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22005" id="CVE-2023-22005" title="CVE-2023-22005" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22007" id="CVE-2023-22007" title="CVE-2023-22007" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22008" id="CVE-2023-22008" title="CVE-2023-22008" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22015" id="CVE-2023-22015" title="CVE-2023-22015" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22026" id="CVE-2023-22026" title="CVE-2023-22026" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22028" id="CVE-2023-22028" title="CVE-2023-22028" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22032" id="CVE-2023-22032" title="CVE-2023-22032" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22033" id="CVE-2023-22033" title="CVE-2023-22033" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22038" id="CVE-2023-22038" title="CVE-2023-22038" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22046" id="CVE-2023-22046" title="CVE-2023-22046" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22048" id="CVE-2023-22048" title="CVE-2023-22048" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22053" id="CVE-2023-22053" title="CVE-2023-22053" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22054" id="CVE-2023-22054" title="CVE-2023-22054" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22056" id="CVE-2023-22056" title="CVE-2023-22056" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22057" id="CVE-2023-22057" title="CVE-2023-22057" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22058" id="CVE-2023-22058" title="CVE-2023-22058" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22059" id="CVE-2023-22059" title="CVE-2023-22059" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22064" id="CVE-2023-22064" title="CVE-2023-22064" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22065" id="CVE-2023-22065" title="CVE-2023-22065" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22066" id="CVE-2023-22066" title="CVE-2023-22066" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22068" id="CVE-2023-22068" title="CVE-2023-22068" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22070" id="CVE-2023-22070" title="CVE-2023-22070" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22078" id="CVE-2023-22078" title="CVE-2023-22078" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22079" id="CVE-2023-22079" title="CVE-2023-22079" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22084" id="CVE-2023-22084" title="CVE-2023-22084" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22092" id="CVE-2023-22092" title="CVE-2023-22092" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22097" id="CVE-2023-22097" title="CVE-2023-22097" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22103" id="CVE-2023-22103" title="CVE-2023-22103" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22104" id="CVE-2023-22104" title="CVE-2023-22104" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22110" id="CVE-2023-22110" title="CVE-2023-22110" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22111" id="CVE-2023-22111" title="CVE-2023-22111" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22112" id="CVE-2023-22112" title="CVE-2023-22112" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22113" id="CVE-2023-22113" title="CVE-2023-22113" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22114" id="CVE-2023-22114" title="CVE-2023-22114" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22115" id="CVE-2023-22115" title="CVE-2023-22115" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21509)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21515)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21517)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21522)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21525)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21526)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21527)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21528)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21529)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21530)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21531)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21534)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21537)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21538)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-2022-21539)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21547)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21553)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21569)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21592)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21594)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21599)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21604)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21608)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21611)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21617)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21625)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21632)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21633)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).(CVE-2022-21635)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21637)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21638)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21640)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21641)When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.(CVE-2022-32221)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-39400)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-39408)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-39410)A vulnerability exists in curl &lt;7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.(CVE-2022-43551)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21836)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21863)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21864)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21865)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21867)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21868)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as  unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2023-21869)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21870)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21871)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as  unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2023-21872)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21873)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling).  Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-21874)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).  Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).(CVE-2023-21875)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21876)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as  unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2023-21877)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21878)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21879)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as  unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2023-21880)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21881)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21882)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21883)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21887)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21911)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).  Supported versions that are affected are 5.7.41 and prior and  8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21912)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21913)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21917)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21919)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21920)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as  unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2023-21929)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21933)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21935)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).  Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21940)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21945)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21946)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).  Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21947)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21953)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21955)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21962)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).  Supported versions that are affected are 5.7.40 and prior and  8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-21963)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21966)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21972)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21976)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21977)Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs).  Supported versions that are affected are 5.7.41 and prior and  8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).(CVE-2023-21980)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21982)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).  Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22005)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).  Supported versions that are affected are 5.7.41 and prior and  8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22007)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22008)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 5.7.42 and prior and  8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22015)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 5.7.42 and prior and  8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22026)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 5.7.43 and prior and  8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22028)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.34 and prior and  8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22032)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22033)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).  Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-22038)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22046)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth).  Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22048)Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs).  Supported versions that are affected are 5.7.42 and prior and  8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and  unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).(CVE-2023-22053)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22054)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22056)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).  Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22057)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).  Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22058)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.34 and prior and  8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22059)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22064)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22065)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.34 and prior and  8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22066)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.34 and prior and  8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22068)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.34 and prior and  8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22070)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.34 and prior and  8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22078)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22079)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and  8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22084)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22092)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.34 and prior and  8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22097)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.34 and prior and  8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22103)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22104)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22110)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF).  Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22111)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22112)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).  Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22113)Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.34 and prior and  8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22114)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).  Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22115)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mysql-common" release="1.ule3" version="8.0.35">
+                         <filename>mysql-common-8.0.35-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-config" release="1.ule3" version="8.0.35">
+                         <filename>mysql-config-8.0.35-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-help" release="1.ule3" version="8.0.35">
+                         <filename>mysql-help-8.0.35-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-test" release="1.ule3" version="8.0.35">
+                         <filename>mysql-test-8.0.35-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-libs" release="1.ule3" version="8.0.35">
+                         <filename>mysql-libs-8.0.35-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-debuginfo" release="1.ule3" version="8.0.35">
+                         <filename>mysql-debuginfo-8.0.35-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-devel" release="1.ule3" version="8.0.35">
+                         <filename>mysql-devel-8.0.35-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-server" release="1.ule3" version="8.0.35">
+                         <filename>mysql-server-8.0.35-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-debugsource" release="1.ule3" version="8.0.35">
+                         <filename>mysql-debugsource-8.0.35-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql" release="1.ule3" version="8.0.35">
+                         <filename>mysql-8.0.35-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mysql-errmsg" release="1.ule3" version="8.0.35">
+                         <filename>mysql-errmsg-8.0.35-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-debugsource" release="1.ule3" version="8.0.35">
+                         <filename>mysql-debugsource-8.0.35-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-devel" release="1.ule3" version="8.0.35">
+                         <filename>mysql-devel-8.0.35-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-config" release="1.ule3" version="8.0.35">
+                         <filename>mysql-config-8.0.35-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-debuginfo" release="1.ule3" version="8.0.35">
+                         <filename>mysql-debuginfo-8.0.35-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-common" release="1.ule3" version="8.0.35">
+                         <filename>mysql-common-8.0.35-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-help" release="1.ule3" version="8.0.35">
+                         <filename>mysql-help-8.0.35-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-test" release="1.ule3" version="8.0.35">
+                         <filename>mysql-test-8.0.35-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-errmsg" release="1.ule3" version="8.0.35">
+                         <filename>mysql-errmsg-8.0.35-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-server" release="1.ule3" version="8.0.35">
+                         <filename>mysql-server-8.0.35-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql-libs" release="1.ule3" version="8.0.35">
+                         <filename>mysql-libs-8.0.35-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mysql" release="1.ule3" version="8.0.35">
+                         <filename>mysql-8.0.35-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1840</id>
+          <title>An update for python-urllib3 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45803" id="CVE-2023-45803" title="CVE-2023-45803" type="cve"></reference>
+          </references>
+          <description>urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn&#39;t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren&#39;t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn&#39;t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren&#39;t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.(CVE-2023-45803)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-urllib3" release="8.ule3" version="1.26.7">
+                         <filename>python3-urllib3-1.26.7-8.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1843</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45884" id="CVE-2022-45884" title="CVE-2022-45884" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3327" id="CVE-2023-3327" title="CVE-2023-3327" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39198" id="CVE-2023-39198" title="CVE-2023-39198" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4623" id="CVE-2023-4623" title="CVE-2023-4623" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5197" id="CVE-2023-5197" title="CVE-2023-5197" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.(CVE-2022-45884)Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.(CVE-2023-3327)A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.(CVE-2023-39198)A use-after-free vulnerability in the Linux kernel&#39;s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.(CVE-2023-4623)A use-after-free vulnerability in the Linux kernel&#39;s netfilter: nf_tables component can be exploited to achieve local privilege escalation.Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.(CVE-2023-5197)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.117.0.144.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.117.0.144.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.117.0.144.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1846</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-17"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46695" id="CVE-2023-46695" title="CVE-2023-46695" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.(CVE-2023-46695)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-Django" release="9.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-django-help" release="9.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-9.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1847</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6175" id="CVE-2023-6175" title="CVE-2023-6175" type="cve"></reference>
+          </references>
+          <description>A heap-based buffer overflow was found in Wireshark&#39;s NetScreen file parser. This issue may allow local arbitrary code execution via a crafted capture file.(CVE-2023-6175)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="5.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="5.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="5.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="5.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="5.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="5.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="5.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="5.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="5.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="5.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1848</id>
+          <title>An update for openjdk-11 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22081" id="CVE-2023-22081" title="CVE-2023-22081" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and  22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-22081)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-devel-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-slowdebug-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc-zip" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-jmods-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debuginfo" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-debuginfo-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-demo-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-headless-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-src-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debugsource" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-debugsource-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-javadoc-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-11.0.21.9-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-slowdebug-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-src-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debugsource" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-debugsource-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-javadoc-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debuginfo" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-debuginfo-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-demo-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-jmods-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-devel-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc-zip" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-headless-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods-slowdebug" release="1.ule3" version="11.0.21.9">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.21.9-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1850</id>
+          <title>An update for shadow is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2013-4235" id="CVE-2013-4235" title="CVE-2013-4235" type="cve"></reference>
+          </references>
+          <description>shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees(CVE-2013-4235)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="shadow" release="12.ule3" version="4.9">
+                         <filename>shadow-4.9-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="shadow-debuginfo" release="12.ule3" version="4.9">
+                         <filename>shadow-debuginfo-4.9-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="shadow-debugsource" release="12.ule3" version="4.9">
+                         <filename>shadow-debugsource-4.9-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="shadow-subid-devel" release="12.ule3" version="4.9">
+                         <filename>shadow-subid-devel-4.9-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="shadow-help" release="12.ule3" version="4.9">
+                         <filename>shadow-help-4.9-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow" release="12.ule3" version="4.9">
+                         <filename>shadow-4.9-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow-subid-devel" release="12.ule3" version="4.9">
+                         <filename>shadow-subid-devel-4.9-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow-debugsource" release="12.ule3" version="4.9">
+                         <filename>shadow-debugsource-4.9-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="shadow-debuginfo" release="12.ule3" version="4.9">
+                         <filename>shadow-debuginfo-4.9-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1854</id>
+          <title>An update for python-aiohttp is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-47641" id="CVE-2023-47641" title="CVE-2023-47641" type="cve"></reference>
+          </references>
+          <description>aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-47641)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-aiohttp-debuginfo" release="3.ule3" version="3.7.4">
+                         <filename>python-aiohttp-debuginfo-3.7.4-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-aiohttp-debugsource" release="3.ule3" version="3.7.4">
+                         <filename>python-aiohttp-debugsource-3.7.4-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-aiohttp-help" release="3.ule3" version="3.7.4">
+                         <filename>python-aiohttp-help-3.7.4-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-aiohttp" release="3.ule3" version="3.7.4">
+                         <filename>python3-aiohttp-3.7.4-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-aiohttp-debugsource" release="3.ule3" version="3.7.4">
+                         <filename>python-aiohttp-debugsource-3.7.4-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-aiohttp" release="3.ule3" version="3.7.4">
+                         <filename>python3-aiohttp-3.7.4-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-aiohttp-debuginfo" release="3.ule3" version="3.7.4">
+                         <filename>python-aiohttp-debuginfo-3.7.4-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-aiohttp-help" release="3.ule3" version="3.7.4">
+                         <filename>python-aiohttp-help-3.7.4-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1855</id>
+          <title>An update for microcode_ctl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23583" id="CVE-2023-23583" title="CVE-2023-23583" type="cve"></reference>
+          </references>
+          <description>Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.(CVE-2023-23583)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="x86_64" name="microcode_ctl" release="42.ule3" version="2.1">
+                         <filename>microcode_ctl-2.1-42.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1856</id>
+          <title>An update for python-pillow is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-44271" id="CVE-2023-44271" title="CVE-2023-44271" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.(CVE-2023-44271)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-pillow" release="4.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pillow-debuginfo" release="4.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-qt" release="4.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pillow-debugsource" release="4.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-devel" release="4.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-tk" release="4.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-pillow-help" release="4.ule3" version="9.0.1">
+                         <filename>python3-pillow-help-9.0.1-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debugsource" release="4.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debuginfo" release="4.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow" release="4.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-devel" release="4.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-tk" release="4.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-qt" release="4.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1857</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-11-24"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6228" id="CVE-2023-6228" title="CVE-2023-6228" type="cve"></reference>
+          </references>
+          <description>An issue was found in the tiffcp utility distributed by the libtiff package. Processing a crafted TIFF file may cause a heap-based buffer overflow, resulting in an application crash.Reference:https://gitlab.com/libtiff/libtiff/-/issues/606(CVE-2023-6228)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-34.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-34.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="34.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-34.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1859</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39197" id="CVE-2023-39197" title="CVE-2023-39197" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6176" id="CVE-2023-6176" title="CVE-2023-6176" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.(CVE-2023-39197)A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.(CVE-2023-6176)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.118.0.145.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.118.0.145.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.118.0.145.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1865</id>
+          <title>An update for perl is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-47038" id="CVE-2023-47038" title="CVE-2023-47038" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.(CVE-2023-47038)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="perl" release="10.ule3" version="5.34.0">
+                         <filename>perl-5.34.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-devel" release="10.ule3" version="5.34.0">
+                         <filename>perl-devel-5.34.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-libs" release="10.ule3" version="5.34.0">
+                         <filename>perl-libs-5.34.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-debuginfo" release="10.ule3" version="5.34.0">
+                         <filename>perl-debuginfo-5.34.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-debugsource" release="10.ule3" version="5.34.0">
+                         <filename>perl-debugsource-5.34.0-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="noarch" name="perl-help" release="10.ule3" version="5.34.0">
+                         <filename>perl-help-5.34.0-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-libs" release="10.ule3" version="5.34.0">
+                         <filename>perl-libs-5.34.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-debugsource" release="10.ule3" version="5.34.0">
+                         <filename>perl-debugsource-5.34.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-devel" release="10.ule3" version="5.34.0">
+                         <filename>perl-devel-5.34.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl" release="10.ule3" version="5.34.0">
+                         <filename>perl-5.34.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-debuginfo" release="10.ule3" version="5.34.0">
+                         <filename>perl-debuginfo-5.34.0-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1867</id>
+          <title>An update for gnutls is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5981" id="CVE-2023-5981" title="CVE-2023-5981" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.(CVE-2023-5981)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gnutls-devel" release="9.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debugsource" release="9.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls" release="9.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debuginfo" release="9.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-utils" release="9.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gnutls-help" release="9.ule3" version="3.7.2">
+                         <filename>gnutls-help-3.7.2-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls" release="9.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-utils" release="9.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-devel" release="9.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debuginfo" release="9.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debugsource" release="9.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1870</id>
+          <title>An update for gdb is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39130" id="CVE-2023-39130" title="CVE-2023-39130" type="cve"></reference>
+          </references>
+          <description>GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.(CVE-2023-39130)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gdb-debugsource" release="7.ule3" version="11.1">
+                         <filename>gdb-debugsource-11.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb-debuginfo" release="7.ule3" version="11.1">
+                         <filename>gdb-debuginfo-11.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb-gdbserver" release="7.ule3" version="11.1">
+                         <filename>gdb-gdbserver-11.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb-headless" release="7.ule3" version="11.1">
+                         <filename>gdb-headless-11.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gdb" release="7.ule3" version="11.1">
+                         <filename>gdb-11.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gdb-help" release="7.ule3" version="11.1">
+                         <filename>gdb-help-11.1-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-debuginfo" release="7.ule3" version="11.1">
+                         <filename>gdb-debuginfo-11.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-debugsource" release="7.ule3" version="11.1">
+                         <filename>gdb-debugsource-11.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-gdbserver" release="7.ule3" version="11.1">
+                         <filename>gdb-gdbserver-11.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb-headless" release="7.ule3" version="11.1">
+                         <filename>gdb-headless-11.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gdb" release="7.ule3" version="11.1">
+                         <filename>gdb-11.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1873</id>
+          <title>An update for optipng is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43907" id="CVE-2023-43907" title="CVE-2023-43907" type="cve"></reference>
+          </references>
+          <description>OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the &#39;buffer&#39; variable at gifread.c.(CVE-2023-43907)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="optipng" release="1.ule3" version="0.7.8">
+                         <filename>optipng-0.7.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="optipng-debugsource" release="1.ule3" version="0.7.8">
+                         <filename>optipng-debugsource-0.7.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="optipng-debuginfo" release="1.ule3" version="0.7.8">
+                         <filename>optipng-debuginfo-0.7.8-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="optipng-debugsource" release="1.ule3" version="0.7.8">
+                         <filename>optipng-debugsource-0.7.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="optipng-debuginfo" release="1.ule3" version="0.7.8">
+                         <filename>optipng-debuginfo-0.7.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="optipng" release="1.ule3" version="0.7.8">
+                         <filename>optipng-0.7.8-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1881</id>
+          <title>An update for qt is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34410" id="CVE-2023-34410" title="CVE-2023-34410" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37369" id="CVE-2023-37369" title="CVE-2023-37369" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38197" id="CVE-2023-38197" title="CVE-2023-38197" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-43114" id="CVE-2023-43114" title="CVE-2023-43114" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.(CVE-2023-34410)In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.(CVE-2023-37369)An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.(CVE-2023-38197)An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.(CVE-2023-43114)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="qt-debugsource" release="58.ule3" version="4.8.7">
+                         <filename>qt-debugsource-4.8.7-58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qt-devel" release="58.ule3" version="4.8.7">
+                         <filename>qt-devel-4.8.7-58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qt-debuginfo" release="58.ule3" version="4.8.7">
+                         <filename>qt-debuginfo-4.8.7-58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="qt" release="58.ule3" version="4.8.7">
+                         <filename>qt-4.8.7-58.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qt" release="58.ule3" version="4.8.7">
+                         <filename>qt-4.8.7-58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qt-debuginfo" release="58.ule3" version="4.8.7">
+                         <filename>qt-debuginfo-4.8.7-58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qt-devel" release="58.ule3" version="4.8.7">
+                         <filename>qt-devel-4.8.7-58.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="qt-debugsource" release="58.ule3" version="4.8.7">
+                         <filename>qt-debugsource-4.8.7-58.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1882</id>
+          <title>An update for apache-commons-net is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-37533" id="CVE-2021-37533" title="CVE-2021-37533" type="cve"></reference>
+          </references>
+          <description>Prior to Apache Commons Net 3.9.0, Net&#39;s FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.(CVE-2021-37533)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="apache-commons-net-help" release="7.ule3" version="3.6">
+                         <filename>apache-commons-net-help-3.6-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="apache-commons-net" release="7.ule3" version="3.6">
+                         <filename>apache-commons-net-3.6-7.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1885</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48231" id="CVE-2023-48231" title="CVE-2023-48231" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48233" id="CVE-2023-48233" title="CVE-2023-48233" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48234" id="CVE-2023-48234" title="CVE-2023-48234" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48235" id="CVE-2023-48235" title="CVE-2023-48235" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48236" id="CVE-2023-48236" title="CVE-2023-48236" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48237" id="CVE-2023-48237" title="CVE-2023-48237" type="cve"></reference>
+          </references>
+          <description>Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48231)Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48233)Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48234)Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause anoverflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48235)Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values largerthan MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48236)Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48237)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="22.ule3" version="9.0">
+                         <filename>vim-X11-9.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="22.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="22.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="22.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="22.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="22.ule3" version="9.0">
+                         <filename>vim-common-9.0-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="22.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-22.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="22.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="22.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="22.ule3" version="9.0">
+                         <filename>vim-X11-9.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="22.ule3" version="9.0">
+                         <filename>vim-common-9.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="22.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="22.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-22.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1886</id>
+          <title>An update for haproxy is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0836" id="CVE-2023-0836" title="CVE-2023-0836" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45539" id="CVE-2023-45539" title="CVE-2023-45539" type="cve"></reference>
+          </references>
+          <description>An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.(CVE-2023-0836)HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.(CVE-2023-45539)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="haproxy-debugsource" release="6.ule3" version="2.4.8">
+                         <filename>haproxy-debugsource-2.4.8-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="haproxy" release="6.ule3" version="2.4.8">
+                         <filename>haproxy-2.4.8-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="haproxy-debuginfo" release="6.ule3" version="2.4.8">
+                         <filename>haproxy-debuginfo-2.4.8-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="haproxy-help" release="6.ule3" version="2.4.8">
+                         <filename>haproxy-help-2.4.8-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy" release="6.ule3" version="2.4.8">
+                         <filename>haproxy-2.4.8-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy-debuginfo" release="6.ule3" version="2.4.8">
+                         <filename>haproxy-debuginfo-2.4.8-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="haproxy-debugsource" release="6.ule3" version="2.4.8">
+                         <filename>haproxy-debugsource-2.4.8-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1887</id>
+          <title>An update for python-cryptography is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-49083" id="CVE-2023-49083" title="CVE-2023-49083" type="cve"></reference>
+          </references>
+          <description>cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.(CVE-2023-49083)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-cryptography-debugsource" release="7.ule3" version="3.3.1">
+                         <filename>python-cryptography-debugsource-3.3.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-cryptography" release="7.ule3" version="3.3.1">
+                         <filename>python3-cryptography-3.3.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-cryptography-debuginfo" release="7.ule3" version="3.3.1">
+                         <filename>python-cryptography-debuginfo-3.3.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-cryptography-help" release="7.ule3" version="3.3.1">
+                         <filename>python-cryptography-help-3.3.1-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-cryptography-debugsource" release="7.ule3" version="3.3.1">
+                         <filename>python-cryptography-debugsource-3.3.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-cryptography" release="7.ule3" version="3.3.1">
+                         <filename>python3-cryptography-3.3.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-cryptography-debuginfo" release="7.ule3" version="3.3.1">
+                         <filename>python-cryptography-debuginfo-3.3.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1888</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1193" id="CVE-2023-1193" title="CVE-2023-1193" type="cve"></reference>
+          </references>
+          <description>A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.(CVE-2023-1193)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.119.0.146.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.119.0.146.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.119.0.146.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1893</id>
+          <title>An update for libtiff is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6277" id="CVE-2023-6277" title="CVE-2023-6277" type="cve"></reference>
+          </references>
+          <description>An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.(CVE-2023-6277)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libtiff-debuginfo" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-36.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-debugsource" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-36.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-tools" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-36.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-36.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-static" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-36.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtiff-devel" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-36.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libtiff-help" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-help-4.3.0-36.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debugsource" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-debugsource-4.3.0-36.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-debuginfo" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-debuginfo-4.3.0-36.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-tools" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-tools-4.3.0-36.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-static" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-static-4.3.0-36.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-4.3.0-36.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtiff-devel" release="36.ule3" version="4.3.0">
+                         <filename>libtiff-devel-4.3.0-36.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1895</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1544" id="CVE-2023-1544" title="CVE-2023-1544" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the QEMU implementation of VMWare&#39;s paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.(CVE-2023-1544)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="10" arch="aarch64" name="qemu" release="83.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-aarch64" release="83.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-iscsi" release="83.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-curl" release="83.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-guest-agent" release="83.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-debuginfo" release="83.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-ssh" release="83.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-rbd" release="83.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-hw-usb-host" release="83.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-arm" release="83.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-riscv" release="83.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-debugsource" release="83.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-img" release="83.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-x86_64" release="83.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-83.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="noarch" name="qemu-help" release="83.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-83.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-seabios" release="83.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-arm" release="83.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debuginfo" release="83.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-x86_64" release="83.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-guest-agent" release="83.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-aarch64" release="83.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-rbd" release="83.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debugsource" release="83.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-img" release="83.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu" release="83.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-curl" release="83.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-ssh" release="83.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-iscsi" release="83.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-riscv" release="83.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-hw-usb-host" release="83.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-83.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1898</id>
+          <title>An update for freeimage is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-21427" id="CVE-2020-21427" title="CVE-2020-21427" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-21428" id="CVE-2020-21428" title="CVE-2020-21428" type="cve"></reference>
+          </references>
+          <description>Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.(CVE-2020-21427)Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.(CVE-2020-21428)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="freeimage-debugsource" release="9.ule3" version="3.18.0">
+                         <filename>freeimage-debugsource-3.18.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeimage-devel" release="9.ule3" version="3.18.0">
+                         <filename>freeimage-devel-3.18.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeimage-debuginfo" release="9.ule3" version="3.18.0">
+                         <filename>freeimage-debuginfo-3.18.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeimage" release="9.ule3" version="3.18.0">
+                         <filename>freeimage-3.18.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeimage" release="9.ule3" version="3.18.0">
+                         <filename>freeimage-3.18.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeimage-devel" release="9.ule3" version="3.18.0">
+                         <filename>freeimage-devel-3.18.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeimage-debugsource" release="9.ule3" version="3.18.0">
+                         <filename>freeimage-debugsource-3.18.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeimage-debuginfo" release="9.ule3" version="3.18.0">
+                         <filename>freeimage-debuginfo-3.18.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1899</id>
+          <title>An update for arm-trusted-firmware is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-47630" id="CVE-2022-47630" title="CVE-2022-47630" type="cve"></reference>
+          </references>
+          <description>Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.(CVE-2022-47630)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="arm-trusted-firmware-armv8" release="2.ule3" version="2.3">
+                         <filename>arm-trusted-firmware-armv8-2.3-2.ule3.aarch64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1900</id>
+          <title>An update for python-aiohttp is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-49081" id="CVE-2023-49081" title="CVE-2023-49081" type="cve"></reference>
+          </references>
+          <description>aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.(CVE-2023-49081)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-aiohttp-help" release="4.ule3" version="3.7.4">
+                         <filename>python-aiohttp-help-3.7.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-aiohttp" release="4.ule3" version="3.7.4">
+                         <filename>python3-aiohttp-3.7.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-aiohttp-debuginfo" release="4.ule3" version="3.7.4">
+                         <filename>python-aiohttp-debuginfo-3.7.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-aiohttp-debugsource" release="4.ule3" version="3.7.4">
+                         <filename>python-aiohttp-debugsource-3.7.4-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-aiohttp-help" release="4.ule3" version="3.7.4">
+                         <filename>python-aiohttp-help-3.7.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-aiohttp" release="4.ule3" version="3.7.4">
+                         <filename>python3-aiohttp-3.7.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-aiohttp-debuginfo" release="4.ule3" version="3.7.4">
+                         <filename>python-aiohttp-debuginfo-3.7.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-aiohttp-debugsource" release="4.ule3" version="3.7.4">
+                         <filename>python-aiohttp-debugsource-3.7.4-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1902</id>
+          <title>An update for vim is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48706" id="CVE-2023-48706" title="CVE-2023-48706" type="cve"></reference>
+          </references>
+          <description>Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.(CVE-2023-48706)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="vim-enhanced" release="23.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debugsource" release="23.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-debuginfo" release="23.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-X11" release="23.ule3" version="9.0">
+                         <filename>vim-X11-9.0-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-common" release="23.ule3" version="9.0">
+                         <filename>vim-common-9.0-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="vim-minimal" release="23.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="vim-filesystem" release="23.ule3" version="9.0">
+                         <filename>vim-filesystem-9.0-23.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-minimal" release="23.ule3" version="9.0">
+                         <filename>vim-minimal-9.0-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-common" release="23.ule3" version="9.0">
+                         <filename>vim-common-9.0-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debuginfo" release="23.ule3" version="9.0">
+                         <filename>vim-debuginfo-9.0-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-debugsource" release="23.ule3" version="9.0">
+                         <filename>vim-debugsource-9.0-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-enhanced" release="23.ule3" version="9.0">
+                         <filename>vim-enhanced-9.0-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="vim-X11" release="23.ule3" version="9.0">
+                         <filename>vim-X11-9.0-23.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1904</id>
+          <title>An update for python-wheel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40898" id="CVE-2022-40898" title="CVE-2022-40898" type="cve"></reference>
+          </references>
+          <description>An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.(CVE-2022-40898)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="python3-wheel" release="6.ule3" version="0.37.0">
+                         <filename>python3-wheel-0.37.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="python-wheel-wheel" release="6.ule3" version="0.37.0">
+                         <filename>python-wheel-wheel-0.37.0-6.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1906</id>
+          <title>An update for netty is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41881" id="CVE-2022-41881" title="CVE-2022-41881" type="cve"></reference>
+          </references>
+          <description>Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.(CVE-2022-41881)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="netty" release="20.ule3" version="4.1.13">
+                         <filename>netty-4.1.13-20.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="netty-help" release="20.ule3" version="4.1.13">
+                         <filename>netty-help-4.1.13-20.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="netty" release="20.ule3" version="4.1.13">
+                         <filename>netty-4.1.13-20.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1909</id>
+          <title>An update for python-twisted is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21712" id="CVE-2022-21712" title="CVE-2022-21712" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21716" id="CVE-2022-21716" title="CVE-2022-21716" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24801" id="CVE-2022-24801" title="CVE-2022-24801" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39348" id="CVE-2022-39348" title="CVE-2022-39348" type="cve"></reference>
+          </references>
+          <description>twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.(CVE-2022-21712)Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer&#39;s SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 &lt; /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.(CVE-2022-21716)Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web&#39;s HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.(CVE-2022-24801)Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.(CVE-2022-39348)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-twisted" release="1.ule3" version="22.4.0">
+                         <filename>python3-twisted-22.4.0-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-twisted-help" release="1.ule3" version="22.4.0">
+                         <filename>python-twisted-help-22.4.0-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-twisted" release="1.ule3" version="22.4.0">
+                         <filename>python3-twisted-22.4.0-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1912</id>
+          <title>An update for erlang is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-37026" id="CVE-2022-37026" title="CVE-2022-37026" type="cve"></reference>
+          </references>
+          <description>In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.(CVE-2022-37026)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="erlang-parsetools" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-parsetools-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-public_key" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-public_key-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-debugsource" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-debugsource-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-os_mon" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-os_mon-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-ftp" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-ftp-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-xmerl" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-xmerl-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-debugger" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-debugger-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-ssl" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-ssl-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-runtime_tools" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-runtime_tools-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-observer" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-observer-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-crypto" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-crypto-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-dialyzer" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-dialyzer-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-wx" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-wx-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-stdlib" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-stdlib-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-et" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-et-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-eunit" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-eunit-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-eldap" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-eldap-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-tools" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-tools-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-tftp" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-tftp-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-megaco" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-megaco-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-jinterface" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-jinterface-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-erl_interface" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-erl_interface-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-diameter" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-diameter-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-ssh" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-ssh-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-reltool" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-reltool-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-kernel" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-kernel-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-erl_docgen" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-erl_docgen-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-compiler" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-compiler-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-mnesia" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-mnesia-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-odbc" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-odbc-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-hipe" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-hipe-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-sasl" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-sasl-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-inets" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-inets-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-examples" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-examples-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-edoc" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-edoc-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-snmp" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-snmp-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-common_test" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-common_test-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-asn1" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-asn1-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-debuginfo" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-debuginfo-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-syntax_tools" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-syntax_tools-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-erts" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-erts-23.3.4.9-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-kernel" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-kernel-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-observer" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-observer-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-odbc" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-odbc-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-common_test" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-common_test-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-debugger" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-debugger-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-asn1" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-asn1-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-runtime_tools" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-runtime_tools-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-dialyzer" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-dialyzer-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-crypto" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-crypto-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-parsetools" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-parsetools-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-tools" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-tools-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-et" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-et-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-compiler" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-compiler-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-sasl" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-sasl-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-debugsource" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-debugsource-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-mnesia" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-mnesia-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-os_mon" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-os_mon-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-examples" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-examples-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-megaco" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-megaco-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-public_key" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-public_key-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-ssh" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-ssh-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-jinterface" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-jinterface-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-diameter" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-diameter-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-wx" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-wx-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-erl_interface" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-erl_interface-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-hipe" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-hipe-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-eldap" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-eldap-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-eunit" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-eunit-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-syntax_tools" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-syntax_tools-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-tftp" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-tftp-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-snmp" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-snmp-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-ssl" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-ssl-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-stdlib" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-stdlib-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-inets" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-inets-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-debuginfo" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-debuginfo-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-xmerl" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-xmerl-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-erts" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-erts-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-edoc" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-edoc-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-reltool" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-reltool-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-ftp" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-ftp-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-erl_docgen" release="3.ule3" version="23.3.4.9">
+                         <filename>erlang-erl_docgen-23.3.4.9-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1913</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46218" id="CVE-2023-46218" title="CVE-2023-46218" type="cve"></reference>
+          </references>
+          <description>This flaw allows a malicious HTTP server to set &#34;super cookies&#34; in curl thatare then passed back to more origins than what is otherwise allowed orpossible. This allows a site to set cookies that then would get sent todifferent and unrelated sites and domains.It could do this by exploiting a mixed case flaw in curl&#39;s function thatverifies a given cookie domain against the Public Suffix List (PSL). Forexample a cookie could be set with `domain=co.UK` when the URL used a lowercase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.(CVE-2023-46218)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libcurl" release="25.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="25.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="25.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl" release="25.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="25.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="25.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-25.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="25.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="25.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="25.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="25.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="25.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-25.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1914</id>
+          <title>An update for jettison is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40149" id="CVE-2022-40149" title="CVE-2022-40149" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40150" id="CVE-2022-40150" title="CVE-2022-40150" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45685" id="CVE-2022-45685" title="CVE-2022-45685" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45693" id="CVE-2022-45693" title="CVE-2022-45693" type="cve"></reference>
+          </references>
+          <description>Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.(CVE-2022-40149)Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.(CVE-2022-40150)A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.(CVE-2022-45685)Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.(CVE-2022-45693)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="jettison" release="1.ule3" version="1.5.4">
+                         <filename>jettison-1.5.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jettison-javadoc" release="1.ule3" version="1.5.4">
+                         <filename>jettison-javadoc-1.5.4-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1917</id>
+          <title>An update for varnish is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45059" id="CVE-2022-45059" title="CVE-2022-45059" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.(CVE-2022-45059)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="varnish" release="8.ule3" version="7.0.1">
+                         <filename>varnish-7.0.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-devel" release="8.ule3" version="7.0.1">
+                         <filename>varnish-devel-7.0.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debugsource" release="8.ule3" version="7.0.1">
+                         <filename>varnish-debugsource-7.0.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debuginfo" release="8.ule3" version="7.0.1">
+                         <filename>varnish-debuginfo-7.0.1-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="varnish-help" release="8.ule3" version="7.0.1">
+                         <filename>varnish-help-7.0.1-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debuginfo" release="8.ule3" version="7.0.1">
+                         <filename>varnish-debuginfo-7.0.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debugsource" release="8.ule3" version="7.0.1">
+                         <filename>varnish-debugsource-7.0.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish" release="8.ule3" version="7.0.1">
+                         <filename>varnish-7.0.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-devel" release="8.ule3" version="7.0.1">
+                         <filename>varnish-devel-7.0.1-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1920</id>
+          <title>An update for liblouis is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26981" id="CVE-2022-26981" title="CVE-2022-26981" type="cve"></reference>
+          </references>
+          <description>Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).(CVE-2022-26981)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="liblouis-debuginfo" release="6.ule3" version="3.7.0">
+                         <filename>liblouis-debuginfo-3.7.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="liblouis-debugsource" release="6.ule3" version="3.7.0">
+                         <filename>liblouis-debugsource-3.7.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="liblouis-utils" release="6.ule3" version="3.7.0">
+                         <filename>liblouis-utils-3.7.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="liblouis" release="6.ule3" version="3.7.0">
+                         <filename>liblouis-3.7.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="liblouis-devel" release="6.ule3" version="3.7.0">
+                         <filename>liblouis-devel-3.7.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="liblouis-help" release="6.ule3" version="3.7.0">
+                         <filename>liblouis-help-3.7.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-louis" release="6.ule3" version="3.7.0">
+                         <filename>python3-louis-3.7.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblouis" release="6.ule3" version="3.7.0">
+                         <filename>liblouis-3.7.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblouis-debuginfo" release="6.ule3" version="3.7.0">
+                         <filename>liblouis-debuginfo-3.7.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblouis-devel" release="6.ule3" version="3.7.0">
+                         <filename>liblouis-devel-3.7.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblouis-utils" release="6.ule3" version="3.7.0">
+                         <filename>liblouis-utils-3.7.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="liblouis-debugsource" release="6.ule3" version="3.7.0">
+                         <filename>liblouis-debugsource-3.7.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1921</id>
+          <title>An update for jackson-databind is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-36518" id="CVE-2020-36518" title="CVE-2020-36518" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42003" id="CVE-2022-42003" title="CVE-2022-42003" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-42004" id="CVE-2022-42004" title="CVE-2022-42004" type="cve"></reference>
+          </references>
+          <description>jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.(CVE-2020-36518)In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1(CVE-2022-42003)In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.(CVE-2022-42004)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="jackson-databind-javadoc" release="10.ule3" version="2.9.8">
+                         <filename>jackson-databind-javadoc-2.9.8-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jackson-databind" release="10.ule3" version="2.9.8">
+                         <filename>jackson-databind-2.9.8-10.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1922</id>
+          <title>An update for python-flask is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-30861" id="CVE-2023-30861" title="CVE-2023-30861" type="cve"></reference>
+          </references>
+          <description>Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client&#39;s `session` cookie to other clients. The severity depends on the application&#39;s use of the session and the proxy&#39;s behavior regarding cookies. The risk depends on all these conditions being met.1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.2. The application sets `session.permanent = True`3. The application does not access or modify the session at any point during a request.4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.(CVE-2023-30861)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="python3-flask" release="4.ule3" version="1.1.2">
+                         <filename>python3-flask-1.1.2-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1923</id>
+          <title>An update for python-pillow is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-45198" id="CVE-2022-45198" title="CVE-2022-45198" type="cve"></reference>
+          </references>
+          <description>Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).(CVE-2022-45198)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-pillow-devel" release="5.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-qt" release="5.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow" release="5.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-tk" release="5.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pillow-debuginfo" release="5.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pillow-debugsource" release="5.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-pillow-help" release="5.ule3" version="9.0.1">
+                         <filename>python3-pillow-help-9.0.1-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debugsource" release="5.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-tk" release="5.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debuginfo" release="5.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-qt" release="5.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow" release="5.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-devel" release="5.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1924</id>
+          <title>An update for hsqldb is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41853" id="CVE-2022-41853" title="CVE-2022-41853" type="cve"></reference>
+          </references>
+          <description>Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property &#34;hsqldb.method_class_names&#34; to classes which are allowed to be called. For example, System.setProperty(&#34;hsqldb.method_class_names&#34;, &#34;abc&#34;) or Java argument -Dhsqldb.method_class_names=&#34;abc&#34; can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.(CVE-2022-41853)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="hsqldb-manual" release="4.ule3" version="2.4.0">
+                         <filename>hsqldb-manual-2.4.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="hsqldb-javadoc" release="4.ule3" version="2.4.0">
+                         <filename>hsqldb-javadoc-2.4.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="hsqldb" release="4.ule3" version="2.4.0">
+                         <filename>hsqldb-2.4.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="hsqldb-demo" release="4.ule3" version="2.4.0">
+                         <filename>hsqldb-demo-2.4.0-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="hsqldb-lib" release="4.ule3" version="2.4.0">
+                         <filename>hsqldb-lib-2.4.0-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1925</id>
+          <title>An update for activemq is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41678" id="CVE-2022-41678" title="CVE-2022-41678" type="cve"></reference>
+          </references>
+          <description>Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allowsorg.jolokia.http.AgentServlet to handler request to /api/jolokiaorg.jolokia.http.HttpRequestHandler#handlePostRequest is able tocreate JmxRequest through JSONObject. And calls toorg.jolokia.http.HttpRequestHandler#executeRequest.Into deeper calling stacks,org.jolokia.handler.ExecHandler#doHandleRequest is able to invokethrough refection.And then, RCE is able to be achieved viajdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.1 Call newRecording.2 Call setConfiguration. And a webshell data hides in it.3 Call startRecording.4 Call copyTo method. The webshell will be written to a .jsp file.The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia.A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.(CVE-2022-41678)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="activemq-javadoc" release="1.ule3" version="5.16.7">
+                         <filename>activemq-javadoc-5.16.7-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="activemq" release="1.ule3" version="5.16.7">
+                         <filename>activemq-5.16.7-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1927</id>
+          <title>An update for perl is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-47100" id="CVE-2023-47100" title="CVE-2023-47100" type="cve"></reference>
+          </references>
+          <description>In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.(CVE-2023-47100)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="4" arch="aarch64" name="perl-devel" release="12.ule3" version="5.34.0">
+                         <filename>perl-devel-5.34.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-libs" release="12.ule3" version="5.34.0">
+                         <filename>perl-libs-5.34.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl" release="12.ule3" version="5.34.0">
+                         <filename>perl-5.34.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-debugsource" release="12.ule3" version="5.34.0">
+                         <filename>perl-debugsource-5.34.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="aarch64" name="perl-debuginfo" release="12.ule3" version="5.34.0">
+                         <filename>perl-debuginfo-5.34.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="noarch" name="perl-help" release="12.ule3" version="5.34.0">
+                         <filename>perl-help-5.34.0-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl" release="12.ule3" version="5.34.0">
+                         <filename>perl-5.34.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-libs" release="12.ule3" version="5.34.0">
+                         <filename>perl-libs-5.34.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-debugsource" release="12.ule3" version="5.34.0">
+                         <filename>perl-debugsource-5.34.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-debuginfo" release="12.ule3" version="5.34.0">
+                         <filename>perl-debuginfo-5.34.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="4" arch="x86_64" name="perl-devel" release="12.ule3" version="5.34.0">
+                         <filename>perl-devel-5.34.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1929</id>
+          <title>An update for xstream is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-40151" id="CVE-2022-40151" title="CVE-2022-40151" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41966" id="CVE-2022-41966" title="CVE-2022-41966" type="cve"></reference>
+          </references>
+          <description>Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.(CVE-2022-40151)XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.(CVE-2022-41966)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="xstream-parent" release="1.ule3" version="1.4.20">
+                         <filename>xstream-parent-1.4.20-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xstream-hibernate" release="1.ule3" version="1.4.20">
+                         <filename>xstream-hibernate-1.4.20-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xstream-benchmark" release="1.ule3" version="1.4.20">
+                         <filename>xstream-benchmark-1.4.20-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xstream-javadoc" release="1.ule3" version="1.4.20">
+                         <filename>xstream-javadoc-1.4.20-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xstream" release="1.ule3" version="1.4.20">
+                         <filename>xstream-1.4.20-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1930</id>
+          <title>An update for nodejs-tough-cookie is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26136" id="CVE-2023-26136" title="CVE-2023-26136" type="cve"></reference>
+          </references>
+          <description>Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.(CVE-2023-26136)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-tough-cookie" release="3.ule3" version="2.3.2">
+                         <filename>nodejs-tough-cookie-2.3.2-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1931</id>
+          <title>An update for sox is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23159" id="CVE-2021-23159" title="CVE-2021-23159" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23172" id="CVE-2021-23172" title="CVE-2021-23172" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-23210" id="CVE-2021-23210" title="CVE-2021-23210" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33844" id="CVE-2021-33844" title="CVE-2021-33844" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-26590" id="CVE-2023-26590" title="CVE-2023-26590" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-32627" id="CVE-2023-32627" title="CVE-2023-32627" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34318" id="CVE-2023-34318" title="CVE-2023-34318" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-34432" id="CVE-2023-34432" title="CVE-2023-34432" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.(CVE-2021-23159)A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.(CVE-2021-23172)A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.(CVE-2021-23210)A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.(CVE-2021-33844)A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.(CVE-2023-26590)A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.(CVE-2023-32627)A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34318)A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34432)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sox-devel" release="29.ule3" version="14.4.2.0">
+                         <filename>sox-devel-14.4.2.0-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sox" release="29.ule3" version="14.4.2.0">
+                         <filename>sox-14.4.2.0-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sox-debugsource" release="29.ule3" version="14.4.2.0">
+                         <filename>sox-debugsource-14.4.2.0-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sox-debuginfo" release="29.ule3" version="14.4.2.0">
+                         <filename>sox-debuginfo-14.4.2.0-29.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sox-help" release="29.ule3" version="14.4.2.0">
+                         <filename>sox-help-14.4.2.0-29.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sox-devel" release="29.ule3" version="14.4.2.0">
+                         <filename>sox-devel-14.4.2.0-29.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sox" release="29.ule3" version="14.4.2.0">
+                         <filename>sox-14.4.2.0-29.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sox-debugsource" release="29.ule3" version="14.4.2.0">
+                         <filename>sox-debugsource-14.4.2.0-29.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sox-debuginfo" release="29.ule3" version="14.4.2.0">
+                         <filename>sox-debuginfo-14.4.2.0-29.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1932</id>
+          <title>An update for squid is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-49285" id="CVE-2023-49285" title="CVE-2023-49285" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-49286" id="CVE-2023-49286" title="CVE-2023-49286" type="cve"></reference>
+          </references>
+          <description>Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-49285)Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-49286)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="7" arch="aarch64" name="squid-debugsource" release="21.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid" release="21.ule3" version="4.9">
+                         <filename>squid-4.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debuginfo" release="21.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debugsource" release="21.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid" release="21.ule3" version="4.9">
+                         <filename>squid-4.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debuginfo" release="21.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-21.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1934</id>
+          <title>An update for gstreamer1-plugins-good is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37327" id="CVE-2023-37327" title="CVE-2023-37327" type="cve"></reference>
+          </references>
+          <description>Heap-based buffer overflow in the FLAC parser when handling malformed image tags in GStreamer versions before 1.22.4 / 1.20.7. https://gstreamer.freedesktop.org/security/sa-2023-0001.html(CVE-2023-37327)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gstreamer1-plugins-good-gtk" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-gtk-1.16.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-good" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-1.16.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-good-debuginfo" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-debuginfo-1.16.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-good-debugsource" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-debugsource-1.16.2-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gstreamer1-plugins-good-help" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-help-1.16.2-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-good-debuginfo" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-debuginfo-1.16.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-good" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-1.16.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-good-debugsource" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-debugsource-1.16.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-good-gtk" release="6.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-good-gtk-1.16.2-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1935</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39326" id="CVE-2023-39326" title="CVE-2023-39326" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45285" id="CVE-2023-45285" title="CVE-2023-45285" type="cve"></reference>
+          </references>
+          <description>A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.(CVE-2023-39326)Using go get to fetch a module with the &#34;.git&#34; suffix may unexpectedly fallback to the insecure &#34;git://&#34; protocol if the module is unavailable via the secure &#34;https://&#34; and &#34;git+ssh://&#34; protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).(CVE-2023-45285)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="26.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="26.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-26.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="26.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-26.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="26.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-26.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1940</id>
+          <title>An update for fish is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-49284" id="CVE-2023-49284" title="CVE-2023-49284" type="cve"></reference>
+          </references>
+          <description>fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo \UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. This design flaw was introduced in very early versions of fish, predating the version control system, and is thought to be present in every version of fish released in the last 15 years or more, although with different characters. Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-49284)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="fish" release="5.ule3" version="3.3.1">
+                         <filename>fish-3.3.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fish-debuginfo" release="5.ule3" version="3.3.1">
+                         <filename>fish-debuginfo-3.3.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fish-debugsource" release="5.ule3" version="3.3.1">
+                         <filename>fish-debugsource-3.3.1-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fish-debugsource" release="5.ule3" version="3.3.1">
+                         <filename>fish-debugsource-3.3.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fish" release="5.ule3" version="3.3.1">
+                         <filename>fish-3.3.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fish-debuginfo" release="5.ule3" version="3.3.1">
+                         <filename>fish-debuginfo-3.3.1-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1943</id>
+          <title>An update for gstreamer1-plugins-bad-free is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37329" id="CVE-2023-37329" title="CVE-2023-37329" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-44446" id="CVE-2023-44446" title="CVE-2023-44446" type="cve"></reference>
+          </references>
+          <description>Heap-based buffer overflow in the PGS blu-ray subtitle decoder when handling certain files in GStreamer versions before 1.22.4 / 1.20.7. It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.https://gstreamer.freedesktop.org/security/sa-2023-0003.html(CVE-2023-37329)A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow a malicious third party to trigger a crash in the application and may allow code execution.(CVE-2023-44446)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gstreamer1-plugins-bad-free-devel" release="9.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-devel-1.16.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-bad-free-debuginfo" release="9.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-debuginfo-1.16.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-bad-free-debugsource" release="9.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-debugsource-1.16.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-bad-free" release="9.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-1.16.2-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-bad-free" release="9.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-1.16.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-bad-free-debugsource" release="9.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-debugsource-1.16.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-bad-free-devel" release="9.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-devel-1.16.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-bad-free-debuginfo" release="9.ule3" version="1.16.2">
+                         <filename>gstreamer1-plugins-bad-free-debuginfo-1.16.2-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1944</id>
+          <title>An update for hsqldb1 is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41853" id="CVE-2022-41853" title="CVE-2022-41853" type="cve"></reference>
+          </references>
+          <description>Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property &#34;hsqldb.method_class_names&#34; to classes which are allowed to be called. For example, System.setProperty(&#34;hsqldb.method_class_names&#34;, &#34;abc&#34;) or Java argument -Dhsqldb.method_class_names=&#34;abc&#34; can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.(CVE-2022-41853)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="hsqldb1" release="3.ule3" version="1.8.1.3">
+                         <filename>hsqldb1-1.8.1.3-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="hsqldb1-javadoc" release="3.ule3" version="1.8.1.3">
+                         <filename>hsqldb1-javadoc-1.8.1.3-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1945</id>
+          <title>An update for strongswan is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-41913" id="CVE-2023-41913" title="CVE-2023-41913" type="cve"></reference>
+          </references>
+          <description>strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm&#39;s DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.(CVE-2023-41913)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="strongswan-debugsource" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-debugsource-5.7.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-tnc-imcvs" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-tnc-imcvs-5.7.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-charon-nm" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-charon-nm-5.7.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-debuginfo" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-debuginfo-5.7.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-libipsec" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-libipsec-5.7.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan-sqlite" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-sqlite-5.7.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="strongswan" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-5.7.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-tnc-imcvs" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-tnc-imcvs-5.7.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-debuginfo" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-debuginfo-5.7.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-sqlite" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-sqlite-5.7.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-5.7.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-charon-nm" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-charon-nm-5.7.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-debugsource" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-debugsource-5.7.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="strongswan-libipsec" release="14.ule3" version="5.7.2">
+                         <filename>strongswan-libipsec-5.7.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1946</id>
+          <title>An update for logback is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6378" id="CVE-2023-6378" title="CVE-2023-6378" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6481" id="CVE-2023-6481" title="CVE-2023-6481" type="cve"></reference>
+          </references>
+          <description>A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.(CVE-2023-6378)A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.(CVE-2023-6481)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="logback-access" release="3.ule3" version="1.2.8">
+                         <filename>logback-access-1.2.8-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="logback-examples" release="3.ule3" version="1.2.8">
+                         <filename>logback-examples-1.2.8-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="logback-help" release="3.ule3" version="1.2.8">
+                         <filename>logback-help-1.2.8-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="logback" release="3.ule3" version="1.2.8">
+                         <filename>logback-1.2.8-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1947</id>
+          <title>An update for squid is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-50269" id="CVE-2023-50269" title="CVE-2023-50269" type="cve"></reference>
+          </references>
+          <description>Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid&#39;s patch archives.(CVE-2023-50269)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="7" arch="aarch64" name="squid-debugsource" release="22.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid" release="22.ule3" version="4.9">
+                         <filename>squid-4.9-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debuginfo" release="22.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-22.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debugsource" release="22.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debuginfo" release="22.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-22.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid" release="22.ule3" version="4.9">
+                         <filename>squid-4.9-22.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1948</id>
+          <title>An update for bluez is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45866" id="CVE-2023-45866" title="CVE-2023-45866" type="cve"></reference>
+          </references>
+          <description>Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.(CVE-2023-45866)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bluez" release="18.ule3" version="5.54">
+                         <filename>bluez-5.54-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-devel" release="18.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-cups" release="18.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debuginfo" release="18.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debugsource" release="18.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-libs" release="18.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-18.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bluez-help" release="18.ule3" version="5.54">
+                         <filename>bluez-help-5.54-18.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debuginfo" release="18.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-devel" release="18.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-libs" release="18.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez" release="18.ule3" version="5.54">
+                         <filename>bluez-5.54-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-cups" release="18.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-18.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debugsource" release="18.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-18.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1950</id>
+          <title>An update for avro is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-43045" id="CVE-2021-43045" title="CVE-2021-43045" type="cve"></reference>
+          </references>
+          <description>A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.(CVE-2021-43045)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="avro" release="4.ule3" version="1.10.2">
+                         <filename>avro-1.10.2-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="avro" release="4.ule3" version="1.10.2">
+                         <filename>avro-1.10.2-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1951</id>
+          <title>An update for xorg-x11-server is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6377" id="CVE-2023-6377" title="CVE-2023-6377" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6478" id="CVE-2023-6478" title="CVE-2023-6478" type="cve"></reference>
+          </references>
+          <description>A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.(CVE-2023-6377)A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.(CVE-2023-6478)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xorg-x11-server" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debuginfo" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xephyr" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-common" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-devel" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xvfb" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xnest" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xdmx" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debugsource" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-help" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-help-1.20.11-24.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-source" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-source-1.20.11-24.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-common" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debugsource" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xnest" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-devel" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debuginfo" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xdmx" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xephyr" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xvfb" release="24.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-24.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1956</id>
+          <title>An update for freeradius is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41859" id="CVE-2022-41859" title="CVE-2022-41859" type="cve"></reference>
+          </references>
+          <description>In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.(CVE-2022-41859)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="freeradius-sqlite" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-sqlite-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-debuginfo" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-debuginfo-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-postgresql" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-postgresql-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-freeradius" release="2.ule3" version="3.0.25">
+                         <filename>python3-freeradius-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-debugsource" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-debugsource-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-mysql" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-mysql-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-utils" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-utils-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-krb5" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-krb5-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-perl" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-perl-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-help" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-help-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-devel" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-devel-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius-ldap" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-ldap-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeradius" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-3.0.25-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-freeradius" release="2.ule3" version="3.0.25">
+                         <filename>python3-freeradius-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-help" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-help-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-krb5" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-krb5-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-debugsource" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-debugsource-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-perl" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-perl-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-debuginfo" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-debuginfo-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-mysql" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-mysql-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-devel" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-devel-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-sqlite" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-sqlite-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-utils" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-utils-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-ldap" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-ldap-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeradius-postgresql" release="2.ule3" version="3.0.25">
+                         <filename>freeradius-postgresql-3.0.25-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1957</id>
+          <title>An update for libgit2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22742" id="CVE-2023-22742" title="CVE-2023-22742" type="cve"></reference>
+          </references>
+          <description>libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2&#39;s `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked.(CVE-2023-22742)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libgit2" release="6.ule3" version="0.27.8">
+                         <filename>libgit2-0.27.8-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgit2-debuginfo" release="6.ule3" version="0.27.8">
+                         <filename>libgit2-debuginfo-0.27.8-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgit2-debugsource" release="6.ule3" version="0.27.8">
+                         <filename>libgit2-debugsource-0.27.8-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgit2-devel" release="6.ule3" version="0.27.8">
+                         <filename>libgit2-devel-0.27.8-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgit2-debuginfo" release="6.ule3" version="0.27.8">
+                         <filename>libgit2-debuginfo-0.27.8-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgit2-devel" release="6.ule3" version="0.27.8">
+                         <filename>libgit2-devel-0.27.8-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgit2" release="6.ule3" version="0.27.8">
+                         <filename>libgit2-0.27.8-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgit2-debugsource" release="6.ule3" version="0.27.8">
+                         <filename>libgit2-debugsource-0.27.8-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1960</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46219" id="CVE-2023-46219" title="CVE-2023-46219" type="cve"></reference>
+          </references>
+          <description>When saving HSTS data to an excessively long file name, curl could end upremoving all contents, making subsequent requests using that file unaware ofthe HSTS status they should otherwise use.(CVE-2023-46219)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libcurl-devel" release="25.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="25.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debuginfo" release="25.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl" release="25.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="25.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="25.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-25.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="25.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="25.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="25.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="25.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="25.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-25.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1966</id>
+          <title>An update for jettison is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-1436" id="CVE-2023-1436" title="CVE-2023-1436" type="cve"></reference>
+          </references>
+          <description>An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.(CVE-2023-1436)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="jettison-javadoc" release="1.ule3" version="1.5.4">
+                         <filename>jettison-javadoc-1.5.4-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jettison" release="1.ule3" version="1.5.4">
+                         <filename>jettison-1.5.4-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1969</id>
+          <title>An update for ncurses is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-50495" id="CVE-2023-50495" title="CVE-2023-50495" type="cve"></reference>
+          </references>
+          <description>NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().(CVE-2023-50495)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ncurses-debugsource" release="7.ule3" version="6.3">
+                         <filename>ncurses-debugsource-6.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-libs" release="7.ule3" version="6.3">
+                         <filename>ncurses-libs-6.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-help" release="7.ule3" version="6.3">
+                         <filename>ncurses-help-6.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses" release="7.ule3" version="6.3">
+                         <filename>ncurses-6.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-debuginfo" release="7.ule3" version="6.3">
+                         <filename>ncurses-debuginfo-6.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-devel" release="7.ule3" version="6.3">
+                         <filename>ncurses-devel-6.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-compat-libs" release="7.ule3" version="6.3">
+                         <filename>ncurses-compat-libs-6.3-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ncurses-base" release="7.ule3" version="6.3">
+                         <filename>ncurses-base-6.3-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-debuginfo" release="7.ule3" version="6.3">
+                         <filename>ncurses-debuginfo-6.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-help" release="7.ule3" version="6.3">
+                         <filename>ncurses-help-6.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-compat-libs" release="7.ule3" version="6.3">
+                         <filename>ncurses-compat-libs-6.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-devel" release="7.ule3" version="6.3">
+                         <filename>ncurses-devel-6.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-libs" release="7.ule3" version="6.3">
+                         <filename>ncurses-libs-6.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses" release="7.ule3" version="6.3">
+                         <filename>ncurses-6.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-debugsource" release="7.ule3" version="6.3">
+                         <filename>ncurses-debugsource-6.3-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1977</id>
+          <title>An update for openssh is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48795" id="CVE-2023-48795" title="CVE-2023-48795" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-51385" id="CVE-2023-51385" title="CVE-2023-51385" type="cve"></reference>
+          </references>
+          <description>The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH&#39;s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.(CVE-2023-51385)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openssh-debuginfo" release="23.ule3" version="8.8p1">
+                         <filename>openssh-debuginfo-8.8p1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-keycat" release="23.ule3" version="8.8p1">
+                         <filename>openssh-keycat-8.8p1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh" release="23.ule3" version="8.8p1">
+                         <filename>openssh-8.8p1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pam_ssh_agent_auth" release="4.23.ule3" version="0.10.4">
+                         <filename>pam_ssh_agent_auth-0.10.4-4.23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-clients" release="23.ule3" version="8.8p1">
+                         <filename>openssh-clients-8.8p1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-askpass" release="23.ule3" version="8.8p1">
+                         <filename>openssh-askpass-8.8p1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-debugsource" release="23.ule3" version="8.8p1">
+                         <filename>openssh-debugsource-8.8p1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openssh-server" release="23.ule3" version="8.8p1">
+                         <filename>openssh-server-8.8p1-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="openssh-help" release="23.ule3" version="8.8p1">
+                         <filename>openssh-help-8.8p1-23.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-keycat" release="23.ule3" version="8.8p1">
+                         <filename>openssh-keycat-8.8p1-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-clients" release="23.ule3" version="8.8p1">
+                         <filename>openssh-clients-8.8p1-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-askpass" release="23.ule3" version="8.8p1">
+                         <filename>openssh-askpass-8.8p1-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh" release="23.ule3" version="8.8p1">
+                         <filename>openssh-8.8p1-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-debugsource" release="23.ule3" version="8.8p1">
+                         <filename>openssh-debugsource-8.8p1-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pam_ssh_agent_auth" release="4.23.ule3" version="0.10.4">
+                         <filename>pam_ssh_agent_auth-0.10.4-4.23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-server" release="23.ule3" version="8.8p1">
+                         <filename>openssh-server-8.8p1-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openssh-debuginfo" release="23.ule3" version="8.8p1">
+                         <filename>openssh-debuginfo-8.8p1-23.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1984</id>
+          <title>An update for ghostscript is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46751" id="CVE-2023-46751" title="CVE-2023-46751" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.(CVE-2023-46751)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ghostscript-debugsource" release="6.ule3" version="9.55.0">
+                         <filename>ghostscript-debugsource-9.55.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript-debuginfo" release="6.ule3" version="9.55.0">
+                         <filename>ghostscript-debuginfo-9.55.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript" release="6.ule3" version="9.55.0">
+                         <filename>ghostscript-9.55.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript-tools-dvipdf" release="6.ule3" version="9.55.0">
+                         <filename>ghostscript-tools-dvipdf-9.55.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ghostscript-devel" release="6.ule3" version="9.55.0">
+                         <filename>ghostscript-devel-9.55.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ghostscript-help" release="6.ule3" version="9.55.0">
+                         <filename>ghostscript-help-9.55.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-devel" release="6.ule3" version="9.55.0">
+                         <filename>ghostscript-devel-9.55.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-debuginfo" release="6.ule3" version="9.55.0">
+                         <filename>ghostscript-debuginfo-9.55.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript" release="6.ule3" version="9.55.0">
+                         <filename>ghostscript-9.55.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-tools-dvipdf" release="6.ule3" version="9.55.0">
+                         <filename>ghostscript-tools-dvipdf-9.55.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ghostscript-debugsource" release="6.ule3" version="9.55.0">
+                         <filename>ghostscript-debugsource-9.55.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1990</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6546" id="CVE-2023-6546" title="CVE-2023-6546" type="cve"></reference>
+          </references>
+          <description>A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.(CVE-2023-6546)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.120.0.147.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.120.0.147.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.120.0.147.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1993</id>
+          <title>An update for tar is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39804" id="CVE-2023-39804" title="CVE-2023-39804" type="cve"></reference>
+          </references>
+          <description>A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.(CVE-2023-39804)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="tar" release="5.ule3" version="1.34">
+                         <filename>tar-1.34-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="tar-debuginfo" release="5.ule3" version="1.34">
+                         <filename>tar-debuginfo-1.34-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="tar-debugsource" release="5.ule3" version="1.34">
+                         <filename>tar-debugsource-1.34-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="noarch" name="tar-help" release="5.ule3" version="1.34">
+                         <filename>tar-help-1.34-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="tar-debugsource" release="5.ule3" version="1.34">
+                         <filename>tar-debugsource-1.34-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="tar" release="5.ule3" version="1.34">
+                         <filename>tar-1.34-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="tar-debuginfo" release="5.ule3" version="1.34">
+                         <filename>tar-debuginfo-1.34-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2023-1995</id>
+          <title>An update for jgit is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2023-12-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4759" id="CVE-2023-4759" title="CVE-2023-4759" type="cve"></reference>
+          </references>
+          <description>Arbitrary File Overwrite in Eclipse JGit &lt;= 6.6.0In Eclipse JGit, all versions &lt;= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.Setting git configuration option core.symlinks = false before checking out avoids the problem.The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via  Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and  repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ .The JGit maintainers would like to thank RyotaK for finding and reporting this issue.(CVE-2023-4759)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="jgit-javadoc" release="3.ule3" version="5.11.0">
+                         <filename>jgit-javadoc-5.11.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jgit" release="3.ule3" version="5.11.0">
+                         <filename>jgit-5.11.0-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1006</id>
+          <title>An update for rubygem-puma is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-41136" id="CVE-2021-41136" title="CVE-2021-41136" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-23634" id="CVE-2022-23634" title="CVE-2022-23634" type="cve"></reference>
+          </references>
+          <description>Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request&#39;s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.(CVE-2021-41136)Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails&#39; Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability.(CVE-2022-23634)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="rubygem-puma-debuginfo" release="3.ule3" version="3.12.6">
+                         <filename>rubygem-puma-debuginfo-3.12.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-puma-debugsource" release="3.ule3" version="3.12.6">
+                         <filename>rubygem-puma-debugsource-3.12.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-puma" release="3.ule3" version="3.12.6">
+                         <filename>rubygem-puma-3.12.6-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-puma-doc" release="3.ule3" version="3.12.6">
+                         <filename>rubygem-puma-doc-3.12.6-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-puma-debugsource" release="3.ule3" version="3.12.6">
+                         <filename>rubygem-puma-debugsource-3.12.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-puma" release="3.ule3" version="3.12.6">
+                         <filename>rubygem-puma-3.12.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-puma-debuginfo" release="3.ule3" version="3.12.6">
+                         <filename>rubygem-puma-debuginfo-3.12.6-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1013</id>
+          <title>An update for python-twisted is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46137" id="CVE-2023-46137" title="CVE-2023-46137" type="cve"></reference>
+          </references>
+          <description>Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.(CVE-2023-46137)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-twisted" release="2.ule3" version="22.4.0">
+                         <filename>python3-twisted-22.4.0-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-twisted-help" release="2.ule3" version="22.4.0">
+                         <filename>python-twisted-help-22.4.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-twisted" release="2.ule3" version="22.4.0">
+                         <filename>python3-twisted-22.4.0-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1017</id>
+          <title>An update for tidy is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33391" id="CVE-2021-33391" title="CVE-2021-33391" type="cve"></reference>
+          </references>
+          <description>An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.(CVE-2021-33391)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="tidy-debugsource" release="2.ule3" version="5.7.28">
+                         <filename>tidy-debugsource-5.7.28-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtidy-devel" release="2.ule3" version="5.7.28">
+                         <filename>libtidy-devel-5.7.28-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tidy" release="2.ule3" version="5.7.28">
+                         <filename>tidy-5.7.28-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libtidy" release="2.ule3" version="5.7.28">
+                         <filename>libtidy-5.7.28-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="tidy-debuginfo" release="2.ule3" version="5.7.28">
+                         <filename>tidy-debuginfo-5.7.28-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="tidy-help" release="2.ule3" version="5.7.28">
+                         <filename>tidy-help-5.7.28-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tidy" release="2.ule3" version="5.7.28">
+                         <filename>tidy-5.7.28-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tidy-debuginfo" release="2.ule3" version="5.7.28">
+                         <filename>tidy-debuginfo-5.7.28-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtidy" release="2.ule3" version="5.7.28">
+                         <filename>libtidy-5.7.28-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="tidy-debugsource" release="2.ule3" version="5.7.28">
+                         <filename>tidy-debugsource-5.7.28-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libtidy-devel" release="2.ule3" version="5.7.28">
+                         <filename>libtidy-devel-5.7.28-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1018</id>
+          <title>An update for libsass is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-26592" id="CVE-2022-26592" title="CVE-2022-26592" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-43357" id="CVE-2022-43357" title="CVE-2022-43357" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-43358" id="CVE-2022-43358" title="CVE-2022-43358" type="cve"></reference>
+          </references>
+          <description>Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.(CVE-2022-26592)Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.(CVE-2022-43357)Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).(CVE-2022-43358)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libsass" release="2.ule3" version="3.6.4">
+                         <filename>libsass-3.6.4-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsass-devel" release="2.ule3" version="3.6.4">
+                         <filename>libsass-devel-3.6.4-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsass-debugsource" release="2.ule3" version="3.6.4">
+                         <filename>libsass-debugsource-3.6.4-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libsass-debuginfo" release="2.ule3" version="3.6.4">
+                         <filename>libsass-debuginfo-3.6.4-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsass-devel" release="2.ule3" version="3.6.4">
+                         <filename>libsass-devel-3.6.4-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsass" release="2.ule3" version="3.6.4">
+                         <filename>libsass-3.6.4-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsass-debugsource" release="2.ule3" version="3.6.4">
+                         <filename>libsass-debugsource-3.6.4-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsass-debuginfo" release="2.ule3" version="3.6.4">
+                         <filename>libsass-debuginfo-3.6.4-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1019</id>
+          <title>An update for bluez is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-50230" id="CVE-2023-50230" title="CVE-2023-50230" type="cve"></reference>
+          </references>
+          <description>VUL-0: CVE-2023-50230: bluez: BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability(CVE-2023-50230)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bluez-devel" release="19.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debugsource" release="19.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-cups" release="19.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez" release="19.ule3" version="5.54">
+                         <filename>bluez-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-libs" release="19.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debuginfo" release="19.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bluez-help" release="19.ule3" version="5.54">
+                         <filename>bluez-help-5.54-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-devel" release="19.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-libs" release="19.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debuginfo" release="19.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez" release="19.ule3" version="5.54">
+                         <filename>bluez-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debugsource" release="19.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-cups" release="19.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1020</id>
+          <title>An update for systemd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-7008" id="CVE-2023-7008" title="CVE-2023-7008" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.(CVE-2023-7008)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="systemd-udev" release="64.ule3" version="249">
+                         <filename>systemd-udev-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-container" release="64.ule3" version="249">
+                         <filename>systemd-container-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-debuginfo" release="64.ule3" version="249">
+                         <filename>systemd-debuginfo-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-resolved" release="64.ule3" version="249">
+                         <filename>systemd-resolved-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd" release="64.ule3" version="249">
+                         <filename>systemd-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-devel" release="64.ule3" version="249">
+                         <filename>systemd-devel-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-networkd" release="64.ule3" version="249">
+                         <filename>systemd-networkd-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-libs" release="64.ule3" version="249">
+                         <filename>systemd-libs-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-timesyncd" release="64.ule3" version="249">
+                         <filename>systemd-timesyncd-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-pam" release="64.ule3" version="249">
+                         <filename>systemd-pam-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-debugsource" release="64.ule3" version="249">
+                         <filename>systemd-debugsource-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-nspawn" release="64.ule3" version="249">
+                         <filename>systemd-nspawn-249-64.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="systemd-help" release="64.ule3" version="249">
+                         <filename>systemd-help-249-64.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-timesyncd" release="64.ule3" version="249">
+                         <filename>systemd-timesyncd-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd" release="64.ule3" version="249">
+                         <filename>systemd-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-udev" release="64.ule3" version="249">
+                         <filename>systemd-udev-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-debugsource" release="64.ule3" version="249">
+                         <filename>systemd-debugsource-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-networkd" release="64.ule3" version="249">
+                         <filename>systemd-networkd-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-pam" release="64.ule3" version="249">
+                         <filename>systemd-pam-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-resolved" release="64.ule3" version="249">
+                         <filename>systemd-resolved-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-nspawn" release="64.ule3" version="249">
+                         <filename>systemd-nspawn-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-libs" release="64.ule3" version="249">
+                         <filename>systemd-libs-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-debuginfo" release="64.ule3" version="249">
+                         <filename>systemd-debuginfo-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-container" release="64.ule3" version="249">
+                         <filename>systemd-container-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-devel" release="64.ule3" version="249">
+                         <filename>systemd-devel-249-64.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1021</id>
+          <title>An update for espeak-ng is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-49990" id="CVE-2023-49990" title="CVE-2023-49990" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-49991" id="CVE-2023-49991" title="CVE-2023-49991" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-49992" id="CVE-2023-49992" title="CVE-2023-49992" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-49993" id="CVE-2023-49993" title="CVE-2023-49993" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-49994" id="CVE-2023-49994" title="CVE-2023-49994" type="cve"></reference>
+          </references>
+          <description>Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.(CVE-2023-49990)Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.(CVE-2023-49991)Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.(CVE-2023-49992)Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.(CVE-2023-49993)Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.(CVE-2023-49994)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="espeak-ng-debugsource" release="2.ule3" version="1.51">
+                         <filename>espeak-ng-debugsource-1.51-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="espeak-ng-devel" release="2.ule3" version="1.51">
+                         <filename>espeak-ng-devel-1.51-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="espeak-ng" release="2.ule3" version="1.51">
+                         <filename>espeak-ng-1.51-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="espeak-ng-debuginfo" release="2.ule3" version="1.51">
+                         <filename>espeak-ng-debuginfo-1.51-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="espeak-ng-help" release="2.ule3" version="1.51">
+                         <filename>espeak-ng-help-1.51-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="espeak-ng-debuginfo" release="2.ule3" version="1.51">
+                         <filename>espeak-ng-debuginfo-1.51-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="espeak-ng" release="2.ule3" version="1.51">
+                         <filename>espeak-ng-1.51-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="espeak-ng-debugsource" release="2.ule3" version="1.51">
+                         <filename>espeak-ng-debugsource-1.51-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="espeak-ng-devel" release="2.ule3" version="1.51">
+                         <filename>espeak-ng-devel-1.51-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1023</id>
+          <title>An update for metadata-extractor2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-05"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24613" id="CVE-2022-24613" title="CVE-2022-24613" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24614" id="CVE-2022-24614" title="CVE-2022-24614" type="cve"></reference>
+          </references>
+          <description>metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.(CVE-2022-24613)When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.(CVE-2022-24614)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="metadata-extractor2" release="1.ule3" version="2.18.0">
+                         <filename>metadata-extractor2-2.18.0-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="metadata-extractor2-javadoc" release="1.ule3" version="2.18.0">
+                         <filename>metadata-extractor2-javadoc-2.18.0-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1029</id>
+          <title>An update for bluez is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-50229" id="CVE-2023-50229" title="CVE-2023-50229" type="cve"></reference>
+          </references>
+          <description>VUL-0: CVE-2023-50229: bluez: BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability(CVE-2023-50229)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bluez" release="19.ule3" version="5.54">
+                         <filename>bluez-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debugsource" release="19.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-devel" release="19.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-libs" release="19.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-cups" release="19.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bluez-debuginfo" release="19.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="bluez-help" release="19.ule3" version="5.54">
+                         <filename>bluez-help-5.54-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debugsource" release="19.ule3" version="5.54">
+                         <filename>bluez-debugsource-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-debuginfo" release="19.ule3" version="5.54">
+                         <filename>bluez-debuginfo-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-cups" release="19.ule3" version="5.54">
+                         <filename>bluez-cups-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez" release="19.ule3" version="5.54">
+                         <filename>bluez-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-devel" release="19.ule3" version="5.54">
+                         <filename>bluez-devel-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bluez-libs" release="19.ule3" version="5.54">
+                         <filename>bluez-libs-5.54-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1032</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33631" id="CVE-2021-33631" title="CVE-2021-33631" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-35827" id="CVE-2023-35827" title="CVE-2023-35827" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6606" id="CVE-2023-6606" title="CVE-2023-6606" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6610" id="CVE-2023-6610" title="CVE-2023-6610" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6817" id="CVE-2023-6817" title="CVE-2023-6817" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6931" id="CVE-2023-6931" title="CVE-2023-6931" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6932" id="CVE-2023-6932" title="CVE-2023-6932" type="cve"></reference>
+          </references>
+          <description>openeuler-linux-kernel-5.10.149-ext4_write_inline_data-kernel_bug-365020(CVE-2021-33631)An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.(CVE-2023-35827)An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.(CVE-2023-6606)An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.(CVE-2023-6610)A use-after-free vulnerability in the Linux kernel&#39;s netfilter: nf_tables component can be exploited to achieve local privilege escalation.The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.(CVE-2023-6817)A heap out-of-bounds write vulnerability in the Linux kernel&#39;s Performance Events system component can be exploited to achieve local privilege escalation.A perf_event&#39;s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.(CVE-2023-6931)A use-after-free vulnerability in the Linux kernel&#39;s ipv4: igmp component can be exploited to achieve local privilege escalation.A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.(CVE-2023-6932)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.121.0.148.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.121.0.148.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.121.0.148.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1036</id>
+          <title>An update for jersey is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-28168" id="CVE-2021-28168" title="CVE-2021-28168" type="cve"></reference>
+          </references>
+          <description>Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.(CVE-2021-28168)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="jersey-test-framework" release="2.ule3" version="2.29.1">
+                         <filename>jersey-test-framework-2.29.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jersey" release="2.ule3" version="2.29.1">
+                         <filename>jersey-2.29.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jersey-javadoc" release="2.ule3" version="2.29.1">
+                         <filename>jersey-javadoc-2.29.1-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1040</id>
+          <title>An update for libssh is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6004" id="CVE-2023-6004" title="CVE-2023-6004" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6918" id="CVE-2023-6918" title="CVE-2023-6918" type="cve"></reference>
+          </references>
+          <description>A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.(CVE-2023-6004)A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.(CVE-2023-6918)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libssh-debugsource" release="8.ule3" version="0.9.6">
+                         <filename>libssh-debugsource-0.9.6-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh-debuginfo" release="8.ule3" version="0.9.6">
+                         <filename>libssh-debuginfo-0.9.6-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh" release="8.ule3" version="0.9.6">
+                         <filename>libssh-0.9.6-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh-devel" release="8.ule3" version="0.9.6">
+                         <filename>libssh-devel-0.9.6-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libssh-help" release="8.ule3" version="0.9.6">
+                         <filename>libssh-help-0.9.6-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh-debuginfo" release="8.ule3" version="0.9.6">
+                         <filename>libssh-debuginfo-0.9.6-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh" release="8.ule3" version="0.9.6">
+                         <filename>libssh-0.9.6-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh-debugsource" release="8.ule3" version="0.9.6">
+                         <filename>libssh-debugsource-0.9.6-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh-devel" release="8.ule3" version="0.9.6">
+                         <filename>libssh-devel-0.9.6-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1046</id>
+          <title>An update for python-pycryptodome is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52323" id="CVE-2023-52323" title="CVE-2023-52323" type="cve"></reference>
+          </references>
+          <description>PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.(CVE-2023-52323)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-pycryptodome-debugsource" release="1.ule3" version="3.19.1">
+                         <filename>python-pycryptodome-debugsource-3.19.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pycryptodome-debuginfo" release="1.ule3" version="3.19.1">
+                         <filename>python-pycryptodome-debuginfo-3.19.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pycryptodome" release="1.ule3" version="3.19.1">
+                         <filename>python3-pycryptodome-3.19.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pycryptodome-debuginfo" release="1.ule3" version="3.19.1">
+                         <filename>python-pycryptodome-debuginfo-3.19.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pycryptodome" release="1.ule3" version="3.19.1">
+                         <filename>python3-pycryptodome-3.19.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pycryptodome-debugsource" release="1.ule3" version="3.19.1">
+                         <filename>python-pycryptodome-debugsource-3.19.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1048</id>
+          <title>An update for proftpd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48795" id="CVE-2023-48795" title="CVE-2023-48795" type="cve"></reference>
+          </references>
+          <description>The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH&#39;s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="proftpd-ldap" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-ldap-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-sqlite" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-sqlite-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-debugsource" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-debugsource-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-debuginfo" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-debuginfo-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-devel" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-devel-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-utils" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-utils-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-postgresql" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-postgresql-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-mysql" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-mysql-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-sqlite" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-sqlite-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-mysql" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-mysql-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-debuginfo" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-debuginfo-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-postgresql" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-postgresql-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-debugsource" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-debugsource-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-devel" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-devel-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-utils" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-utils-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-ldap" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-ldap-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1050</id>
+          <title>An update for netdata is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22496" id="CVE-2023-22496" title="CVE-2023-22496" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22497" id="CVE-2023-22497" title="CVE-2023-22497" type="cve"></reference>
+          </references>
+          <description>Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function `health_alarm_execute` is called. This function performs different checks and then enqueues a command by calling `spawn_enq_cmd`. This command is populated with several arguments that are not sanitized. One of them is the `registry_hostname` of the node for which the alert is raised. By providing a specially crafted `registry_hostname` as part of the health data that is streamed to a Netdata (parent) agent, an attacker can execute arbitrary commands at the remote host as a side-effect of the raised alert. Note that the commands are executed as the user running the Netdata Agent. This user is usually named `netdata`. The ability to run arbitrary commands may allow an attacker to escalate privileges by escalating other vulnerabilities in the system, as that user. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, streaming is not enabled by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability.(CVE-2023-22496)Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has access to a Netdata Agent has access to its MACHINE_GUID. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents (children), offloading children from various functions (increased data retention, ML, health monitoring, etc) that can now be handled by the parent Agent. Configuration is done via `stream.conf`. On the parent side, users configure in `stream.conf` an API key (any random UUID can do) to provide common configuration for all children using this API key and per MACHINE GUID configuration to customize the configuration for each child. The way this was implemented, allowed an attacker to use a valid MACHINE_GUID as an API key. This affects all users who expose their Netdata Agents (children) to non-trusted users and they also expose to the same users Netdata Agent parents that aggregate data from all these children. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, do not enable streaming by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability.(CVE-2023-22497)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="netdata-freeipmi" release="1.ule3" version="1.39.1">
+                         <filename>netdata-freeipmi-1.39.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="netdata-debuginfo" release="1.ule3" version="1.39.1">
+                         <filename>netdata-debuginfo-1.39.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="netdata" release="1.ule3" version="1.39.1">
+                         <filename>netdata-1.39.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="netdata-debugsource" release="1.ule3" version="1.39.1">
+                         <filename>netdata-debugsource-1.39.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="netdata-conf" release="1.ule3" version="1.39.1">
+                         <filename>netdata-conf-1.39.1-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="netdata-data" release="1.ule3" version="1.39.1">
+                         <filename>netdata-data-1.39.1-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="netdata" release="1.ule3" version="1.39.1">
+                         <filename>netdata-1.39.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="netdata-freeipmi" release="1.ule3" version="1.39.1">
+                         <filename>netdata-freeipmi-1.39.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="netdata-debugsource" release="1.ule3" version="1.39.1">
+                         <filename>netdata-debugsource-1.39.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="netdata-debuginfo" release="1.ule3" version="1.39.1">
+                         <filename>netdata-debuginfo-1.39.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1053</id>
+          <title>An update for python-pycryptodomex is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52323" id="CVE-2023-52323" title="CVE-2023-52323" type="cve"></reference>
+          </references>
+          <description>PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.(CVE-2023-52323)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-pycryptodomex-debugsource" release="1.ule3" version="3.19.1">
+                         <filename>python-pycryptodomex-debugsource-3.19.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pycryptodomex-debuginfo" release="1.ule3" version="3.19.1">
+                         <filename>python-pycryptodomex-debuginfo-3.19.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pycryptodomex" release="1.ule3" version="3.19.1">
+                         <filename>python3-pycryptodomex-3.19.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-pycryptodomex-help" release="1.ule3" version="3.19.1">
+                         <filename>python-pycryptodomex-help-3.19.1-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pycryptodomex" release="1.ule3" version="3.19.1">
+                         <filename>python3-pycryptodomex-3.19.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pycryptodomex-debugsource" release="1.ule3" version="3.19.1">
+                         <filename>python-pycryptodomex-debugsource-3.19.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pycryptodomex-debuginfo" release="1.ule3" version="3.19.1">
+                         <filename>python-pycryptodomex-debuginfo-3.19.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1058</id>
+          <title>An update for firefox is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-7104" id="CVE-2023-7104" title="CVE-2023-7104" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.(CVE-2023-7104)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="firefox-debuginfo" release="4.ule3" version="102.15.0">
+                         <filename>firefox-debuginfo-102.15.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debugsource" release="4.ule3" version="102.15.0">
+                         <filename>firefox-debugsource-102.15.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox" release="4.ule3" version="102.15.0">
+                         <filename>firefox-102.15.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox" release="4.ule3" version="102.15.0">
+                         <filename>firefox-102.15.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debugsource" release="4.ule3" version="102.15.0">
+                         <filename>firefox-debugsource-102.15.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debuginfo" release="4.ule3" version="102.15.0">
+                         <filename>firefox-debuginfo-102.15.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1061</id>
+          <title>An update for libssh is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48795" id="CVE-2023-48795" title="CVE-2023-48795" type="cve"></reference>
+          </references>
+          <description>The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH&#39;s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libssh-debugsource" release="8.ule3" version="0.9.6">
+                         <filename>libssh-debugsource-0.9.6-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh-debuginfo" release="8.ule3" version="0.9.6">
+                         <filename>libssh-debuginfo-0.9.6-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh" release="8.ule3" version="0.9.6">
+                         <filename>libssh-0.9.6-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh-devel" release="8.ule3" version="0.9.6">
+                         <filename>libssh-devel-0.9.6-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libssh-help" release="8.ule3" version="0.9.6">
+                         <filename>libssh-help-0.9.6-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh-debuginfo" release="8.ule3" version="0.9.6">
+                         <filename>libssh-debuginfo-0.9.6-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh" release="8.ule3" version="0.9.6">
+                         <filename>libssh-0.9.6-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh-debugsource" release="8.ule3" version="0.9.6">
+                         <filename>libssh-debugsource-0.9.6-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh-devel" release="8.ule3" version="0.9.6">
+                         <filename>libssh-devel-0.9.6-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1063</id>
+          <title>An update for sqlite is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-7104" id="CVE-2023-7104" title="CVE-2023-7104" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.(CVE-2023-7104)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sqlite-debuginfo" release="7.ule3" version="3.37.2">
+                         <filename>sqlite-debuginfo-3.37.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite-devel" release="7.ule3" version="3.37.2">
+                         <filename>sqlite-devel-3.37.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite-debugsource" release="7.ule3" version="3.37.2">
+                         <filename>sqlite-debugsource-3.37.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sqlite" release="7.ule3" version="3.37.2">
+                         <filename>sqlite-3.37.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sqlite-help" release="7.ule3" version="3.37.2">
+                         <filename>sqlite-help-3.37.2-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite" release="7.ule3" version="3.37.2">
+                         <filename>sqlite-3.37.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-debuginfo" release="7.ule3" version="3.37.2">
+                         <filename>sqlite-debuginfo-3.37.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-devel" release="7.ule3" version="3.37.2">
+                         <filename>sqlite-devel-3.37.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sqlite-debugsource" release="7.ule3" version="3.37.2">
+                         <filename>sqlite-debugsource-3.37.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1070</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0208" id="CVE-2024-0208" title="CVE-2024-0208" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0209" id="CVE-2024-0209" title="CVE-2024-0209" type="cve"></reference>
+          </references>
+          <description>GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file(CVE-2024-0208)IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file(CVE-2024-0209)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="6.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="6.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="6.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="6.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="6.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="6.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="6.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="6.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="6.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="6.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1071</id>
+          <title>An update for sudo is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-42465" id="CVE-2023-42465" title="CVE-2023-42465" type="cve"></reference>
+          </references>
+          <description>Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.(CVE-2023-42465)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="sudo" release="15.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debuginfo" release="15.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-debugsource" release="15.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="sudo-devel" release="15.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-15.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="sudo-help" release="15.ule3" version="1.9.8p2">
+                         <filename>sudo-help-1.9.8p2-15.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debugsource" release="15.ule3" version="1.9.8p2">
+                         <filename>sudo-debugsource-1.9.8p2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-debuginfo" release="15.ule3" version="1.9.8p2">
+                         <filename>sudo-debuginfo-1.9.8p2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo-devel" release="15.ule3" version="1.9.8p2">
+                         <filename>sudo-devel-1.9.8p2-15.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="sudo" release="15.ule3" version="1.9.8p2">
+                         <filename>sudo-1.9.8p2-15.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1072</id>
+          <title>An update for testng is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-4065" id="CVE-2022-4065" title="CVE-2022-4065" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.(CVE-2022-4065)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="testng-javadoc" release="7.ule3" version="6.14.3">
+                         <filename>testng-javadoc-6.14.3-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="testng" release="7.ule3" version="6.14.3">
+                         <filename>testng-6.14.3-7.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1074</id>
+          <title>An update for containernetworking-plugins is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24534" id="CVE-2023-24534" title="CVE-2023-24534" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24536" id="CVE-2023-24536" title="CVE-2023-24536" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24537" id="CVE-2023-24537" title="CVE-2023-24537" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24538" id="CVE-2023-24538" title="CVE-2023-24538" type="cve"></reference>
+          </references>
+          <description>HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.(CVE-2023-24534)Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.(CVE-2023-24536)Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.(CVE-2023-24537)Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. &#34;var a = {{.}}&#34;), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.(CVE-2023-24538)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="containernetworking-plugins" release="4.ule3" version="1.1.1">
+                         <filename>containernetworking-plugins-1.1.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="containernetworking-plugins-unit-test-devel" release="4.ule3" version="1.1.1">
+                         <filename>containernetworking-plugins-unit-test-devel-1.1.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="containernetworking-plugins-devel" release="4.ule3" version="1.1.1">
+                         <filename>containernetworking-plugins-devel-1.1.1-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="containernetworking-plugins" release="4.ule3" version="1.1.1">
+                         <filename>containernetworking-plugins-1.1.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="containernetworking-plugins-unit-test-devel" release="4.ule3" version="1.1.1">
+                         <filename>containernetworking-plugins-unit-test-devel-1.1.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1075</id>
+          <title>An update for proftpd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-51713" id="CVE-2023-51713" title="CVE-2023-51713" type="cve"></reference>
+          </references>
+          <description>make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.(CVE-2023-51713)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="proftpd-ldap" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-ldap-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-debuginfo" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-debuginfo-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-devel" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-devel-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-postgresql" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-postgresql-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-utils" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-utils-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-debugsource" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-debugsource-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-mysql" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-mysql-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="proftpd-sqlite" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-sqlite-1.3.8b-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-devel" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-devel-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-sqlite" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-sqlite-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-ldap" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-ldap-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-debugsource" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-debugsource-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-utils" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-utils-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-postgresql" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-postgresql-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-mysql" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-mysql-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="proftpd-debuginfo" release="3.ule3" version="1.3.8b">
+                         <filename>proftpd-debuginfo-1.3.8b-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1076</id>
+          <title>An update for mongo-c-driver is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0437" id="CVE-2023-0437" title="CVE-2023-0437" type="cve"></reference>
+          </references>
+          <description>When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.(CVE-2023-0437)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libbson" release="7.ule3" version="1.13.1">
+                         <filename>libbson-1.13.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mongo-c-driver-debugsource" release="7.ule3" version="1.13.1">
+                         <filename>mongo-c-driver-debugsource-1.13.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mongo-c-driver-debuginfo" release="7.ule3" version="1.13.1">
+                         <filename>mongo-c-driver-debuginfo-1.13.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mongo-c-driver" release="7.ule3" version="1.13.1">
+                         <filename>mongo-c-driver-1.13.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libbson-devel" release="7.ule3" version="1.13.1">
+                         <filename>libbson-devel-1.13.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mongo-c-driver-help" release="7.ule3" version="1.13.1">
+                         <filename>mongo-c-driver-help-1.13.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mongo-c-driver-devel" release="7.ule3" version="1.13.1">
+                         <filename>mongo-c-driver-devel-1.13.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libbson-devel" release="7.ule3" version="1.13.1">
+                         <filename>libbson-devel-1.13.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mongo-c-driver" release="7.ule3" version="1.13.1">
+                         <filename>mongo-c-driver-1.13.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mongo-c-driver-debuginfo" release="7.ule3" version="1.13.1">
+                         <filename>mongo-c-driver-debuginfo-1.13.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mongo-c-driver-debugsource" release="7.ule3" version="1.13.1">
+                         <filename>mongo-c-driver-debugsource-1.13.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mongo-c-driver-help" release="7.ule3" version="1.13.1">
+                         <filename>mongo-c-driver-help-1.13.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libbson" release="7.ule3" version="1.13.1">
+                         <filename>libbson-1.13.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mongo-c-driver-devel" release="7.ule3" version="1.13.1">
+                         <filename>mongo-c-driver-devel-1.13.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1077</id>
+          <title>An update for rear is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-23301" id="CVE-2024-23301" title="CVE-2024-23301" type="cve"></reference>
+          </references>
+          <description>Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.(CVE-2024-23301)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="rear-help" release="5.ule3" version="2.4">
+                         <filename>rear-help-2.4-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rear" release="5.ule3" version="2.4">
+                         <filename>rear-2.4-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1078</id>
+          <title>An update for libexif is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-0452" id="CVE-2020-0452" title="CVE-2020-0452" type="cve"></reference>
+          </references>
+          <description>In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731(CVE-2020-0452)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libexif-devel" release="5.ule3" version="0.6.22">
+                         <filename>libexif-devel-0.6.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libexif" release="5.ule3" version="0.6.22">
+                         <filename>libexif-0.6.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libexif-debugsource" release="5.ule3" version="0.6.22">
+                         <filename>libexif-debugsource-0.6.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libexif-debuginfo" release="5.ule3" version="0.6.22">
+                         <filename>libexif-debuginfo-0.6.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libexif-help" release="5.ule3" version="0.6.22">
+                         <filename>libexif-help-0.6.22-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libexif-debugsource" release="5.ule3" version="0.6.22">
+                         <filename>libexif-debugsource-0.6.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libexif-devel" release="5.ule3" version="0.6.22">
+                         <filename>libexif-devel-0.6.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libexif" release="5.ule3" version="0.6.22">
+                         <filename>libexif-0.6.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libexif-debuginfo" release="5.ule3" version="0.6.22">
+                         <filename>libexif-debuginfo-0.6.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1079</id>
+          <title>An update for apache-sshd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-35887" id="CVE-2023-35887" title="CVE-2023-35887" type="cve"></reference>
+          </references>
+          <description>Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover &#34;exists/does not exist&#34; information about items outside the rooted tree via paths including parent navigation (&#34;..&#34;) beyond the root, or involving symlinks.This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10(CVE-2023-35887)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="apache-sshd-javadoc" release="2.ule3" version="2.9.2">
+                         <filename>apache-sshd-javadoc-2.9.2-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="apache-sshd" release="2.ule3" version="2.9.2">
+                         <filename>apache-sshd-2.9.2-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1082</id>
+          <title>An update for python-paramiko is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48795" id="CVE-2023-48795" title="CVE-2023-48795" type="cve"></reference>
+          </references>
+          <description>The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH&#39;s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-paramiko-help" release="3.ule3" version="2.11.0">
+                         <filename>python-paramiko-help-2.11.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-paramiko" release="3.ule3" version="2.11.0">
+                         <filename>python3-paramiko-2.11.0-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1085</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-51779" id="CVE-2023-51779" title="CVE-2023-51779" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-51780" id="CVE-2023-51780" title="CVE-2023-51780" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-51781" id="CVE-2023-51781" title="CVE-2023-51781" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-51782" id="CVE-2023-51782" title="CVE-2023-51782" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6121" id="CVE-2023-6121" title="CVE-2023-6121" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the bt_sock_recvmsg() and bt_sock_ioctl() functions could lead to a use-after-free on a socket buffer (&#34;skb&#34;). This flaw allows a local user to cause a denial of service condition or potential code execution.(CVE-2023-51779)An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.(CVE-2023-51780)An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.(CVE-2023-51781)An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.(CVE-2023-51782)An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).(CVE-2023-6121)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.122.0.149.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.122.0.149.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.122.0.149.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1093</id>
+          <title>An update for gnutls is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0553" id="CVE-2024-0553" title="CVE-2024-0553" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0567" id="CVE-2024-0567" title="CVE-2024-0567" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.(CVE-2024-0553)A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.(CVE-2024-0567)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gnutls" release="10.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debugsource" release="10.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debuginfo" release="10.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-devel" release="10.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-utils" release="10.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gnutls-help" release="10.ule3" version="3.7.2">
+                         <filename>gnutls-help-3.7.2-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls" release="10.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-devel" release="10.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-utils" release="10.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debuginfo" release="10.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debugsource" release="10.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1096</id>
+          <title>An update for pam is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-22365" id="CVE-2024-22365" title="CVE-2024-22365" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.(CVE-2024-22365)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="pam" release="7.ule3" version="1.5.2">
+                         <filename>pam-1.5.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pam-devel" release="7.ule3" version="1.5.2">
+                         <filename>pam-devel-1.5.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pam-debugsource" release="7.ule3" version="1.5.2">
+                         <filename>pam-debugsource-1.5.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pam-debuginfo" release="7.ule3" version="1.5.2">
+                         <filename>pam-debuginfo-1.5.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="pam-help" release="7.ule3" version="1.5.2">
+                         <filename>pam-help-1.5.2-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pam-debugsource" release="7.ule3" version="1.5.2">
+                         <filename>pam-debugsource-1.5.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pam" release="7.ule3" version="1.5.2">
+                         <filename>pam-1.5.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pam-debuginfo" release="7.ule3" version="1.5.2">
+                         <filename>pam-debuginfo-1.5.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pam-devel" release="7.ule3" version="1.5.2">
+                         <filename>pam-devel-1.5.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1097</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6040" id="CVE-2023-6040" title="CVE-2023-6040" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0565" id="CVE-2024-0565" title="CVE-2024-0565" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0607" id="CVE-2024-0607" title="CVE-2024-0607" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.(CVE-2023-6040)An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.(CVE-2024-0565)A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.(CVE-2024-0607)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1098</id>
+          <title>An update for python-pillow is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-50447" id="CVE-2023-50447" title="CVE-2023-50447" type="cve"></reference>
+          </references>
+          <description>Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).(CVE-2023-50447)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-pillow-qt" release="6.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-tk" release="6.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-devel" release="6.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pillow-debuginfo" release="6.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pillow-debugsource" release="6.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow" release="6.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-pillow-help" release="6.ule3" version="9.0.1">
+                         <filename>python3-pillow-help-9.0.1-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debuginfo" release="6.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-devel" release="6.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow" release="6.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-qt" release="6.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-tk" release="6.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debugsource" release="6.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1099</id>
+          <title>An update for openjdk-11 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20918" id="CVE-2024-20918" title="CVE-2024-20918" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20926" id="CVE-2024-20926" title="CVE-2024-20926" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20945" id="CVE-2024-20945" title="CVE-2024-20945" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20952" id="CVE-2024-20952" title="CVE-2024-20952" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-20918)Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2024-20926)Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).(CVE-2024-20945)Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-20952)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debugsource" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-debugsource-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-javadoc-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-jmods-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-demo-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debuginfo" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-debuginfo-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc-zip" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-devel-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-src-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-headless-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc-zip" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-devel-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-jmods-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-headless-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-demo-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-javadoc-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debugsource" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-debugsource-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-src-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debuginfo" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-debuginfo-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1100</id>
+          <title>An update for tomcat is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-24998" id="CVE-2023-24998" title="CVE-2023-24998" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28709" id="CVE-2023-28709" title="CVE-2023-28709" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-42795" id="CVE-2023-42795" title="CVE-2023-42795" type="cve"></reference>
+          </references>
+          <description>Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.Note that, like all of the file upload limits, the          new configuration option (FileUploadBase#setFileCountMax) is not          enabled by default and must be explicitly configured.(CVE-2023-24998)The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.(CVE-2023-28709)Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.(CVE-2023-42795)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="tomcat-jsvc" release="31.ule3" version="9.0.10">
+                         <filename>tomcat-jsvc-9.0.10-31.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat-help" release="31.ule3" version="9.0.10">
+                         <filename>tomcat-help-9.0.10-31.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat" release="31.ule3" version="9.0.10">
+                         <filename>tomcat-9.0.10-31.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1101</id>
+          <title>An update for apache-sshd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48795" id="CVE-2023-48795" title="CVE-2023-48795" type="cve"></reference>
+          </references>
+          <description>The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH&#39;s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="apache-sshd-javadoc" release="3.ule3" version="2.9.2">
+                         <filename>apache-sshd-javadoc-2.9.2-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="apache-sshd" release="3.ule3" version="2.9.2">
+                         <filename>apache-sshd-2.9.2-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1102</id>
+          <title>An update for xorg-x11-server is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6816" id="CVE-2023-6816" title="CVE-2023-6816" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0229" id="CVE-2024-0229" title="CVE-2024-0229" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0408" id="CVE-2024-0408" title="CVE-2024-0408" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0409" id="CVE-2024-0409" title="CVE-2024-0409" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-21885" id="CVE-2024-21885" title="CVE-2024-21885" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-21886" id="CVE-2024-21886" title="CVE-2024-21886" type="cve"></reference>
+          </references>
+          <description>A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device&#39;s particular number of buttons, leading to a heap overflow if a bigger value was used.(CVE-2023-6816)An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.(CVE-2024-0229)A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.(CVE-2024-0408)A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.(CVE-2024-0409)A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.(CVE-2024-21885)A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.(CVE-2024-21886)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xorg-x11-server-devel" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xdmx" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debugsource" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-common" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debuginfo" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xnest" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xephyr" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xvfb" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-25.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-source" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-source-1.20.11-25.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-help" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-help-1.20.11-25.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xvfb" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xnest" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debuginfo" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xdmx" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xephyr" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-common" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-devel" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-25.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debugsource" release="25.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-25.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1103</id>
+          <title>An update for mysql-connector-java is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-2471" id="CVE-2021-2471" title="CVE-2021-2471" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-21363" id="CVE-2022-21363" title="CVE-2022-21363" type="cve"></reference>
+          </references>
+          <description>Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).(CVE-2021-2471)Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).(CVE-2022-21363)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="mysql-connector-java" release="1.ule3" version="8.0.30">
+                         <filename>mysql-connector-java-8.0.30-1.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1105</id>
+          <title>An update for grafana is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32148" id="CVE-2022-32148" title="CVE-2022-32148" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39325" id="CVE-2023-39325" title="CVE-2023-39325" type="cve"></reference>
+          </references>
+          <description>Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.(CVE-2022-32148)A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="grafana" release="6.ule3" version="7.5.15">
+                         <filename>grafana-7.5.15-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="grafana-debuginfo" release="6.ule3" version="7.5.15">
+                         <filename>grafana-debuginfo-7.5.15-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grafana" release="6.ule3" version="7.5.15">
+                         <filename>grafana-7.5.15-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="grafana-debuginfo" release="6.ule3" version="7.5.15">
+                         <filename>grafana-debuginfo-7.5.15-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1106</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48619" id="CVE-2022-48619" title="CVE-2022-48619" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0340" id="CVE-2024-0340" title="CVE-2024-0340" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0641" id="CVE-2024-0641" title="CVE-2024-0641" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.(CVE-2022-48619)A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.(CVE-2024-0340)A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.(CVE-2024-0641)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.123.0.150.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="5" arch="x86_64" name="kernel-source" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.123.0.150.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.123.0.150.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1107</id>
+          <title>An update for tomcat is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-01-30"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-21733" id="CVE-2024-21733" title="CVE-2024-21733" type="cve"></reference>
+          </references>
+          <description>Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.(CVE-2024-21733)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="tomcat-help" release="31.ule3" version="9.0.10">
+                         <filename>tomcat-help-9.0.10-31.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat" release="31.ule3" version="9.0.10">
+                         <filename>tomcat-9.0.10-31.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="tomcat-jsvc" release="31.ule3" version="9.0.10">
+                         <filename>tomcat-jsvc-9.0.10-31.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1108</id>
+          <title>An update for freerdp is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-22211" id="CVE-2024-22211" title="CVE-2024-22211" type="cve"></reference>
+          </references>
+          <description>FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.(CVE-2024-22211)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="freerdp-debugsource" release="2.ule3" version="2.11.1">
+                         <filename>freerdp-debugsource-2.11.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-help" release="2.ule3" version="2.11.1">
+                         <filename>freerdp-help-2.11.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-devel" release="2.ule3" version="2.11.1">
+                         <filename>freerdp-devel-2.11.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp-debuginfo" release="2.ule3" version="2.11.1">
+                         <filename>freerdp-debuginfo-2.11.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr-devel" release="2.ule3" version="2.11.1">
+                         <filename>libwinpr-devel-2.11.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="libwinpr" release="2.ule3" version="2.11.1">
+                         <filename>libwinpr-2.11.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="freerdp" release="2.ule3" version="2.11.1">
+                         <filename>freerdp-2.11.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr" release="2.ule3" version="2.11.1">
+                         <filename>libwinpr-2.11.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-devel" release="2.ule3" version="2.11.1">
+                         <filename>freerdp-devel-2.11.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debugsource" release="2.ule3" version="2.11.1">
+                         <filename>freerdp-debugsource-2.11.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="libwinpr-devel" release="2.ule3" version="2.11.1">
+                         <filename>libwinpr-devel-2.11.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp" release="2.ule3" version="2.11.1">
+                         <filename>freerdp-2.11.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-help" release="2.ule3" version="2.11.1">
+                         <filename>freerdp-help-2.11.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="freerdp-debuginfo" release="2.ule3" version="2.11.1">
+                         <filename>freerdp-debuginfo-2.11.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1111</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46343" id="CVE-2023-46343" title="CVE-2023-46343" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-51042" id="CVE-2023-51042" title="CVE-2023-51042" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-22705" id="CVE-2024-22705" title="CVE-2024-22705" type="cve"></reference>
+          </references>
+          <description>In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.(CVE-2023-46343)In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.(CVE-2023-51042)An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.(CVE-2024-22705)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.124.0.151.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.124.0.151.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.124.0.151.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1117</id>
+          <title>An update for shim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40547" id="CVE-2023-40547" title="CVE-2023-40547" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40548" id="CVE-2023-40548" title="CVE-2023-40548" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40549" id="CVE-2023-40549" title="CVE-2023-40549" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40550" id="CVE-2023-40550" title="CVE-2023-40550" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40551" id="CVE-2023-40551" title="CVE-2023-40551" type="cve"></reference>
+          </references>
+          <description>A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise.(CVE-2023-40547)A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.(CVE-2023-40548)An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.(CVE-2023-40549)An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system&#39;s boot phase.(CVE-2023-40550)A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system&#39;s boot phase.(CVE-2023-40551)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="shim" release="13.ule3" version="15.4">
+                         <filename>shim-15.4-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debugsource" release="13.ule3" version="15.4">
+                         <filename>shim-debugsource-15.4-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debuginfo" release="13.ule3" version="15.4">
+                         <filename>shim-debuginfo-15.4-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shim" release="13.ule3" version="15.4">
+                         <filename>shim-15.4-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1121</id>
+          <title>An update for jruby is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28756" id="CVE-2023-28756" title="CVE-2023-28756" type="cve"></reference>
+          </references>
+          <description>A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.(CVE-2023-28756)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="jruby-devel" release="4.ule3" version="1.7.22">
+                         <filename>jruby-devel-1.7.22-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jruby-javadoc" release="4.ule3" version="1.7.22">
+                         <filename>jruby-javadoc-1.7.22-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="jruby" release="4.ule3" version="1.7.22">
+                         <filename>jruby-1.7.22-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1122</id>
+          <title>An update for erlang is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48795" id="CVE-2023-48795" title="CVE-2023-48795" type="cve"></reference>
+          </references>
+          <description>The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH&#39;s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="erlang-kernel" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-kernel-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-et" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-et-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-examples" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-examples-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-compiler" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-compiler-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-erl_interface" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-erl_interface-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-inets" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-inets-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-diameter" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-diameter-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-ssh" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-ssh-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-eunit" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-eunit-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-wx" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-wx-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-syntax_tools" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-syntax_tools-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-dialyzer" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-dialyzer-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-jinterface" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-jinterface-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-observer" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-observer-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-hipe" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-hipe-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-tools" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-tools-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-os_mon" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-os_mon-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-erts" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-erts-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-debugger" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-debugger-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-edoc" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-edoc-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-sasl" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-sasl-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-snmp" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-snmp-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-xmerl" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-xmerl-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-common_test" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-common_test-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-erl_docgen" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-erl_docgen-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-tftp" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-tftp-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-stdlib" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-stdlib-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-reltool" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-reltool-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-debuginfo" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-debuginfo-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-mnesia" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-mnesia-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-crypto" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-crypto-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-runtime_tools" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-runtime_tools-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-debugsource" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-debugsource-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-asn1" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-asn1-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-odbc" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-odbc-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-ftp" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-ftp-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-eldap" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-eldap-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-parsetools" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-parsetools-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-megaco" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-megaco-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-ssl" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-ssl-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="erlang-public_key" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-public_key-23.3.4.9-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-dialyzer" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-dialyzer-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-sasl" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-sasl-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-snmp" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-snmp-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-et" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-et-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-eldap" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-eldap-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-tftp" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-tftp-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-ftp" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-ftp-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-erl_docgen" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-erl_docgen-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-tools" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-tools-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-eunit" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-eunit-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-observer" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-observer-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-runtime_tools" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-runtime_tools-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-debuginfo" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-debuginfo-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-syntax_tools" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-syntax_tools-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-hipe" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-hipe-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-ssl" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-ssl-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-diameter" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-diameter-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-wx" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-wx-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-debugsource" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-debugsource-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-crypto" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-crypto-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-edoc" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-edoc-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-jinterface" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-jinterface-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-reltool" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-reltool-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-debugger" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-debugger-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-mnesia" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-mnesia-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-examples" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-examples-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-erts" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-erts-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-xmerl" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-xmerl-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-common_test" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-common_test-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-asn1" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-asn1-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-parsetools" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-parsetools-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-megaco" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-megaco-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-compiler" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-compiler-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-os_mon" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-os_mon-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-stdlib" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-stdlib-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-inets" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-inets-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-public_key" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-public_key-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-kernel" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-kernel-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-odbc" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-odbc-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-ssh" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-ssh-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="erlang-erl_interface" release="4.ule3" version="23.3.4.9">
+                         <filename>erlang-erl_interface-23.3.4.9-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1124</id>
+          <title>An update for squid is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-23638" id="CVE-2024-23638" title="CVE-2024-23638" type="cve"></reference>
+          </references>
+          <description>Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid&#39;s patch archives. As a workaround, prevent access to Cache Manager using Squid&#39;s main access control: `http_access deny manager`.(CVE-2024-23638)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="7" arch="aarch64" name="squid-debuginfo" release="23.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid" release="23.ule3" version="4.9">
+                         <filename>squid-4.9-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debugsource" release="23.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-23.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debugsource" release="23.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debuginfo" release="23.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-23.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid" release="23.ule3" version="4.9">
+                         <filename>squid-4.9-23.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1125</id>
+          <title>An update for ncurses is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45918" id="CVE-2023-45918" title="CVE-2023-45918" type="cve"></reference>
+          </references>
+          <description>A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function tgetstr. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-45918)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ncurses-devel" release="8.ule3" version="6.3">
+                         <filename>ncurses-devel-6.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-libs" release="8.ule3" version="6.3">
+                         <filename>ncurses-libs-6.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-compat-libs" release="8.ule3" version="6.3">
+                         <filename>ncurses-compat-libs-6.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-debuginfo" release="8.ule3" version="6.3">
+                         <filename>ncurses-debuginfo-6.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-debugsource" release="8.ule3" version="6.3">
+                         <filename>ncurses-debugsource-6.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses" release="8.ule3" version="6.3">
+                         <filename>ncurses-6.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ncurses-help" release="8.ule3" version="6.3">
+                         <filename>ncurses-help-6.3-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ncurses-base" release="8.ule3" version="6.3">
+                         <filename>ncurses-base-6.3-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-libs" release="8.ule3" version="6.3">
+                         <filename>ncurses-libs-6.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses" release="8.ule3" version="6.3">
+                         <filename>ncurses-6.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-compat-libs" release="8.ule3" version="6.3">
+                         <filename>ncurses-compat-libs-6.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-debuginfo" release="8.ule3" version="6.3">
+                         <filename>ncurses-debuginfo-6.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-debugsource" release="8.ule3" version="6.3">
+                         <filename>ncurses-debugsource-6.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-devel" release="8.ule3" version="6.3">
+                         <filename>ncurses-devel-6.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ncurses-help" release="8.ule3" version="6.3">
+                         <filename>ncurses-help-6.3-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1126</id>
+          <title>An update for containerd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39325" id="CVE-2023-39325" title="CVE-2023-39325" type="cve"></reference>
+          </references>
+          <description>A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="containerd" release="316.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-316.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="containerd" release="316.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-316.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1127</id>
+          <title>An update for openjdk-1.8.0 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20918" id="CVE-2024-20918" title="CVE-2024-20918" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20919" id="CVE-2024-20919" title="CVE-2024-20919" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20921" id="CVE-2024-20921" title="CVE-2024-20921" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20922" id="CVE-2024-20922" title="CVE-2024-20922" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20923" id="CVE-2024-20923" title="CVE-2024-20923" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20925" id="CVE-2024-20925" title="CVE-2024-20925" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20926" id="CVE-2024-20926" title="CVE-2024-20926" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20945" id="CVE-2024-20945" title="CVE-2024-20945" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20952" id="CVE-2024-20952" title="CVE-2024-20952" type="cve"></reference>
+          </references>
+          <description></description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-src" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debuginfo" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-demo" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-devel-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-debugsource" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-accessibility" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-headless-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.402.b06-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-javadoc-1.8.0.402.b06-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="java-1.8.0-openjdk-javadoc-zip" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-javadoc-zip-1.8.0.402.b06-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debuginfo" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-debuginfo-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-headless-slowdebug-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-src-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-demo-slowdebug-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-headless" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-headless-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-slowdebug-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-src-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-src-slowdebug-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-devel-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-accessibility" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-accessibility-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-devel-slowdebug" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-devel-slowdebug-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-demo" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-demo-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-openjfx-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-openjfx-devel" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-openjfx-devel-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-1.8.0-openjdk-debugsource" release="1.ule3" version="1.8.0.402.b06">
+                         <filename>java-1.8.0-openjdk-debugsource-1.8.0.402.b06-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1128</id>
+          <title>An update for python-jinja2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-02"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-22195" id="CVE-2024-22195" title="CVE-2024-22195" type="cve"></reference>
+          </references>
+          <description>Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.(CVE-2024-22195)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-jinja2" release="3.ule3" version="3.0.3">
+                         <filename>python3-jinja2-3.0.3-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-jinja2-help" release="3.ule3" version="3.0.3">
+                         <filename>python-jinja2-help-3.0.3-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1136</id>
+          <title>An update for nodejs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0464" id="CVE-2023-0464" title="CVE-2023-0464" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0465" id="CVE-2023-0465" title="CVE-2023-0465" type="cve"></reference>
+          </references>
+          <description>A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints.  Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy&#39; argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()&#39; function.(CVE-2023-0464)Applications that use a non-default option when verifying certificates may bevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for that certificate.A malicious CA could use this to deliberately assert invalid certificate policiesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy&#39; argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()&#39; function.(CVE-2023-0465)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="nodejs-libs" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-libs-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-full-i18n" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-full-i18n-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-debugsource" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-debugsource-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="npm" release="1.12.22.11.9.ule3" version="6.14.16">
+                         <filename>npm-6.14.16-1.12.22.11.9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-debuginfo" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-debuginfo-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="v8-devel" release="1.12.22.11.9.ule3" version="7.8.279.23">
+                         <filename>v8-devel-7.8.279.23-1.12.22.11.9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-devel" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-devel-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="nodejs-docs" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-docs-12.22.11-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-devel" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-devel-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-debuginfo" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-debuginfo-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-debugsource" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-debugsource-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="npm" release="1.12.22.11.9.ule3" version="6.14.16">
+                         <filename>npm-6.14.16-1.12.22.11.9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-libs" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-libs-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="v8-devel" release="1.12.22.11.9.ule3" version="7.8.279.23">
+                         <filename>v8-devel-7.8.279.23-1.12.22.11.9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-full-i18n" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-full-i18n-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1142</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-51043" id="CVE-2023-51043" title="CVE-2023-51043" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6531" id="CVE-2023-6531" title="CVE-2023-6531" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6915" id="CVE-2023-6915" title="CVE-2023-6915" type="cve"></reference>
+          </references>
+          <description>In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.(CVE-2023-51043)A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector&#39;s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.(CVE-2023-6531)A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.(CVE-2023-6915)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.125.0.152.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.125.0.152.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.125.0.152.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1146</id>
+          <title>An update for rubygem-actionpack is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22792" id="CVE-2023-22792" title="CVE-2023-22792" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-22795" id="CVE-2023-22795" title="CVE-2023-22795" type="cve"></reference>
+          </references>
+          <description>A regular expression based DoS vulnerability in Action Dispatch &lt;6.0.6.1,&lt; 6.1.7.1, and &lt;7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22792)A regular expression based DoS vulnerability in Action Dispatch &lt;6.1.7.1 and &lt;7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22795)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="noarch" name="rubygem-actionpack" release="3.ule3" version="6.1.4.1">
+                         <filename>rubygem-actionpack-6.1.4.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="rubygem-actionpack-doc" release="3.ule3" version="6.1.4.1">
+                         <filename>rubygem-actionpack-doc-6.1.4.1-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1147</id>
+          <title>An update for openssl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0727" id="CVE-2024-0727" title="CVE-2024-0727" type="cve"></reference>
+          </references>
+          <description>Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format from untrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come from anuntrusted source. The PKCS12 specification allows certain fields to be NULL, butOpenSSL does not correctly check for this case. This can lead to a NULL pointerdereference that results in OpenSSL crashing. If an application processes PKCS12files from an untrusted source using the OpenSSL APIs then that application willbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However since thisfunction is related to writing data we do not consider it security significant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.(CVE-2024-0727)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="openssl" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debugsource" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-libs" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-devel" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-debuginfo" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="openssl-perl" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-26.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="openssl-help" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-help-1.1.1m-26.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debugsource" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-debugsource-1.1.1m-26.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-libs" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-libs-1.1.1m-26.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-perl" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-perl-1.1.1m-26.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-1.1.1m-26.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-devel" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-devel-1.1.1m-26.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="openssl-debuginfo" release="26.ule3" version="1.1.1m">
+                         <filename>openssl-debuginfo-1.1.1m-26.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1148</id>
+          <title>An update for three-eight-nine-ds-base is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-1062" id="CVE-2024-1062" title="CVE-2024-1062" type="cve"></reference>
+          </references>
+          <description>A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.(CVE-2024-1062)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="389-ds-base-help" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-help-1.4.3.36-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base-legacy-tools" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-legacy-tools-1.4.3.36-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base-debuginfo" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-debuginfo-1.4.3.36-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base-snmp" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-snmp-1.4.3.36-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-1.4.3.36-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base-debugsource" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-debugsource-1.4.3.36-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="389-ds-base-devel" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-devel-1.4.3.36-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="cockpit-389-ds" release="5.ule3" version="1.4.3.36">
+                         <filename>cockpit-389-ds-1.4.3.36-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-lib389" release="5.ule3" version="1.4.3.36">
+                         <filename>python3-lib389-1.4.3.36-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-snmp" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-snmp-1.4.3.36-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-devel" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-devel-1.4.3.36-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-legacy-tools" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-legacy-tools-1.4.3.36-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-debugsource" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-debugsource-1.4.3.36-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-help" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-help-1.4.3.36-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base-debuginfo" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-debuginfo-1.4.3.36-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="389-ds-base" release="5.ule3" version="1.4.3.36">
+                         <filename>389-ds-base-1.4.3.36-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1151</id>
+          <title>An update for openjdk-11 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20919" id="CVE-2024-20919" title="CVE-2024-20919" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-20921" id="CVE-2024-20921" title="CVE-2024-20921" type="cve"></reference>
+          </references>
+          <description>Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.(CVE-2024-20919)Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.(CVE-2024-20921)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-devel" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-devel-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-jmods-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-javadoc-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-demo-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-jmods-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-src-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debuginfo" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-debuginfo-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-debugsource" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-debugsource-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-headless-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-src-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-headless-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-javadoc-zip" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-demo-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="java-11-openjdk-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-slowdebug-11.0.22.7-0.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc-zip" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-javadoc-zip-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-demo-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-devel-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-headless-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-jmods-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-src-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-jmods-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-jmods-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debuginfo" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-debuginfo-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-demo" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-demo-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-javadoc" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-javadoc-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-debugsource" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-debugsource-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-headless-slowdebug" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-headless-slowdebug-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-src" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-src-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="java-11-openjdk-devel" release="0.ule3" version="11.0.22.7">
+                         <filename>java-11-openjdk-devel-11.0.22.7-0.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1157</id>
+          <title>An update for zbar is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40889" id="CVE-2023-40889" title="CVE-2023-40889" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-40890" id="CVE-2023-40890" title="CVE-2023-40890" type="cve"></reference>
+          </references>
+          <description>A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.(CVE-2023-40889)A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.(CVE-2023-40890)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="zbar-debugsource" release="5.ule3" version="0.22">
+                         <filename>zbar-debugsource-0.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zbar-gtk" release="5.ule3" version="0.22">
+                         <filename>zbar-gtk-0.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zbar" release="5.ule3" version="0.22">
+                         <filename>zbar-0.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zbar-debuginfo" release="5.ule3" version="0.22">
+                         <filename>zbar-debuginfo-0.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zbar-qt" release="5.ule3" version="0.22">
+                         <filename>zbar-qt-0.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zbar-qt-devel" release="5.ule3" version="0.22">
+                         <filename>zbar-qt-devel-0.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zbar-gtk-devel" release="5.ule3" version="0.22">
+                         <filename>zbar-gtk-devel-0.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="zbar-devel" release="5.ule3" version="0.22">
+                         <filename>zbar-devel-0.22-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zbar-qt-devel" release="5.ule3" version="0.22">
+                         <filename>zbar-qt-devel-0.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zbar" release="5.ule3" version="0.22">
+                         <filename>zbar-0.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zbar-debugsource" release="5.ule3" version="0.22">
+                         <filename>zbar-debugsource-0.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zbar-qt" release="5.ule3" version="0.22">
+                         <filename>zbar-qt-0.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zbar-debuginfo" release="5.ule3" version="0.22">
+                         <filename>zbar-debuginfo-0.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zbar-gtk-devel" release="5.ule3" version="0.22">
+                         <filename>zbar-gtk-devel-0.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zbar-devel" release="5.ule3" version="0.22">
+                         <filename>zbar-devel-0.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="zbar-gtk" release="5.ule3" version="0.22">
+                         <filename>zbar-gtk-0.22-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1161</id>
+          <title>An update for qt5-qtbase is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-51714" id="CVE-2023-51714" title="CVE-2023-51714" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.(CVE-2023-51714)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qt5-qtbase-devel" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-gui" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-static" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debuginfo" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-private-devel" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-debugsource" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-postgresql" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-odbc" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-examples" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qt5-qtbase-mysql" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="qt5-qtbase-common" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-common-5.15.2-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-examples" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-examples-5.15.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-devel" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-devel-5.15.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debuginfo" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debuginfo-5.15.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-postgresql" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-postgresql-5.15.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-debugsource" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-debugsource-5.15.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-static" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-static-5.15.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-gui" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-gui-5.15.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-mysql" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-mysql-5.15.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-private-devel" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-private-devel-5.15.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase-odbc" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-odbc-5.15.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qt5-qtbase" release="14.ule3" version="5.15.2">
+                         <filename>qt5-qtbase-5.15.2-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1162</id>
+          <title>An update for squid is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-25617" id="CVE-2024-25617" title="CVE-2024-25617" type="cve"></reference>
+          </references>
+          <description>Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2(CVE-2024-25617)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="7" arch="aarch64" name="squid-debuginfo" release="24.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid" release="24.ule3" version="4.9">
+                         <filename>squid-4.9-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="aarch64" name="squid-debugsource" release="24.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-24.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debugsource" release="24.ule3" version="4.9">
+                         <filename>squid-debugsource-4.9-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid" release="24.ule3" version="4.9">
+                         <filename>squid-4.9-24.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="7" arch="x86_64" name="squid-debuginfo" release="24.ule3" version="4.9">
+                         <filename>squid-debuginfo-4.9-24.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1165</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24680" id="CVE-2024-24680" title="CVE-2024-24680" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.(CVE-2024-24680)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python3-Django" release="10.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-django-help" release="10.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-10.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1171</id>
+          <title>An update for nodejs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-44487" id="CVE-2023-44487" title="CVE-2023-44487" type="cve"></reference>
+          </references>
+          <description>The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="v8-devel" release="1.12.22.11.9.ule3" version="7.8.279.23">
+                         <filename>v8-devel-7.8.279.23-1.12.22.11.9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-full-i18n" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-full-i18n-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-libs" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-libs-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="npm" release="1.12.22.11.9.ule3" version="6.14.16">
+                         <filename>npm-6.14.16-1.12.22.11.9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-debuginfo" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-debuginfo-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-debugsource" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-debugsource-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="nodejs-devel" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-devel-12.22.11-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="nodejs-docs" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-docs-12.22.11-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="v8-devel" release="1.12.22.11.9.ule3" version="7.8.279.23">
+                         <filename>v8-devel-7.8.279.23-1.12.22.11.9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-debuginfo" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-debuginfo-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="npm" release="1.12.22.11.9.ule3" version="6.14.16">
+                         <filename>npm-6.14.16-1.12.22.11.9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-debugsource" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-debugsource-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-full-i18n" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-full-i18n-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-libs" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-libs-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="nodejs-devel" release="9.ule3" version="12.22.11">
+                         <filename>nodejs-devel-12.22.11-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1174</id>
+          <title>An update for freeglut is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24258" id="CVE-2024-24258" title="CVE-2024-24258" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24259" id="CVE-2024-24259" title="CVE-2024-24259" type="cve"></reference>
+          </references>
+          <description>freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.(CVE-2024-24258)freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.(CVE-2024-24259)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="freeglut-debuginfo" release="12.ule3" version="3.0.0">
+                         <filename>freeglut-debuginfo-3.0.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeglut-devel" release="12.ule3" version="3.0.0">
+                         <filename>freeglut-devel-3.0.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeglut-help" release="12.ule3" version="3.0.0">
+                         <filename>freeglut-help-3.0.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeglut-debugsource" release="12.ule3" version="3.0.0">
+                         <filename>freeglut-debugsource-3.0.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freeglut" release="12.ule3" version="3.0.0">
+                         <filename>freeglut-3.0.0-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeglut-debuginfo" release="12.ule3" version="3.0.0">
+                         <filename>freeglut-debuginfo-3.0.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeglut-help" release="12.ule3" version="3.0.0">
+                         <filename>freeglut-help-3.0.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeglut-debugsource" release="12.ule3" version="3.0.0">
+                         <filename>freeglut-debugsource-3.0.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeglut" release="12.ule3" version="3.0.0">
+                         <filename>freeglut-3.0.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freeglut-devel" release="12.ule3" version="3.0.0">
+                         <filename>freeglut-devel-3.0.0-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1180</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46838" id="CVE-2023-46838" title="CVE-2023-46838" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52340" id="CVE-2023-52340" title="CVE-2023-52340" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0639" id="CVE-2024-0639" title="CVE-2024-0639" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0841" id="CVE-2024-0841" title="CVE-2024-0841" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-1086" id="CVE-2024-1086" title="CVE-2024-1086" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-23849" id="CVE-2024-23849" title="CVE-2024-23849" type="cve"></reference>
+          </references>
+          <description>Transmit requests in Xen&#39;s virtual network protocol can consist ofmultiple parts.  While not really useful, except for the initial partany of them may be of zero length, i.e. carry no data at all.  Besides acertain initial portion of the to be transferred data, these parts aredirectly translated into what Linux calls SKB fragments.  Such convertedrequest parts can, when for a particular SKB they are all of lengthzero, lead to a de-reference of NULL in core networking code.(CVE-2023-46838)A flaw in the routing table size was found in the ICMPv6 handling of &#34;Packet Too Big&#34;. The size of the routing table is regulated by periodic garbage collection. However, with &#34;Packet Too Big Messages&#34; it is possible to exceed the routing table size and garbage collector threshold. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.(CVE-2023-52340)A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.(CVE-2024-0639)A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.(CVE-2024-0841)A use-after-free vulnerability in the Linux kernel&#39;s netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.(CVE-2024-1086)In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.(CVE-2024-23849)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.126.0.153.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.126.0.153.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.126.0.153.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1181</id>
+          <title>An update for containerd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41723" id="CVE-2022-41723" title="CVE-2022-41723" type="cve"></reference>
+          </references>
+          <description>A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="containerd" release="317.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-317.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="containerd" release="317.ule3" version="1.2.0">
+                         <filename>containerd-1.2.0-317.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1182</id>
+          <title>An update for runc is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-21626" id="CVE-2024-21626" title="CVE-2024-21626" type="cve"></reference>
+          </references>
+          <description>runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (&#34;attack 2&#34;). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (&#34;attack 1&#34;). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (&#34;attack 3a&#34; and &#34;attack 3b&#34;). runc 1.1.12 includes patches for this issue.(CVE-2024-21626)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="docker-runc" release="321.ule3" version="1.0.0.rc3">
+                         <filename>docker-runc-1.0.0.rc3-321.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="docker-runc" release="321.ule3" version="1.0.0.rc3">
+                         <filename>docker-runc-1.0.0.rc3-321.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1183</id>
+          <title>An update for libxml2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-25062" id="CVE-2024-25062" title="CVE-2024-25062" type="cve"></reference>
+          </references>
+          <description>An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.(CVE-2024-25062)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libxml2-debugsource" release="19.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2" release="19.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-debuginfo" release="19.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-libxml2" release="19.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libxml2-devel" release="19.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-19.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libxml2-help" release="19.ule3" version="2.9.12">
+                         <filename>libxml2-help-2.9.12-19.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debuginfo" release="19.ule3" version="2.9.12">
+                         <filename>libxml2-debuginfo-2.9.12-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-debugsource" release="19.ule3" version="2.9.12">
+                         <filename>libxml2-debugsource-2.9.12-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-libxml2" release="19.ule3" version="2.9.12">
+                         <filename>python3-libxml2-2.9.12-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2-devel" release="19.ule3" version="2.9.12">
+                         <filename>libxml2-devel-2.9.12-19.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libxml2" release="19.ule3" version="2.9.12">
+                         <filename>libxml2-2.9.12-19.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1186</id>
+          <title>An update for shim is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0464" id="CVE-2023-0464" title="CVE-2023-0464" type="cve"></reference>
+          </references>
+          <description>A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints.  Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy&#39; argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()&#39; function.(CVE-2023-0464)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="shim" release="13.ule3" version="15.4">
+                         <filename>shim-15.4-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debuginfo" release="13.ule3" version="15.4">
+                         <filename>shim-debuginfo-15.4-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debugsource" release="13.ule3" version="15.4">
+                         <filename>shim-debugsource-15.4-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shim" release="13.ule3" version="15.4">
+                         <filename>shim-15.4-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1188</id>
+          <title>An update for libgit2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24577" id="CVE-2024-24577" title="CVE-2024-24577" type="cve"></reference>
+          </references>
+          <description>libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.(CVE-2024-24577)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libgit2-debugsource" release="8.ule3" version="0.27.8">
+                         <filename>libgit2-debugsource-0.27.8-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgit2-devel" release="8.ule3" version="0.27.8">
+                         <filename>libgit2-devel-0.27.8-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgit2-debuginfo" release="8.ule3" version="0.27.8">
+                         <filename>libgit2-debuginfo-0.27.8-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgit2" release="8.ule3" version="0.27.8">
+                         <filename>libgit2-0.27.8-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgit2-debugsource" release="8.ule3" version="0.27.8">
+                         <filename>libgit2-debugsource-0.27.8-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgit2-devel" release="8.ule3" version="0.27.8">
+                         <filename>libgit2-devel-0.27.8-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgit2-debuginfo" release="8.ule3" version="0.27.8">
+                         <filename>libgit2-debuginfo-0.27.8-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgit2" release="8.ule3" version="0.27.8">
+                         <filename>libgit2-0.27.8-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1189</id>
+          <title>An update for varnish is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-44487" id="CVE-2023-44487" title="CVE-2023-44487" type="cve"></reference>
+          </references>
+          <description>The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="varnish-devel" release="1.ule3" version="7.4.2">
+                         <filename>varnish-devel-7.4.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish" release="1.ule3" version="7.4.2">
+                         <filename>varnish-7.4.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debuginfo" release="1.ule3" version="7.4.2">
+                         <filename>varnish-debuginfo-7.4.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debugsource" release="1.ule3" version="7.4.2">
+                         <filename>varnish-debugsource-7.4.2-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="varnish-help" release="1.ule3" version="7.4.2">
+                         <filename>varnish-help-7.4.2-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debugsource" release="1.ule3" version="7.4.2">
+                         <filename>varnish-debugsource-7.4.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debuginfo" release="1.ule3" version="7.4.2">
+                         <filename>varnish-debuginfo-7.4.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-devel" release="1.ule3" version="7.4.2">
+                         <filename>varnish-devel-7.4.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish" release="1.ule3" version="7.4.2">
+                         <filename>varnish-7.4.2-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1190</id>
+          <title>An update for ansible is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0690" id="CVE-2024-0690" title="CVE-2024-0690" type="cve"></reference>
+          </references>
+          <description>An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.(CVE-2024-0690)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="ansible-help" release="4.ule3" version="2.9.27">
+                         <filename>ansible-help-2.9.27-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ansible" release="4.ule3" version="2.9.27">
+                         <filename>ansible-2.9.27-4.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1191</id>
+          <title>An update for mod_auth_openidc is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24814" id="CVE-2024-24814" title="CVE-2024-24814" type="cve"></reference>
+          </references>
+          <description>mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal security audit has been conducted and the reviewers found that if they manipulated the value of the mod_auth_openidc_session_chunks cookie to a very large integer, like 99999999, the server struggles with the request for a long time and finally gets back with a 500 error. Making a few requests of this kind caused our server to become unresponsive. Attackers can craft requests that would make the server work very hard (and possibly become unresponsive) and/or crash with minimal effort. This issue has been addressed in version 2.4.15.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-24814)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mod_auth_openidc-debugsource" release="1.ule3" version="2.4.15.3">
+                         <filename>mod_auth_openidc-debugsource-2.4.15.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_auth_openidc" release="1.ule3" version="2.4.15.3">
+                         <filename>mod_auth_openidc-2.4.15.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_auth_openidc-debuginfo" release="1.ule3" version="2.4.15.3">
+                         <filename>mod_auth_openidc-debuginfo-2.4.15.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_auth_openidc" release="1.ule3" version="2.4.15.3">
+                         <filename>mod_auth_openidc-2.4.15.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_auth_openidc-debuginfo" release="1.ule3" version="2.4.15.3">
+                         <filename>mod_auth_openidc-debuginfo-2.4.15.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_auth_openidc-debugsource" release="1.ule3" version="2.4.15.3">
+                         <filename>mod_auth_openidc-debugsource-2.4.15.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1199</id>
+          <title>An update for indent is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0911" id="CVE-2024-0911" title="CVE-2024-0911" type="cve"></reference>
+          </references>
+          <description>A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.(CVE-2024-0911)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="indent-debugsource" release="30.ule3" version="2.2.11">
+                         <filename>indent-debugsource-2.2.11-30.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="indent-debuginfo" release="30.ule3" version="2.2.11">
+                         <filename>indent-debuginfo-2.2.11-30.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="indent" release="30.ule3" version="2.2.11">
+                         <filename>indent-2.2.11-30.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="indent-help" release="30.ule3" version="2.2.11">
+                         <filename>indent-help-2.2.11-30.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="indent-debuginfo" release="30.ule3" version="2.2.11">
+                         <filename>indent-debuginfo-2.2.11-30.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="indent" release="30.ule3" version="2.2.11">
+                         <filename>indent-2.2.11-30.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="indent-debugsource" release="30.ule3" version="2.2.11">
+                         <filename>indent-debugsource-2.2.11-30.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1200</id>
+          <title>An update for libuv is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24806" id="CVE-2024-24806" title="CVE-2024-24806" type="cve"></reference>
+          </references>
+          <description>libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-24806)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="libuv-debuginfo" release="6.ule3" version="1.42.0">
+                         <filename>libuv-debuginfo-1.42.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="libuv-devel" release="6.ule3" version="1.42.0">
+                         <filename>libuv-devel-1.42.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="libuv" release="6.ule3" version="1.42.0">
+                         <filename>libuv-1.42.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="libuv-debugsource" release="6.ule3" version="1.42.0">
+                         <filename>libuv-debugsource-1.42.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="libuv-help" release="6.ule3" version="1.42.0">
+                         <filename>libuv-help-1.42.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libuv-debuginfo" release="6.ule3" version="1.42.0">
+                         <filename>libuv-debuginfo-1.42.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libuv-debugsource" release="6.ule3" version="1.42.0">
+                         <filename>libuv-debugsource-1.42.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libuv-devel" release="6.ule3" version="1.42.0">
+                         <filename>libuv-devel-1.42.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libuv" release="6.ule3" version="1.42.0">
+                         <filename>libuv-1.42.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1206</id>
+          <title>An update for rust is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24577" id="CVE-2024-24577" title="CVE-2024-24577" type="cve"></reference>
+          </references>
+          <description>libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.(CVE-2024-24577)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="rust" release="3.ule3" version="1.60.0">
+                         <filename>rust-1.60.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rust-debugsource" release="3.ule3" version="1.60.0">
+                         <filename>rust-debugsource-1.60.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rls" release="3.ule3" version="1.60.0">
+                         <filename>rls-1.60.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="clippy" release="3.ule3" version="1.60.0">
+                         <filename>clippy-1.60.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rust-debuginfo" release="3.ule3" version="1.60.0">
+                         <filename>rust-debuginfo-1.60.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rust-help" release="3.ule3" version="1.60.0">
+                         <filename>rust-help-1.60.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rust-analysis" release="3.ule3" version="1.60.0">
+                         <filename>rust-analysis-1.60.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rust-std-static" release="3.ule3" version="1.60.0">
+                         <filename>rust-std-static-1.60.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rustfmt" release="3.ule3" version="1.60.0">
+                         <filename>rustfmt-1.60.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="cargo" release="3.ule3" version="1.60.0">
+                         <filename>cargo-1.60.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rust-gdb" release="3.ule3" version="1.60.0">
+                         <filename>rust-gdb-1.60.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rust-debugger-common" release="3.ule3" version="1.60.0">
+                         <filename>rust-debugger-common-1.60.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rust-lldb" release="3.ule3" version="1.60.0">
+                         <filename>rust-lldb-1.60.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rust-src" release="3.ule3" version="1.60.0">
+                         <filename>rust-src-1.60.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rust-analysis" release="3.ule3" version="1.60.0">
+                         <filename>rust-analysis-1.60.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="cargo" release="3.ule3" version="1.60.0">
+                         <filename>cargo-1.60.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rust-debuginfo" release="3.ule3" version="1.60.0">
+                         <filename>rust-debuginfo-1.60.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="clippy" release="3.ule3" version="1.60.0">
+                         <filename>clippy-1.60.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rls" release="3.ule3" version="1.60.0">
+                         <filename>rls-1.60.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rustfmt" release="3.ule3" version="1.60.0">
+                         <filename>rustfmt-1.60.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rust" release="3.ule3" version="1.60.0">
+                         <filename>rust-1.60.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rust-std-static" release="3.ule3" version="1.60.0">
+                         <filename>rust-std-static-1.60.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rust-help" release="3.ule3" version="1.60.0">
+                         <filename>rust-help-1.60.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rust-debugsource" release="3.ule3" version="1.60.0">
+                         <filename>rust-debugsource-1.60.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1207</id>
+          <title>An update for openvswitch is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3966" id="CVE-2023-3966" title="CVE-2023-3966" type="cve"></reference>
+          </references>
+          <description>A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.(CVE-2023-3966)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openvswitch" release="7.ule3" version="2.12.4">
+                         <filename>openvswitch-2.12.4-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-debuginfo" release="7.ule3" version="2.12.4">
+                         <filename>openvswitch-debuginfo-2.12.4-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-help" release="7.ule3" version="2.12.4">
+                         <filename>openvswitch-help-2.12.4-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-devel" release="7.ule3" version="2.12.4">
+                         <filename>openvswitch-devel-2.12.4-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-debugsource" release="7.ule3" version="2.12.4">
+                         <filename>openvswitch-debugsource-2.12.4-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debuginfo" release="7.ule3" version="2.12.4">
+                         <filename>openvswitch-debuginfo-2.12.4-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debugsource" release="7.ule3" version="2.12.4">
+                         <filename>openvswitch-debugsource-2.12.4-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-devel" release="7.ule3" version="2.12.4">
+                         <filename>openvswitch-devel-2.12.4-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch" release="7.ule3" version="2.12.4">
+                         <filename>openvswitch-2.12.4-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-help" release="7.ule3" version="2.12.4">
+                         <filename>openvswitch-help-2.12.4-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1208</id>
+          <title>An update for jss is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-4213" id="CVE-2021-4213" title="CVE-2021-4213" type="cve"></reference>
+          </references>
+          <description>A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.(CVE-2021-4213)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="jss-debuginfo" release="1.ule3" version="4.9.3">
+                         <filename>jss-debuginfo-4.9.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="jss-help" release="1.ule3" version="4.9.3">
+                         <filename>jss-help-4.9.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="jss" release="1.ule3" version="4.9.3">
+                         <filename>jss-4.9.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="jss-debugsource" release="1.ule3" version="4.9.3">
+                         <filename>jss-debugsource-4.9.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jss-help" release="1.ule3" version="4.9.3">
+                         <filename>jss-help-4.9.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jss-debugsource" release="1.ule3" version="4.9.3">
+                         <filename>jss-debugsource-4.9.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jss" release="1.ule3" version="4.9.3">
+                         <filename>jss-4.9.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jss-debuginfo" release="1.ule3" version="4.9.3">
+                         <filename>jss-debuginfo-4.9.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1209</id>
+          <title>An update for graphviz is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2024-02-23"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46045" id="CVE-2023-46045" title="CVE-2023-46045" type="cve"></reference>
+          </references>
+          <description>Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.(CVE-2023-46045)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="graphviz-debuginfo" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-debuginfo-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-ruby" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-ruby-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-python3" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-python3-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-debugsource" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-debugsource-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-java" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-java-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-guile" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-guile-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-docs" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-docs-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-gd" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-gd-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-lua" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-lua-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-perl" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-perl-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-ocaml" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-ocaml-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-tcl" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-tcl-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-graphs" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-graphs-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="graphviz-devel" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-devel-2.48.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-ruby" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-ruby-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-perl" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-perl-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-docs" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-docs-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-devel" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-devel-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-guile" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-guile-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-debugsource" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-debugsource-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-debuginfo" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-debuginfo-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-ocaml" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-ocaml-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-java" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-java-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-graphs" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-graphs-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-gd" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-gd-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-lua" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-lua-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-python3" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-python3-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="graphviz-tcl" release="5.ule3" version="2.48.0">
+                         <filename>graphviz-tcl-2.48.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1210</id>
+          <title>An update for unbound is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-50387" id="CVE-2023-50387" title="CVE-2023-50387" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-50868" id="CVE-2023-50868" title="CVE-2023-50868" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-1488" id="CVE-2024-1488" title="CVE-2024-1488" type="cve"></reference>
+          </references>
+          <description>Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the &#34;KeyTrap&#34; issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.(CVE-2023-50387)The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the &#34;NSEC3&#34; issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.(CVE-2023-50868)A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.(CVE-2024-1488)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="unbound-libs" release="10.ule3" version="1.13.2">
+                         <filename>unbound-libs-1.13.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-debugsource" release="10.ule3" version="1.13.2">
+                         <filename>unbound-debugsource-1.13.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-help" release="10.ule3" version="1.13.2">
+                         <filename>unbound-help-1.13.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-devel" release="10.ule3" version="1.13.2">
+                         <filename>unbound-devel-1.13.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound-debuginfo" release="10.ule3" version="1.13.2">
+                         <filename>unbound-debuginfo-1.13.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-unbound" release="10.ule3" version="1.13.2">
+                         <filename>python3-unbound-1.13.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unbound" release="10.ule3" version="1.13.2">
+                         <filename>unbound-1.13.2-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-devel" release="10.ule3" version="1.13.2">
+                         <filename>unbound-devel-1.13.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-help" release="10.ule3" version="1.13.2">
+                         <filename>unbound-help-1.13.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-debuginfo" release="10.ule3" version="1.13.2">
+                         <filename>unbound-debuginfo-1.13.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-libs" release="10.ule3" version="1.13.2">
+                         <filename>unbound-libs-1.13.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-unbound" release="10.ule3" version="1.13.2">
+                         <filename>python3-unbound-1.13.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound" release="10.ule3" version="1.13.2">
+                         <filename>unbound-1.13.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unbound-debugsource" release="10.ule3" version="1.13.2">
+                         <filename>unbound-debugsource-1.13.2-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1211</id>
+          <title>An update for firefox is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-3479" id="CVE-2022-3479" title="CVE-2022-3479" type="cve"></reference>
+          </references>
+          <description>A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.(CVE-2022-3479)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="firefox" release="5.ule3" version="102.15.0">
+                         <filename>firefox-102.15.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debugsource" release="5.ule3" version="102.15.0">
+                         <filename>firefox-debugsource-102.15.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debuginfo" release="5.ule3" version="102.15.0">
+                         <filename>firefox-debuginfo-102.15.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debuginfo" release="5.ule3" version="102.15.0">
+                         <filename>firefox-debuginfo-102.15.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debugsource" release="5.ule3" version="102.15.0">
+                         <filename>firefox-debugsource-102.15.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox" release="5.ule3" version="102.15.0">
+                         <filename>firefox-102.15.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1215</id>
+          <title>An update for OpenEXR is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5841" id="CVE-2023-5841" title="CVE-2023-5841" type="cve"></reference>
+          </references>
+          <description>Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.(CVE-2023-5841)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="OpenEXR" release="2.ule3" version="3.1.5">
+                         <filename>OpenEXR-3.1.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-libs" release="2.ule3" version="3.1.5">
+                         <filename>OpenEXR-libs-3.1.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-debugsource" release="2.ule3" version="3.1.5">
+                         <filename>OpenEXR-debugsource-3.1.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-devel" release="2.ule3" version="3.1.5">
+                         <filename>OpenEXR-devel-3.1.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="OpenEXR-debuginfo" release="2.ule3" version="3.1.5">
+                         <filename>OpenEXR-debuginfo-3.1.5-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-debuginfo" release="2.ule3" version="3.1.5">
+                         <filename>OpenEXR-debuginfo-3.1.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-debugsource" release="2.ule3" version="3.1.5">
+                         <filename>OpenEXR-debugsource-3.1.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-libs" release="2.ule3" version="3.1.5">
+                         <filename>OpenEXR-libs-3.1.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR" release="2.ule3" version="3.1.5">
+                         <filename>OpenEXR-3.1.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="OpenEXR-devel" release="2.ule3" version="3.1.5">
+                         <filename>OpenEXR-devel-3.1.5-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1219</id>
+          <title>An update for less is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48624" id="CVE-2022-48624" title="CVE-2022-48624" type="cve"></reference>
+          </references>
+          <description>close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.(CVE-2022-48624)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="less-debugsource" release="5.ule3" version="590">
+                         <filename>less-debugsource-590-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="less-debuginfo" release="5.ule3" version="590">
+                         <filename>less-debuginfo-590-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="less" release="5.ule3" version="590">
+                         <filename>less-590-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="less-help" release="5.ule3" version="590">
+                         <filename>less-help-590-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="less" release="5.ule3" version="590">
+                         <filename>less-590-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="less-debugsource" release="5.ule3" version="590">
+                         <filename>less-debugsource-590-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="less-debuginfo" release="5.ule3" version="590">
+                         <filename>less-debuginfo-590-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1223</id>
+          <title>An update for shim is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0465" id="CVE-2023-0465" title="CVE-2023-0465" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2650" id="CVE-2023-2650" title="CVE-2023-2650" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3446" id="CVE-2023-3446" title="CVE-2023-3446" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0727" id="CVE-2024-0727" title="CVE-2024-0727" type="cve"></reference>
+          </references>
+          <description>Applications that use a non-default option when verifying certificates may bevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for that certificate.A malicious CA could use this to deliberately assert invalid certificate policiesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy&#39; argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()&#39; function.(CVE-2023-0465)Issue summary: Processing some specially crafted ASN.1 object identifiers ordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no messagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit.  OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens or hundredsof KiBs), the translation to a decimal number in text may take a very longtime.  The time complexity is O(n^2) with &#39;n&#39; being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced.  This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols to specifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL.  If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS.  It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer&#39;s certificate chain.  Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates.  This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause for concern,and the severity is therefore considered low.(CVE-2023-2650)Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One of thosechecks confirms that the modulus (&#39;p&#39; parameter) is not too large. Trying to usea very large modulus is slow and OpenSSL will not normally use a modulus whichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key or parametersthat have been supplied. Some of those checks use the supplied modulus valueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the &#39;-check&#39; option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3446)Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format from untrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come from anuntrusted source. The PKCS12 specification allows certain fields to be NULL, butOpenSSL does not correctly check for this case. This can lead to a NULL pointerdereference that results in OpenSSL crashing. If an application processes PKCS12files from an untrusted source using the OpenSSL APIs then that application willbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However since thisfunction is related to writing data we do not consider it security significant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.(CVE-2024-0727)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="shim" release="14.ule3" version="15.4">
+                         <filename>shim-15.4-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debuginfo" release="14.ule3" version="15.4">
+                         <filename>shim-debuginfo-15.4-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="shim-debugsource" release="14.ule3" version="15.4">
+                         <filename>shim-debugsource-15.4-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="shim" release="14.ule3" version="15.4">
+                         <filename>shim-15.4-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1228</id>
+          <title>An update for fontforge is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-25081" id="CVE-2024-25081" title="CVE-2024-25081" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-25082" id="CVE-2024-25082" title="CVE-2024-25082" type="cve"></reference>
+          </references>
+          <description>Splinefont in FontForge through 20230101 allows command injection via crafted filenames.(CVE-2024-25081)Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.(CVE-2024-25082)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="fontforge-devel" release="8.ule3" version="20200314">
+                         <filename>fontforge-devel-20200314-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fontforge" release="8.ule3" version="20200314">
+                         <filename>fontforge-20200314-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fontforge-debugsource" release="8.ule3" version="20200314">
+                         <filename>fontforge-debugsource-20200314-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="fontforge-debuginfo" release="8.ule3" version="20200314">
+                         <filename>fontforge-debuginfo-20200314-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="fontforge-help" release="8.ule3" version="20200314">
+                         <filename>fontforge-help-20200314-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fontforge" release="8.ule3" version="20200314">
+                         <filename>fontforge-20200314-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fontforge-debugsource" release="8.ule3" version="20200314">
+                         <filename>fontforge-debugsource-20200314-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fontforge-devel" release="8.ule3" version="20200314">
+                         <filename>fontforge-devel-20200314-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="fontforge-debuginfo" release="8.ule3" version="20200314">
+                         <filename>fontforge-debuginfo-20200314-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1236</id>
+          <title>An update for xerces-c is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2018-1311" id="CVE-2018-1311" title="CVE-2018-1311" type="cve"></reference>
+          </references>
+          <description>The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.(CVE-2018-1311)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xerces-c" release="5.ule3" version="3.2.2">
+                         <filename>xerces-c-3.2.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xerces-c-devel" release="5.ule3" version="3.2.2">
+                         <filename>xerces-c-devel-3.2.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xerces-c-debugsource" release="5.ule3" version="3.2.2">
+                         <filename>xerces-c-debugsource-3.2.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xerces-c-debuginfo" release="5.ule3" version="3.2.2">
+                         <filename>xerces-c-debuginfo-3.2.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xerces-c-help" release="5.ule3" version="3.2.2">
+                         <filename>xerces-c-help-3.2.2-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xerces-c-devel" release="5.ule3" version="3.2.2">
+                         <filename>xerces-c-devel-3.2.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xerces-c-debuginfo" release="5.ule3" version="3.2.2">
+                         <filename>xerces-c-debuginfo-3.2.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xerces-c-debugsource" release="5.ule3" version="3.2.2">
+                         <filename>xerces-c-debugsource-3.2.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xerces-c" release="5.ule3" version="3.2.2">
+                         <filename>xerces-c-3.2.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1237</id>
+          <title>An update for postgresql-jdbc is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-1597" id="CVE-2024-1597" title="CVE-2024-1597" type="cve"></reference>
+          </references>
+          <description>pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.(CVE-2024-1597)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="postgresql-jdbc-javadoc" release="3.ule3" version="42.4.1">
+                         <filename>postgresql-jdbc-javadoc-42.4.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="postgresql-jdbc" release="3.ule3" version="42.4.1">
+                         <filename>postgresql-jdbc-42.4.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="postgresql-jdbc-help" release="3.ule3" version="42.4.1">
+                         <filename>postgresql-jdbc-help-42.4.1-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1238</id>
+          <title>An update for edk2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0464" id="CVE-2023-0464" title="CVE-2023-0464" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0465" id="CVE-2023-0465" title="CVE-2023-0465" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0466" id="CVE-2023-0466" title="CVE-2023-0466" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-2650" id="CVE-2023-2650" title="CVE-2023-2650" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3446" id="CVE-2023-3446" title="CVE-2023-3446" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-0727" id="CVE-2024-0727" title="CVE-2024-0727" type="cve"></reference>
+          </references>
+          <description>A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints.  Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy&#39; argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()&#39; function.(CVE-2023-0464)Applications that use a non-default option when verifying certificates may bevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for that certificate.A malicious CA could use this to deliberately assert invalid certificate policiesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy&#39; argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()&#39; function.(CVE-2023-0465)The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments it wasdecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.(CVE-2023-0466)Issue summary: Processing some specially crafted ASN.1 object identifiers ordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no messagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit.  OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens or hundredsof KiBs), the translation to a decimal number in text may take a very longtime.  The time complexity is O(n^2) with &#39;n&#39; being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced.  This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols to specifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL.  If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS.  It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer&#39;s certificate chain.  Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates.  This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause for concern,and the severity is therefore considered low.(CVE-2023-2650)Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One of thosechecks confirms that the modulus (&#39;p&#39; parameter) is not too large. Trying to usea very large modulus is slow and OpenSSL will not normally use a modulus whichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key or parametersthat have been supplied. Some of those checks use the supplied modulus valueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the &#39;-check&#39; option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3446)Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format from untrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come from anuntrusted source. The PKCS12 specification allows certain fields to be NULL, butOpenSSL does not correctly check for this case. This can lead to a NULL pointerdereference that results in OpenSSL crashing. If an application processes PKCS12files from an untrusted source using the OpenSSL APIs then that application willbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However since thisfunction is related to writing data we do not consider it security significant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.(CVE-2024-0727)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="edk2-debugsource" release="14.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-devel" release="14.ule3" version="202011">
+                         <filename>edk2-devel-202011-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-debuginfo" release="14.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-14.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-aarch64" release="14.ule3" version="202011">
+                         <filename>edk2-aarch64-202011-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-edk2-devel" release="14.ule3" version="202011">
+                         <filename>python3-edk2-devel-202011-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-help" release="14.ule3" version="202011">
+                         <filename>edk2-help-202011-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-ovmf" release="14.ule3" version="202011">
+                         <filename>edk2-ovmf-202011-14.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debugsource" release="14.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debuginfo" release="14.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-14.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-devel" release="14.ule3" version="202011">
+                         <filename>edk2-devel-202011-14.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1241</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-01"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52435" id="CVE-2023-52435" title="CVE-2023-52435" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-23196" id="CVE-2024-23196" title="CVE-2024-23196" type="cve"></reference>
+          </references>
+          <description>In the Linux kernel, the following vulnerability has been resolved:net: prevent mss overflow in skb_segment()Once again syzbot is able to crash the kernel in skb_segment() [1]GSO_BY_FRAGS is a forbidden value, but unfortunately the followingcomputation in skb_segment() can reach it quite easily :&#x9;mss = mss * partial_segs;65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead toa bad final result.Make sure to limit segmentation so that the new mss value is smallerthan GSO_BY_FRAGS.[1]general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASANKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]CPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 &lt;0f&gt; b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00RSP: 0018:ffffc900043473d0 EFLAGS: 00010202RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070RBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffffR10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0R13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046FS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400Call Trace:&lt;TASK&gt;udp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109ipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120skb_mac_gso_segment+0x290/0x610 net/core/gso.c:53__skb_gso_segment+0x339/0x710 net/core/gso.c:124skb_gso_segment include/net/gso.h:83 [inline]validate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626__dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338dev_queue_xmit include/linux/netdevice.h:3134 [inline]packet_xmit+0x257/0x380 net/packet/af_packet.c:276packet_snd net/packet/af_packet.c:3087 [inline]packet_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119sock_sendmsg_nosec net/socket.c:730 [inline]__sock_sendmsg+0xd5/0x180 net/socket.c:745__sys_sendto+0x255/0x340 net/socket.c:2190__do_sys_sendto net/socket.c:2202 [inline]__se_sys_sendto net/socket.c:2198 [inline]__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198do_syscall_x64 arch/x86/entry/common.c:52 [inline]do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83entry_SYSCALL_64_after_hwframe+0x63/0x6bRIP: 0033:0x7f8692032aa9Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48RSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002cRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9RDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003RBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480R13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003&lt;/TASK&gt;Modules linked in:---[ end trace 0000000000000000 ]---RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 &lt;0f&gt; b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00RSP: 0018:ffffc900043473d0 EFLAGS: 00010202RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070RBP: ffffc90004347578 R0---truncated---(CVE-2023-52435)A race condition was found in the Linux kernel&#39;s sound/hda  device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.(CVE-2024-23196)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.127.0.154.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.127.0.154.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.127.0.154.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1247</id>
+          <title>An update for atril is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52076" id="CVE-2023-52076" title="CVE-2023-52076" type="cve"></reference>
+          </references>
+          <description>Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn&#39;t stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.(CVE-2023-52076)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="atril-debugsource" release="3.ule3" version="1.22.3">
+                         <filename>atril-debugsource-1.22.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="atril-devel" release="3.ule3" version="1.22.3">
+                         <filename>atril-devel-1.22.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="atril-debuginfo" release="3.ule3" version="1.22.3">
+                         <filename>atril-debuginfo-1.22.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="atril-libs" release="3.ule3" version="1.22.3">
+                         <filename>atril-libs-1.22.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="atril" release="3.ule3" version="1.22.3">
+                         <filename>atril-1.22.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="atril-libs" release="3.ule3" version="1.22.3">
+                         <filename>atril-libs-1.22.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="atril-debuginfo" release="3.ule3" version="1.22.3">
+                         <filename>atril-debuginfo-1.22.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="atril-debugsource" release="3.ule3" version="1.22.3">
+                         <filename>atril-debugsource-1.22.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="atril" release="3.ule3" version="1.22.3">
+                         <filename>atril-1.22.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="atril-devel" release="3.ule3" version="1.22.3">
+                         <filename>atril-devel-1.22.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1252</id>
+          <title>An update for json-path is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-51074" id="CVE-2023-51074" title="CVE-2023-51074" type="cve"></reference>
+          </references>
+          <description>json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.(CVE-2023-51074)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="json-path-javadoc" release="2.ule3" version="2.1.0">
+                         <filename>json-path-javadoc-2.1.0-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="json-path" release="2.ule3" version="2.1.0">
+                         <filename>json-path-2.1.0-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1253</id>
+          <title>An update for grub2 is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-1048" id="CVE-2024-1048" title="CVE-2024-1048" type="cve"></reference>
+          </references>
+          <description>A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.(CVE-2024-1048)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="grub2-tools-extra" release="41.ule3" version="2.06">
+                         <filename>grub2-tools-extra-2.06-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-tools-minimal" release="41.ule3" version="2.06">
+                         <filename>grub2-tools-minimal-2.06-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-efi-aa64" release="41.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-2.06-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-tools" release="41.ule3" version="2.06">
+                         <filename>grub2-tools-2.06-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-debuginfo" release="41.ule3" version="2.06">
+                         <filename>grub2-debuginfo-2.06-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-debugsource" release="41.ule3" version="2.06">
+                         <filename>grub2-debugsource-2.06-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="grub2-efi-aa64-cdboot" release="41.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-cdboot-2.06-41.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-ia32-modules" release="41.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-modules-2.06-41.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-common" release="41.ule3" version="2.06">
+                         <filename>grub2-common-2.06-41.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-help" release="41.ule3" version="2.06">
+                         <filename>grub2-help-2.06-41.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-x64-modules" release="41.ule3" version="2.06">
+                         <filename>grub2-efi-x64-modules-2.06-41.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-efi-aa64-modules" release="41.ule3" version="2.06">
+                         <filename>grub2-efi-aa64-modules-2.06-41.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="grub2-pc-modules" release="41.ule3" version="2.06">
+                         <filename>grub2-pc-modules-2.06-41.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-debuginfo" release="41.ule3" version="2.06">
+                         <filename>grub2-debuginfo-2.06-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-ia32" release="41.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-2.06-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-ia32-cdboot" release="41.ule3" version="2.06">
+                         <filename>grub2-efi-ia32-cdboot-2.06-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-x64" release="41.ule3" version="2.06">
+                         <filename>grub2-efi-x64-2.06-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools" release="41.ule3" version="2.06">
+                         <filename>grub2-tools-2.06-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-debugsource" release="41.ule3" version="2.06">
+                         <filename>grub2-debugsource-2.06-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-pc" release="41.ule3" version="2.06">
+                         <filename>grub2-pc-2.06-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-efi-x64-cdboot" release="41.ule3" version="2.06">
+                         <filename>grub2-efi-x64-cdboot-2.06-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-efi" release="41.ule3" version="2.06">
+                         <filename>grub2-tools-efi-2.06-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-minimal" release="41.ule3" version="2.06">
+                         <filename>grub2-tools-minimal-2.06-41.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="grub2-tools-extra" release="41.ule3" version="2.06">
+                         <filename>grub2-tools-extra-2.06-41.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1254</id>
+          <title>An update for python-django is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-27351" id="CVE-2024-27351" title="CVE-2024-27351" type="cve"></reference>
+          </references>
+          <description>An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewords_html filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service.(CVE-2024-27351)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-django-help" release="11.ule3" version="2.2.27">
+                         <filename>python-django-help-2.2.27-11.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-Django" release="11.ule3" version="2.2.27">
+                         <filename>python3-Django-2.2.27-11.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1255</id>
+          <title>An update for jsoup is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36033" id="CVE-2022-36033" title="CVE-2022-36033" type="cve"></reference>
+          </references>
+          <description>jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)(CVE-2022-36033)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="jsoup" release="2.ule3" version="1.14.2">
+                         <filename>jsoup-1.14.2-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1256</id>
+          <title>An update for rubygem-yard is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-27285" id="CVE-2024-27285" title="CVE-2024-27285" type="cve"></reference>
+          </references>
+          <description>YARD is a Ruby Documentation tool. The &#34;frames.html&#34; file within the Yard Doc&#39;s generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the &#34;frames.erb&#34; template file.  This vulnerability is fixed in 0.9.36.(CVE-2024-27285)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="rubygem-yard" release="3.ule3" version="0.9.26">
+                         <filename>rubygem-yard-0.9.26-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-yard-doc" release="3.ule3" version="0.9.26">
+                         <filename>rubygem-yard-doc-0.9.26-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1261</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-1151" id="CVE-2024-1151" title="CVE-2024-1151" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26595" id="CVE-2024-26595" title="CVE-2024-26595" type="cve"></reference>
+          </references>
+          <description>A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.(CVE-2024-1151)In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error pathWhen calling mlxsw_sp_acl_tcam_region_destroy() from an error path afterfailing to attach the region to an ACL group, we hit a NULL pointerdereference upon &#39;region-&gt;group-&gt;tcam&#39; [1].Fix by retrieving the &#39;tcam&#39; pointer using mlxsw_sp_acl_to_tcam().[1]BUG: kernel NULL pointer dereference, address: 0000000000000000[...]RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0[...]Call Trace: mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b(CVE-2024-26595)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.128.0.155.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.128.0.155.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.128.0.155.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1264</id>
+          <title>An update for arm-trusted-firmware is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-08"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-49100" id="CVE-2023-49100" title="CVE-2023-49100" type="cve"></reference>
+          </references>
+          <description>Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.(CVE-2023-49100)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="arm-trusted-firmware-armv8" release="4.ule3" version="2.3">
+                         <filename>arm-trusted-firmware-armv8-2.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1266</id>
+          <title>An update for glusterfs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48340" id="CVE-2022-48340" title="CVE-2022-48340" type="cve"></reference>
+          </references>
+          <description>In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.(CVE-2022-48340)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libglusterfs0" release="9.ule3" version="10.0">
+                         <filename>libglusterfs0-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-debugsource" release="9.ule3" version="10.0">
+                         <filename>glusterfs-debugsource-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libglusterfs-devel" release="9.ule3" version="10.0">
+                         <filename>libglusterfs-devel-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-fuse" release="9.ule3" version="10.0">
+                         <filename>glusterfs-fuse-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libglusterd0" release="9.ule3" version="10.0">
+                         <filename>libglusterd0-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfchangelog-devel" release="9.ule3" version="10.0">
+                         <filename>libgfchangelog-devel-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfrpc-devel" release="9.ule3" version="10.0">
+                         <filename>libgfrpc-devel-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfapi-devel" release="9.ule3" version="10.0">
+                         <filename>libgfapi-devel-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-geo-replication" release="9.ule3" version="10.0">
+                         <filename>glusterfs-geo-replication-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-thin-arbiter" release="9.ule3" version="10.0">
+                         <filename>glusterfs-thin-arbiter-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-cli" release="9.ule3" version="10.0">
+                         <filename>glusterfs-cli-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-client-xlators" release="9.ule3" version="10.0">
+                         <filename>glusterfs-client-xlators-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfchangelog0" release="9.ule3" version="10.0">
+                         <filename>libgfchangelog0-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-debuginfo" release="9.ule3" version="10.0">
+                         <filename>glusterfs-debuginfo-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-server" release="9.ule3" version="10.0">
+                         <filename>glusterfs-server-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfxdr0" release="9.ule3" version="10.0">
+                         <filename>libgfxdr0-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs" release="9.ule3" version="10.0">
+                         <filename>glusterfs-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfxdr-devel" release="9.ule3" version="10.0">
+                         <filename>libgfxdr-devel-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfrpc0" release="9.ule3" version="10.0">
+                         <filename>libgfrpc0-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-help" release="9.ule3" version="10.0">
+                         <filename>glusterfs-help-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-gluster" release="9.ule3" version="10.0">
+                         <filename>python3-gluster-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-events" release="9.ule3" version="10.0">
+                         <filename>glusterfs-events-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-cloudsync-plugins" release="9.ule3" version="10.0">
+                         <filename>glusterfs-cloudsync-plugins-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgfapi0" release="9.ule3" version="10.0">
+                         <filename>libgfapi0-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glusterfs-extra-xlators" release="9.ule3" version="10.0">
+                         <filename>glusterfs-extra-xlators-10.0-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="glusterfs-resource-agents" release="9.ule3" version="10.0">
+                         <filename>glusterfs-resource-agents-10.0-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-debugsource" release="9.ule3" version="10.0">
+                         <filename>glusterfs-debugsource-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-extra-xlators" release="9.ule3" version="10.0">
+                         <filename>glusterfs-extra-xlators-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfrpc0" release="9.ule3" version="10.0">
+                         <filename>libgfrpc0-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfxdr-devel" release="9.ule3" version="10.0">
+                         <filename>libgfxdr-devel-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs" release="9.ule3" version="10.0">
+                         <filename>glusterfs-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-thin-arbiter" release="9.ule3" version="10.0">
+                         <filename>glusterfs-thin-arbiter-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-server" release="9.ule3" version="10.0">
+                         <filename>glusterfs-server-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfxdr0" release="9.ule3" version="10.0">
+                         <filename>libgfxdr0-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfrpc-devel" release="9.ule3" version="10.0">
+                         <filename>libgfrpc-devel-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-help" release="9.ule3" version="10.0">
+                         <filename>glusterfs-help-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfchangelog-devel" release="9.ule3" version="10.0">
+                         <filename>libgfchangelog-devel-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-fuse" release="9.ule3" version="10.0">
+                         <filename>glusterfs-fuse-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libglusterd0" release="9.ule3" version="10.0">
+                         <filename>libglusterd0-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-cloudsync-plugins" release="9.ule3" version="10.0">
+                         <filename>glusterfs-cloudsync-plugins-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-gluster" release="9.ule3" version="10.0">
+                         <filename>python3-gluster-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-client-xlators" release="9.ule3" version="10.0">
+                         <filename>glusterfs-client-xlators-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-geo-replication" release="9.ule3" version="10.0">
+                         <filename>glusterfs-geo-replication-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfapi-devel" release="9.ule3" version="10.0">
+                         <filename>libgfapi-devel-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libglusterfs-devel" release="9.ule3" version="10.0">
+                         <filename>libglusterfs-devel-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfchangelog0" release="9.ule3" version="10.0">
+                         <filename>libgfchangelog0-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgfapi0" release="9.ule3" version="10.0">
+                         <filename>libgfapi0-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-debuginfo" release="9.ule3" version="10.0">
+                         <filename>glusterfs-debuginfo-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-events" release="9.ule3" version="10.0">
+                         <filename>glusterfs-events-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libglusterfs0" release="9.ule3" version="10.0">
+                         <filename>libglusterfs0-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glusterfs-cli" release="9.ule3" version="10.0">
+                         <filename>glusterfs-cli-10.0-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1270</id>
+          <title>An update for glade is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2020-36774" id="CVE-2020-36774" title="CVE-2020-36774" type="cve"></reference>
+          </references>
+          <description>plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).(CVE-2020-36774)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="glade-devel" release="3.ule3" version="3.36.0">
+                         <filename>glade-devel-3.36.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glade-debugsource" release="3.ule3" version="3.36.0">
+                         <filename>glade-debugsource-3.36.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glade-libs" release="3.ule3" version="3.36.0">
+                         <filename>glade-libs-3.36.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glade" release="3.ule3" version="3.36.0">
+                         <filename>glade-3.36.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="glade-debuginfo" release="3.ule3" version="3.36.0">
+                         <filename>glade-debuginfo-3.36.0-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="glade-help" release="3.ule3" version="3.36.0">
+                         <filename>glade-help-3.36.0-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glade-debugsource" release="3.ule3" version="3.36.0">
+                         <filename>glade-debugsource-3.36.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glade-debuginfo" release="3.ule3" version="3.36.0">
+                         <filename>glade-debuginfo-3.36.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glade-libs" release="3.ule3" version="3.36.0">
+                         <filename>glade-libs-3.36.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glade-devel" release="3.ule3" version="3.36.0">
+                         <filename>glade-devel-3.36.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="glade" release="3.ule3" version="3.36.0">
+                         <filename>glade-3.36.0-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1273</id>
+          <title>An update for A-Tune-Collector is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24897" id="CVE-2024-24897" title="CVE-2024-24897" type="cve"></reference>
+          </references>
+          <description>When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command execution.(CVE-2024-24897)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="atune-collector" release="8.ule3" version="1.1.0">
+                         <filename>atune-collector-1.1.0-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="atune-collector" release="8.ule3" version="1.1.0">
+                         <filename>atune-collector-1.1.0-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1276</id>
+          <title>An update for python-aiosmtpd is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-27305" id="CVE-2024-27305" title="CVE-2024-27305" type="cve"></reference>
+          </references>
+          <description>aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-27305)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-aiosmtpd-help" release="2.ule3" version="1.4.2">
+                         <filename>python-aiosmtpd-help-1.4.2-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-aiosmtpd" release="2.ule3" version="1.4.2">
+                         <filename>python3-aiosmtpd-1.4.2-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1280</id>
+          <title>An update for edk2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45229" id="CVE-2023-45229" title="CVE-2023-45229" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45231" id="CVE-2023-45231" title="CVE-2023-45231" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45234" id="CVE-2023-45234" title="CVE-2023-45234" type="cve"></reference>
+          </references>
+          <description>EDK2&#39;s Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.(CVE-2023-45229)EDK2&#39;s Network Package is susceptible to an out-of-bounds read vulnerability when processing  Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.(CVE-2023-45231) EDK2&#39;s Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.(CVE-2023-45234)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="edk2-devel" release="16.ule3" version="202011">
+                         <filename>edk2-devel-202011-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-debugsource" release="16.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-debuginfo" release="16.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-ovmf" release="16.ule3" version="202011">
+                         <filename>edk2-ovmf-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-help" release="16.ule3" version="202011">
+                         <filename>edk2-help-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-edk2-devel" release="16.ule3" version="202011">
+                         <filename>python3-edk2-devel-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-aarch64" release="16.ule3" version="202011">
+                         <filename>edk2-aarch64-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debuginfo" release="16.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-devel" release="16.ule3" version="202011">
+                         <filename>edk2-devel-202011-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debugsource" release="16.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1283</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52436" id="CVE-2023-52436" title="CVE-2023-52436" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52438" id="CVE-2023-52438" title="CVE-2023-52438" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52439" id="CVE-2023-52439" title="CVE-2023-52439" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-22099" id="CVE-2024-22099" title="CVE-2024-22099" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-23850" id="CVE-2024-23850" title="CVE-2024-23850" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-23851" id="CVE-2024-23851" title="CVE-2024-23851" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26583" id="CVE-2024-26583" title="CVE-2024-26583" type="cve"></reference>
+          </references>
+          <description>In the Linux kernel, the following vulnerability has been resolved:f2fs: explicitly null-terminate the xattr listWhen setting an xattr, explicitly null-terminate the xattr list.  Thiseliminates the fragile assumption that the unused xattr space is alwayszeroed.(CVE-2023-52436)In the Linux kernel, the following vulnerability has been resolved:binder: fix use-after-free in shinker&#39;s callbackThe mmap read lock is used during the shrinker&#39;s callback, which meansthat using alloc-&gt;vma pointer isn&#39;t safe as it can race with munmap().As of commit dd2283f2605e (&#34;mm: mmap: zap pages with read mmap_sem inmunmap&#34;) the mmap lock is downgraded after the vma has been isolated.I was able to reproduce this issue by manually adding some delays andtriggering page reclaiming through the shrinker&#39;s debug sysfs. Thefollowing KASAN report confirms the UAF:  ==================================================================  BUG: KASAN: slab-use-after-free in zap_page_range_single+0x470/0x4b8  Read of size 8 at addr ffff356ed50e50f0 by task bash/478  CPU: 1 PID: 478 Comm: bash Not tainted 6.6.0-rc5-00055-g1c8b86a3799f-dirty #70  Hardware name: linux,dummy-virt (DT)  Call trace:   zap_page_range_single+0x470/0x4b8   binder_alloc_free_page+0x608/0xadc   __list_lru_walk_one+0x130/0x3b0   list_lru_walk_node+0xc4/0x22c   binder_shrink_scan+0x108/0x1dc   shrinker_debugfs_scan_write+0x2b4/0x500   full_proxy_write+0xd4/0x140   vfs_write+0x1ac/0x758   ksys_write+0xf0/0x1dc   __arm64_sys_write+0x6c/0x9c  Allocated by task 492:   kmem_cache_alloc+0x130/0x368   vm_area_alloc+0x2c/0x190   mmap_region+0x258/0x18bc   do_mmap+0x694/0xa60   vm_mmap_pgoff+0x170/0x29c   ksys_mmap_pgoff+0x290/0x3a0   __arm64_sys_mmap+0xcc/0x144  Freed by task 491:   kmem_cache_free+0x17c/0x3c8   vm_area_free_rcu_cb+0x74/0x98   rcu_core+0xa38/0x26d4   rcu_core_si+0x10/0x1c   __do_softirq+0x2fc/0xd24  Last potentially related work creation:   __call_rcu_common.constprop.0+0x6c/0xba0   call_rcu+0x10/0x1c   vm_area_free+0x18/0x24   remove_vma+0xe4/0x118   do_vmi_align_munmap.isra.0+0x718/0xb5c   do_vmi_munmap+0xdc/0x1fc   __vm_munmap+0x10c/0x278   __arm64_sys_munmap+0x58/0x7cFix this issue by performing instead a vma_lookup() which will fail tofind the vma that was isolated before the mmap lock downgrade. Note thatthis option has better performance than upgrading to a mmap write lockwhich would increase contention. Plus, mmap_write_trylock() has beenrecently removed anyway.(CVE-2023-52438)In the Linux kernel, the following vulnerability has been resolved:uio: Fix use-after-free in uio_opencore-1&#x9;&#x9;&#x9;&#x9;core-2-------------------------------------------------------uio_unregister_device&#x9;&#x9;uio_open&#x9;&#x9;&#x9;&#x9;idev = idr_find()device_unregister(&amp;idev-&gt;dev)put_device(&amp;idev-&gt;dev)uio_device_release&#x9;&#x9;&#x9;&#x9;get_device(&amp;idev-&gt;dev)kfree(idev)uio_free_minor(minor)&#x9;&#x9;&#x9;&#x9;uio_release&#x9;&#x9;&#x9;&#x9;put_device(&amp;idev-&gt;dev)&#x9;&#x9;&#x9;&#x9;kfree(idev)-------------------------------------------------------In the core-1 uio_unregister_device(), the device_unregister will kfreeidev when the idev-&gt;dev kobject ref is 1. But after core-1device_unregister, put_device and before doing kfree, the core-2 mayget_device. Then:1. After core-1 kfree idev, the core-2 will do use-after-free for idev.2. When core-2 do uio_release and put_device, the idev will be double   freed.To address this issue, we can get idev atomic &amp; inc idev reference withminor_lock.(CVE-2023-52439)NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.This issue affects Linux kernel: v2.6.12-rc2.(CVE-2024-22099)In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.(CVE-2024-23850)copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel-&gt;data_size check. This is related to ctl_ioctl.(CVE-2024-23851)In the Linux kernel, the following vulnerability has been resolved:tls: fix race between async notify and socket closeThe submitting thread (one which called recvmsg/sendmsg)may exit as soon as the async crypto handler calls complete()so any code past that point risks touching already freed data.Try to avoid the locking and extra flags altogether.Have the main thread hold an extra reference, this waywe can depend solely on the atomic ref counter forsynchronization.Don&#39;t futz with reiniting the completion, either, we are nowtightly controlling when completion fires.(CVE-2024-26583)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-headers" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.129.0.156.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.129.0.156.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.129.0.156.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1287</id>
+          <title>An update for iSulad is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-15"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-33632" id="CVE-2021-33632" title="CVE-2021-33632" type="cve"></reference>
+          </references>
+          <description>在isulad服务初始化阶段，会进行临时文件的正确性检查，如果检查不通过则重新创建文件，在检查与创建之间，存在一个条件竞争问题，攻击者可以通过利用该漏洞进行提权。(CVE-2021-33632)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="iSulad-debuginfo" release="16.ule3" version="2.0.18">
+                         <filename>iSulad-debuginfo-2.0.18-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="iSulad-debugsource" release="16.ule3" version="2.0.18">
+                         <filename>iSulad-debugsource-2.0.18-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="iSulad" release="16.ule3" version="2.0.18">
+                         <filename>iSulad-2.0.18-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iSulad-debuginfo" release="16.ule3" version="2.0.18">
+                         <filename>iSulad-debuginfo-2.0.18-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iSulad" release="16.ule3" version="2.0.18">
+                         <filename>iSulad-2.0.18-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iSulad-debugsource" release="16.ule3" version="2.0.18">
+                         <filename>iSulad-debugsource-2.0.18-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1295</id>
+          <title>An update for microcode_ctl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-38575" id="CVE-2023-38575" title="CVE-2023-38575" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-39368" id="CVE-2023-39368" title="CVE-2023-39368" type="cve"></reference>
+          </references>
+          <description>Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.(CVE-2023-38575)Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.(CVE-2023-39368)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="x86_64" name="microcode_ctl" release="1.ule3" version="20240312">
+                         <filename>microcode_ctl-20240312-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1298</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46987" id="CVE-2021-46987" title="CVE-2021-46987" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52447" id="CVE-2023-52447" title="CVE-2023-52447" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52448" id="CVE-2023-52448" title="CVE-2023-52448" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52449" id="CVE-2023-52449" title="CVE-2023-52449" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52452" id="CVE-2023-52452" title="CVE-2023-52452" type="cve"></reference>
+          </references>
+          <description>In the Linux kernel, the following vulnerability has been resolved:btrfs: fix deadlock when cloning inline extents and using qgroupsThere are a few exceptional cases where cloning an inline extent needs tocopy the inline extent data into a page of the destination inode.When this happens, we end up starting a transaction while having a dirtypage for the destination inode and while having the range locked in thedestination&#39;s inode iotree too. Because when reserving metadata spacefor a transaction we may need to flush existing delalloc in case there isnot enough free space, we have a mechanism in place to prevent a deadlock,which was introduced in commit 3d45f221ce627d (&#34;btrfs: fix deadlock whencloning inline extent and low on free metadata space&#34;).However when using qgroups, a transaction also reserves metadata qgroupspace, which can also result in flushing delalloc in case there is notenough available space at the moment. When this happens we deadlock, sinceflushing delalloc requires locking the file range in the inode&#39;s iotreeand the range was already locked at the very beginning of the cloneoperation, before attempting to start the transaction.When this issue happens, stack traces like the following are reported:  [72747.556262] task:kworker/u81:9   state:D stack:    0 pid:  225 ppid:     2 flags:0x00004000  [72747.556268] Workqueue: writeback wb_workfn (flush-btrfs-1142)  [72747.556271] Call Trace:  [72747.556273]  __schedule+0x296/0x760  [72747.556277]  schedule+0x3c/0xa0  [72747.556279]  io_schedule+0x12/0x40  [72747.556284]  __lock_page+0x13c/0x280  [72747.556287]  ? generic_file_readonly_mmap+0x70/0x70  [72747.556325]  extent_write_cache_pages+0x22a/0x440 [btrfs]  [72747.556331]  ? __set_page_dirty_nobuffers+0xe7/0x160  [72747.556358]  ? set_extent_buffer_dirty+0x5e/0x80 [btrfs]  [72747.556362]  ? update_group_capacity+0x25/0x210  [72747.556366]  ? cpumask_next_and+0x1a/0x20  [72747.556391]  extent_writepages+0x44/0xa0 [btrfs]  [72747.556394]  do_writepages+0x41/0xd0  [72747.556398]  __writeback_single_inode+0x39/0x2a0  [72747.556403]  writeback_sb_inodes+0x1ea/0x440  [72747.556407]  __writeback_inodes_wb+0x5f/0xc0  [72747.556410]  wb_writeback+0x235/0x2b0  [72747.556414]  ? get_nr_inodes+0x35/0x50  [72747.556417]  wb_workfn+0x354/0x490  [72747.556420]  ? newidle_balance+0x2c5/0x3e0  [72747.556424]  process_one_work+0x1aa/0x340  [72747.556426]  worker_thread+0x30/0x390  [72747.556429]  ? create_worker+0x1a0/0x1a0  [72747.556432]  kthread+0x116/0x130  [72747.556435]  ? kthread_park+0x80/0x80  [72747.556438]  ret_from_fork+0x1f/0x30  [72747.566958] Workqueue: btrfs-flush_delalloc btrfs_work_helper [btrfs]  [72747.566961] Call Trace:  [72747.566964]  __schedule+0x296/0x760  [72747.566968]  ? finish_wait+0x80/0x80  [72747.566970]  schedule+0x3c/0xa0  [72747.566995]  wait_extent_bit.constprop.68+0x13b/0x1c0 [btrfs]  [72747.566999]  ? finish_wait+0x80/0x80  [72747.567024]  lock_extent_bits+0x37/0x90 [btrfs]  [72747.567047]  btrfs_invalidatepage+0x299/0x2c0 [btrfs]  [72747.567051]  ? find_get_pages_range_tag+0x2cd/0x380  [72747.567076]  __extent_writepage+0x203/0x320 [btrfs]  [72747.567102]  extent_write_cache_pages+0x2bb/0x440 [btrfs]  [72747.567106]  ? update_load_avg+0x7e/0x5f0  [72747.567109]  ? enqueue_entity+0xf4/0x6f0  [72747.567134]  extent_writepages+0x44/0xa0 [btrfs]  [72747.567137]  ? enqueue_task_fair+0x93/0x6f0  [72747.567140]  do_writepages+0x41/0xd0  [72747.567144]  __filemap_fdatawrite_range+0xc7/0x100  [72747.567167]  btrfs_run_delalloc_work+0x17/0x40 [btrfs]  [72747.567195]  btrfs_work_helper+0xc2/0x300 [btrfs]  [72747.567200]  process_one_work+0x1aa/0x340  [72747.567202]  worker_thread+0x30/0x390  [72747.567205]  ? create_worker+0x1a0/0x1a0  [72747.567208]  kthread+0x116/0x130  [72747.567211]  ? kthread_park+0x80/0x80  [72747.567214]  ret_from_fork+0x1f/0x30  [72747.569686] task:fsstress        state:D stack:    ---truncated---(CVE-2021-46987)In the Linux kernel, the following vulnerability has been resolved:bpf: Defer the free of inner map when necessaryWhen updating or deleting an inner map in map array or map htab, the mapmay still be accessed by non-sleepable program or sleepable program.However bpf_map_fd_put_ptr() decreases the ref-counter of the inner mapdirectly through bpf_map_put(), if the ref-counter is the last one(which is true for most cases), the inner map will be freed byops-&gt;map_free() in a kworker. But for now, most .map_free() callbacksdon&#39;t use synchronize_rcu() or its variants to wait for the elapse of aRCU grace period, so after the invocation of ops-&gt;map_free completes,the bpf program which is accessing the inner map may incuruse-after-free problem.Fix the free of inner map by invoking bpf_map_free_deferred() after bothone RCU grace period and one tasks trace RCU grace period if the innermap has been removed from the outer map before. The deferment isaccomplished by using call_rcu() or call_rcu_tasks_trace() whenreleasing the last ref-counter of bpf map. The newly-added rcu_headfield in bpf_map shares the same storage space with work field toreduce the size of bpf_map.(CVE-2023-52447)In the Linux kernel, the following vulnerability has been resolved:gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dumpSyzkaller has reported a NULL pointer dereference when accessingrgd-&gt;rd_rgl in gfs2_rgrp_dump().  This can happen when creatingrgd-&gt;rd_gl fails in read_rindex_entry().  Add a NULL pointer check ingfs2_rgrp_dump() to prevent that.(CVE-2023-52448)In the Linux kernel, the following vulnerability has been resolved:mtd: Fix gluebi NULL pointer dereference caused by ftl notifierIf both ftl.ko and gluebi.ko are loaded, the notifier of ftltriggers NULL pointer dereference when trying to access‘gluebi-&gt;desc’ in gluebi_read().ubi_gluebi_init  ubi_register_volume_notifier    ubi_enumerate_volumes      ubi_notify_all        gluebi_notify    nb-&gt;notifier_call()          gluebi_create            mtd_device_register              mtd_device_parse_register                add_mtd_device                  blktrans_notify_add   not-&gt;add()                    ftl_add_mtd         tr-&gt;add_mtd()                      scan_header                        mtd_read                          mtd_read_oob                            mtd_read_oob_std                              gluebi_read   mtd-&gt;read()                                gluebi-&gt;desc - NULLDetailed reproduction information available at the Link [1],In the normal case, obtain gluebi-&gt;desc in the gluebi_get_device(),and access gluebi-&gt;desc in the gluebi_read(). However,gluebi_get_device() is not executed in advance in theftl_add_mtd() process, which leads to NULL pointer dereference.The solution for the gluebi module is to run jffs2 on the UBIvolume without considering working with ftl or mtdblock [2].Therefore, this problem can be avoided by preventing gluebi fromcreating the mtdblock device after creating mtd partition of thetype MTD_UBIVOLUME.(CVE-2023-52449)In the Linux kernel, the following vulnerability has been resolved:bpf: Fix accesses to uninit stack slotsPrivileged programs are supposed to be able to read uninitialized stackmemory (ever since 6715df8d5) but, before this patch, these accesseswere permitted inconsistently. In particular, accesses were permittedabove state-&gt;allocated_stack, but not below it. In other words, if thestack was already &#34;large enough&#34;, the access was permitted, butotherwise the access was rejected instead of being allowed to &#34;grow thestack&#34;. This undesired rejection was happening in two places:- in check_stack_slot_within_bounds()- in check_stack_range_initialized()This patch arranges for these accesses to be permitted. A bunch of teststhat were relying on the old rejection had to change; all of them werechanged to add also run unprivileged, in which case the old behaviorpersists. One tests couldn&#39;t be updated - global_func16 - because itcan&#39;t run unprivileged for other reasons.This patch also fixes the tracking of the stack size for variable-offsetreads. This second fix is bundled in the same commit as the first onebecause they&#39;re inter-related. Before this patch, writes to the stackusing registers containing a variable offset (as opposed to registerswith fixed, known values) were not properly contributing to thefunction&#39;s needed stack size. As a result, it was possible for a programto verify, but then to attempt to read out-of-bounds data at runtimebecause a too small stack had been allocated for it.Each function tracks the size of the stack it needs inbpf_subprog_info.stack_depth, which is maintained byupdate_stack_depth(). For regular memory accesses, check_mem_access()was calling update_state_depth() but it was passing in only the fixedpart of the offset register, ignoring the variable offset. This wasincorrect; the minimum possible value of that register should be usedinstead.This tracking is now fixed by centralizing the tracking of stack size ingrow_stack_state(), and by lifting the calls to grow_stack_state() tocheck_stack_access_within_bounds() as suggested by Andrii. The code isnow simpler and more convincingly tracks the correct maximum stack size.check_stack_range_initialized() can now rely on enough stack having beenallocated for the access; this helps with the fix for the first issue.A few tests were changed to also check the stack depth computation. Theone that fails without this patch is verifier_var_off:stack_write_priv_vs_unpriv.(CVE-2023-52452)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.130.0.157.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.130.0.157.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.130.0.157.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1302</id>
+          <title>An update for docker is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24557" id="CVE-2024-24557" title="CVE-2024-24557" type="cve"></reference>
+          </references>
+          <description>Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.(CVE-2024-24557)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="docker-engine" release="333.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-333.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="docker-engine-debuginfo" release="333.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-333.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="docker-engine-debugsource" release="333.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-333.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="docker-engine" release="333.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-333.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="docker-engine-debuginfo" release="333.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-333.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="docker-engine-debugsource" release="333.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-333.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1305</id>
+          <title>An update for perl-Net-CIDR-Lite is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-47154" id="CVE-2021-47154" title="CVE-2021-47154" type="cve"></reference>
+          </references>
+          <description>The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.(CVE-2021-47154)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="perl-Net-CIDR-Lite" release="24.ule3" version="0.21">
+                         <filename>perl-Net-CIDR-Lite-0.21-24.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="perl-Net-CIDR-Lite-help" release="24.ule3" version="0.21">
+                         <filename>perl-Net-CIDR-Lite-help-0.21-24.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1306</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45289" id="CVE-2023-45289" title="CVE-2023-45289" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45290" id="CVE-2023-45290" title="CVE-2023-45290" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24783" id="CVE-2024-24783" title="CVE-2024-24783" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24785" id="CVE-2024-24785" title="CVE-2024-24785" type="cve"></reference>
+          </references>
+          <description>When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as &#34;Authorization&#34; or &#34;Cookie&#34;. For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.(CVE-2023-45289)When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.(CVE-2023-45290)Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.(CVE-2024-24783)If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.(CVE-2024-24785)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="28.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="28.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-28.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="28.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-28.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="28.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-28.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1311</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-3019" id="CVE-2023-3019" title="CVE-2023-3019" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6683" id="CVE-2023-6683" title="CVE-2023-6683" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6693" id="CVE-2023-6693" title="CVE-2023-6693" type="cve"></reference>
+          </references>
+          <description>A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.(CVE-2023-3019)A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.(CVE-2023-6683)A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.(CVE-2023-6693)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="10" arch="aarch64" name="qemu" release="86.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-curl" release="86.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-hw-usb-host" release="86.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-aarch64" release="86.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-debuginfo" release="86.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-rbd" release="86.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-ssh" release="86.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-block-iscsi" release="86.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-debugsource" release="86.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-riscv" release="86.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-guest-agent" release="86.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-img" release="86.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-x86_64" release="86.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="aarch64" name="qemu-system-arm" release="86.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-86.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="noarch" name="qemu-help" release="86.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-86.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-hw-usb-host" release="86.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu" release="86.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-x86_64" release="86.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-aarch64" release="86.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-rbd" release="86.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debugsource" release="86.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-iscsi" release="86.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-debuginfo" release="86.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-guest-agent" release="86.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-riscv" release="86.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-curl" release="86.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-img" release="86.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-seabios" release="86.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-system-arm" release="86.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="10" arch="x86_64" name="qemu-block-ssh" release="86.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-86.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1316</id>
+          <title>An update for edk2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36764" id="CVE-2022-36764" title="CVE-2022-36764" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45230" id="CVE-2023-45230" title="CVE-2023-45230" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45232" id="CVE-2023-45232" title="CVE-2023-45232" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45233" id="CVE-2023-45233" title="CVE-2023-45233" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45235" id="CVE-2023-45235" title="CVE-2023-45235" type="cve"></reference>
+          </references>
+          <description>EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.(CVE-2022-36764) EDK2&#39;s Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.(CVE-2023-45230) EDK2&#39;s Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.(CVE-2023-45232) EDK2&#39;s Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.(CVE-2023-45233) EDK2&#39;s Network Package is susceptible to a buffer overflow vulnerability whenhandling Server ID option  from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.(CVE-2023-45235)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="edk2-debuginfo" release="16.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-devel" release="16.ule3" version="202011">
+                         <filename>edk2-devel-202011-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-debugsource" release="16.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-aarch64" release="16.ule3" version="202011">
+                         <filename>edk2-aarch64-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-help" release="16.ule3" version="202011">
+                         <filename>edk2-help-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-ovmf" release="16.ule3" version="202011">
+                         <filename>edk2-ovmf-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-edk2-devel" release="16.ule3" version="202011">
+                         <filename>python3-edk2-devel-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debuginfo" release="16.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debugsource" release="16.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-devel" release="16.ule3" version="202011">
+                         <filename>edk2-devel-202011-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1323</id>
+          <title>An update for bind is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-22"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-4408" id="CVE-2023-4408" title="CVE-2023-4408" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-50387" id="CVE-2023-50387" title="CVE-2023-50387" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5517" id="CVE-2023-5517" title="CVE-2023-5517" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-5679" id="CVE-2023-5679" title="CVE-2023-5679" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-6516" id="CVE-2023-6516" title="CVE-2023-6516" type="cve"></reference>
+          </references>
+          <description>The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.(CVE-2023-4408)Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the &#34;KeyTrap&#34; issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.(CVE-2023-50387)A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:  - `nxdomain-redirect &lt;domain&gt;;` is configured, and  - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.(CVE-2023-5517)A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.(CVE-2023-5679)To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded.This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.(CVE-2023-6516)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="32" arch="aarch64" name="bind-libs" release="21.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-dnssec-utils" release="21.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-debugsource" release="21.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11" release="21.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-debuginfo" release="21.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind" release="21.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-utils" release="21.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-utils" release="21.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-devel" release="21.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-libs" release="21.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-pkcs11-devel" release="21.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="aarch64" name="bind-chroot" release="21.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-21.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="python3-bind" release="21.ule3" version="9.16.23">
+                         <filename>python3-bind-9.16.23-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="bind-license" release="21.ule3" version="9.16.23">
+                         <filename>bind-license-9.16.23-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="noarch" name="bind-dnssec-doc" release="21.ule3" version="9.16.23">
+                         <filename>bind-dnssec-doc-9.16.23-21.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-devel" release="21.ule3" version="9.16.23">
+                         <filename>bind-devel-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-chroot" release="21.ule3" version="9.16.23">
+                         <filename>bind-chroot-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-devel" release="21.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-devel-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind" release="21.ule3" version="9.16.23">
+                         <filename>bind-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-dnssec-utils" release="21.ule3" version="9.16.23">
+                         <filename>bind-dnssec-utils-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-utils" release="21.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-utils-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debugsource" release="21.ule3" version="9.16.23">
+                         <filename>bind-debugsource-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11" release="21.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-debuginfo" release="21.ule3" version="9.16.23">
+                         <filename>bind-debuginfo-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-utils" release="21.ule3" version="9.16.23">
+                         <filename>bind-utils-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-pkcs11-libs" release="21.ule3" version="9.16.23">
+                         <filename>bind-pkcs11-libs-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="32" arch="x86_64" name="bind-libs" release="21.ule3" version="9.16.23">
+                         <filename>bind-libs-9.16.23-21.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1328</id>
+          <title>An update for python-yaql is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-29156" id="CVE-2024-29156" title="CVE-2024-29156" type="cve"></reference>
+          </references>
+          <description>In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service&#39;s MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.(CVE-2024-29156)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="python-yaql-help" release="2.ule3" version="1.1.3">
+                         <filename>python-yaql-help-1.1.3-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-yaql" release="2.ule3" version="1.1.3">
+                         <filename>python3-yaql-1.1.3-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1341</id>
+          <title>An update for libreswan is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-2357" id="CVE-2024-2357" title="CVE-2024-2357" type="cve"></reference>
+          </references>
+          <description>The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.(CVE-2024-2357)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libreswan-help" release="1.ule3" version="4.14">
+                         <filename>libreswan-help-4.14-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan-debugsource" release="1.ule3" version="4.14">
+                         <filename>libreswan-debugsource-4.14-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan" release="1.ule3" version="4.14">
+                         <filename>libreswan-4.14-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libreswan-debuginfo" release="1.ule3" version="4.14">
+                         <filename>libreswan-debuginfo-4.14-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-debugsource" release="1.ule3" version="4.14">
+                         <filename>libreswan-debugsource-4.14-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan" release="1.ule3" version="4.14">
+                         <filename>libreswan-4.14-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-help" release="1.ule3" version="4.14">
+                         <filename>libreswan-help-4.14-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libreswan-debuginfo" release="1.ule3" version="4.14">
+                         <filename>libreswan-debuginfo-4.14-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1347</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-47014" id="CVE-2021-47014" title="CVE-2021-47014" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-47036" id="CVE-2021-47036" title="CVE-2021-47036" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52445" id="CVE-2023-52445" title="CVE-2023-52445" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52458" id="CVE-2023-52458" title="CVE-2023-52458" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52528" id="CVE-2023-52528" title="CVE-2023-52528" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52593" id="CVE-2023-52593" title="CVE-2023-52593" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52602" id="CVE-2023-52602" title="CVE-2023-52602" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52603" id="CVE-2023-52603" title="CVE-2023-52603" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52604" id="CVE-2023-52604" title="CVE-2023-52604" type="cve"></reference>
+          </references>
+          <description>In the Linux kernel, the following vulnerability has been resolved:net/sched: act_ct: fix wild memory access when clearing fragmentswhile testing re-assembly/re-fragmentation using act_ct, it&#39;s possible toobserve a crash like the following one: KASAN: maybe wild-memory-access in range [0x0001000000000448-0x000100000000044f] CPU: 50 PID: 0 Comm: swapper/50 Tainted: G S                5.12.0-rc7+ #424 Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017 RIP: 0010:inet_frag_rbtree_purge+0x50/0xc0 Code: 00 fc ff df 48 89 c3 31 ed 48 89 df e8 a9 7a 38 ff 4c 89 fe 48 89 df 49 89 c6 e8 5b 3a 38 ff 48 8d 7b 40 48 89 f8 48 c1 e8 03 &lt;42&gt; 80 3c 20 00 75 59 48 8d bb d0 00 00 00 4c 8b 6b 40 48 89 f8 48 RSP: 0018:ffff888c31449db8 EFLAGS: 00010203 RAX: 0000200000000089 RBX: 000100000000040e RCX: ffffffff989eb960 RDX: 0000000000000140 RSI: ffffffff97cfb977 RDI: 000100000000044e RBP: 0000000000000900 R08: 0000000000000000 R09: ffffed1186289350 R10: 0000000000000003 R11: ffffed1186289350 R12: dffffc0000000000 R13: 000100000000040e R14: 0000000000000000 R15: ffff888155e02160 FS:  0000000000000000(0000) GS:ffff888c31440000(0000) knlGS:0000000000000000 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005600cb70a5b8 CR3: 0000000a2c014005 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace:  &lt;IRQ&gt;  inet_frag_destroy+0xa9/0x150  call_timer_fn+0x2d/0x180  run_timer_softirq+0x4fe/0xe70  __do_softirq+0x197/0x5a0  irq_exit_rcu+0x1de/0x200  sysvec_apic_timer_interrupt+0x6b/0x80  &lt;/IRQ&gt;when act_ct temporarily stores an IP fragment, restoring the skb qdisc cbresults in putting random data in FRAG_CB(), and this causes those &#34;wild&#34;memory accesses later, when the rbtree is purged. Never overwrite the skbcb in case tcf_ct_handle_fragments() returns -EINPROGRESS.(CVE-2021-47014)In the Linux kernel, the following vulnerability has been resolved:udp: skip L4 aggregation for UDP tunnel packetsIf NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled, and thereare UDP tunnels available in the system, udp_gro_receive() could end-updoing L4 aggregation (either SKB_GSO_UDP_L4 or SKB_GSO_FRAGLIST) atthe outer UDP tunnel level for packets effectively carrying and UDPtunnel header.That could cause inner protocol corruption. If e.g. the relevantpackets carry a vxlan header, different vxlan ids will be ignored/aggregated to the same GSO packet. Inner headers will be ignored, too,so that e.g. TCP over vxlan push packets will be held in the GROengine till the next flush, etc.Just skip the SKB_GSO_UDP_L4 and SKB_GSO_FRAGLIST code path if thecurrent packet could land in a UDP tunnel, and let udp_gro_receive()do GRO via udp_sk(sk)-&gt;gro_receive.The check implemented in this patch is broader than what is strictlyneeded, as the existing UDP tunnel could be e.g. configured on top ofa different device: we could end-up skipping GRO at-all for some packets.Anyhow, that is a very thin corner case and covering it will add quitea bit of complexity.v1 -&gt; v2: - hopefully clarify the commit message(CVE-2021-47036)In the Linux kernel, the following vulnerability has been resolved:media: pvrusb2: fix use after free on context disconnectionUpon module load, a kthread is created targeting thepvr2_context_thread_func function, which may call pvr2_context_destroyand thus call kfree() on the context object. However, that might happenbefore the usb hub_event handler is able to notify the driver. Thispatch adds a sanity check before the invalid read reported by syzbot,within the context disconnection call stack.(CVE-2023-52445)In the Linux kernel, the following vulnerability has been resolved:block: add check that partition length needs to be aligned with block sizeBefore calling add partition or resize partition, there is no checkon whether the length is aligned with the logical block size.If the logical block size of the disk is larger than 512 bytes,then the partition size maybe not the multiple of the logical block size,and when the last sector is read, bio_truncate() will adjust the bio size,resulting in an IO error if the size of the read command is smaller thanthe logical block size.If integrity data is supported, this will alsoresult in a null pointer dereference when calling bio_integrity_free.(CVE-2023-52458)In the Linux kernel, the following vulnerability has been resolved:net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_regsyzbot reported the following uninit-value access issue:=====================================================BUG: KMSAN: uninit-value in smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline]BUG: KMSAN: uninit-value in smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482CPU: 0 PID: 8696 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011Workqueue: usb_hub_wq hub_eventCall Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline] smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 usbnet_probe+0x1152/0x3f90 drivers/net/usb/usbnet.c:1737 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241 usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554 hub_port_connect drivers/usb/core/hub.c:5208 [inline] hub_port_connect_change drivers/usb/core/hub.c:5348 [inline] port_event drivers/usb/core/hub.c:5494 [inline] hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293Local variable ----buf.i87@smsc75xx_bind created at: __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline] smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline] smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482 __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline] smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline] smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482This issue is caused because usbnet_read_cmd() reads less bytes than requested(zero byte in the reproducer). In this case, &#39;buf&#39; is not properly filled.This patch fixes the issue by returning -ENODATA if usbnet_read_cmd() readsless bytes than requested.(CVE-2023-52528)In the Linux kernel, the following vulnerability has been resolved:wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()Since &#39;ieee80211_beacon_get()&#39; can return NULL, &#39;wfx_set_mfp_ap()&#39;should check the return value before examining skb data. So convertthe latter to return an appropriate error code and propagate it toreturn from &#39;wfx_start_ap()&#39; as well. Compile tested only.(CVE-2023-52593)In the Linux kernel, the following vulnerability has been resolved:jfs: fix slab-out-of-bounds Read in dtSearchCurrently while searching for current page in the sorted entry tableof the page there is a out of bound access. Added a bound check to fixthe error.Dave:Set return code to -EIO(CVE-2023-52602)In the Linux kernel, the following vulnerability has been resolved:UBSAN: array-index-out-of-bounds in dtSplitRootSyzkaller reported the following issue:oop0: detected capacity change from 0 to 32768UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9index -2 is out of range for type &#39;struct dtslot [128]&#39;CPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022Call Trace: &lt;TASK&gt; __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283 dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971 dtSplitUp fs/jfs/jfs_dtree.c:985 [inline] dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863 jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270 vfs_mkdir+0x3b3/0x590 fs/namei.c:4013 do_mkdirat+0x279/0x550 fs/namei.c:4038 __do_sys_mkdirat fs/namei.c:4053 [inline] __se_sys_mkdirat fs/namei.c:4051 [inline] __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcdRIP: 0033:0x7fcdc0113fd9Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48RSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003RBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0R10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000R13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000 &lt;/TASK&gt;The issue is caused when the value of fsi becomes less than -1.The check to break the loop when fsi value becomes -1 is presentbut syzbot was able to produce value less than -1 which cause the error.This patch simply add the change for the values less than 0.The patch is tested via syzbot.(CVE-2023-52603)In the Linux kernel, the following vulnerability has been resolved:FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTreeSyzkaller reported the following issue:UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6index 196694 is out of range for type &#39;s8[1365]&#39; (aka &#39;signed char[1365]&#39;)CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023Call Trace: &lt;TASK&gt; __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 &lt;/TASK&gt;================================================================================Kernel panic - not syncing: UBSAN: panic_on_warn set ...CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023Call Trace: &lt;TASK&gt; __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 &lt;/TASK&gt;Kernel Offset: disabledRebooting in 86400 seconds..The issue is caused when the value of lp becomes greater thanCTLTREESIZE which is the max size of stree. Adding a simple checksolves this issue.Dave:As the function returns a void, good error handlingwould require a more intrusive code reorganization, so I modifiedOsama&#39;s patch at use WARN_ON_ONCE for lack of a cleaner option.The patch is tested via syzbot.(CVE-2023-52604)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.131.0.158.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.131.0.158.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.131.0.158.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1350</id>
+          <title>An update for edk2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-03-29"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-36765" id="CVE-2022-36765" title="CVE-2022-36765" type="cve"></reference>
+          </references>
+          <description>EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.(CVE-2022-36765)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="edk2-devel" release="16.ule3" version="202011">
+                         <filename>edk2-devel-202011-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-debugsource" release="16.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-debuginfo" release="16.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-16.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-edk2-devel" release="16.ule3" version="202011">
+                         <filename>python3-edk2-devel-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-aarch64" release="16.ule3" version="202011">
+                         <filename>edk2-aarch64-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-help" release="16.ule3" version="202011">
+                         <filename>edk2-help-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-ovmf" release="16.ule3" version="202011">
+                         <filename>edk2-ovmf-202011-16.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debugsource" release="16.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debuginfo" release="16.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-16.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-devel" release="16.ule3" version="202011">
+                         <filename>edk2-devel-202011-16.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1352</id>
+          <title>An update for util-linux is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-28085" id="CVE-2024-28085" title="CVE-2024-28085" type="cve"></reference>
+          </references>
+          <description>wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users&#39; terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.(CVE-2024-28085)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libsmartcols" release="28.ule3" version="2.37.2">
+                         <filename>libsmartcols-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="util-linux-debugsource" release="28.ule3" version="2.37.2">
+                         <filename>util-linux-debugsource-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="util-linux" release="28.ule3" version="2.37.2">
+                         <filename>util-linux-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="util-linux-devel" release="28.ule3" version="2.37.2">
+                         <filename>util-linux-devel-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libmount" release="28.ule3" version="2.37.2">
+                         <filename>libmount-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="util-linux-debuginfo" release="28.ule3" version="2.37.2">
+                         <filename>util-linux-debuginfo-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libuuid" release="28.ule3" version="2.37.2">
+                         <filename>libuuid-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="util-linux-user" release="28.ule3" version="2.37.2">
+                         <filename>util-linux-user-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libfdisk" release="28.ule3" version="2.37.2">
+                         <filename>libfdisk-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="uuidd" release="28.ule3" version="2.37.2">
+                         <filename>uuidd-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-libmount" release="28.ule3" version="2.37.2">
+                         <filename>python3-libmount-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libblkid" release="28.ule3" version="2.37.2">
+                         <filename>libblkid-2.37.2-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="util-linux-help" release="28.ule3" version="2.37.2">
+                         <filename>util-linux-help-2.37.2-28.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libsmartcols" release="28.ule3" version="2.37.2">
+                         <filename>libsmartcols-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="uuidd" release="28.ule3" version="2.37.2">
+                         <filename>uuidd-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="util-linux-debuginfo" release="28.ule3" version="2.37.2">
+                         <filename>util-linux-debuginfo-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-libmount" release="28.ule3" version="2.37.2">
+                         <filename>python3-libmount-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="util-linux" release="28.ule3" version="2.37.2">
+                         <filename>util-linux-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="util-linux-devel" release="28.ule3" version="2.37.2">
+                         <filename>util-linux-devel-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libmount" release="28.ule3" version="2.37.2">
+                         <filename>libmount-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libuuid" release="28.ule3" version="2.37.2">
+                         <filename>libuuid-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="util-linux-user" release="28.ule3" version="2.37.2">
+                         <filename>util-linux-user-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="util-linux-debugsource" release="28.ule3" version="2.37.2">
+                         <filename>util-linux-debugsource-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libblkid" release="28.ule3" version="2.37.2">
+                         <filename>libblkid-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libfdisk" release="28.ule3" version="2.37.2">
+                         <filename>libfdisk-2.37.2-28.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1356</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-03"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-47094" id="CVE-2021-47094" title="CVE-2021-47094" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52502" id="CVE-2023-52502" title="CVE-2023-52502" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52599" id="CVE-2023-52599" title="CVE-2023-52599" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52600" id="CVE-2023-52600" title="CVE-2023-52600" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52601" id="CVE-2023-52601" title="CVE-2023-52601" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-23307" id="CVE-2024-23307" title="CVE-2024-23307" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26622" id="CVE-2024-26622" title="CVE-2024-26622" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26625" id="CVE-2024-26625" title="CVE-2024-26625" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26627" id="CVE-2024-26627" title="CVE-2024-26627" type="cve"></reference>
+          </references>
+          <description>In the Linux kernel, the following vulnerability has been resolved:KVM: x86/mmu: Don&#39;t advance iterator after restart due to yieldingAfter dropping mmu_lock in the TDP MMU, restart the iterator duringtdp_iter_next() and do not advance the iterator.  Advancing the iteratorresults in skipping the top-level SPTE and all its children, which isfatal if any of the skipped SPTEs were not visited before yielding.When zapping all SPTEs, i.e. when min_level == root_level, restarting theiter and then invoking tdp_iter_next() is always fatal if the current gfnhas as a valid SPTE, as advancing the iterator results in try_step_side()skipping the current gfn, which wasn&#39;t visited before yielding.Sprinkle WARNs on iter-&gt;yielded being true in various helpers that areoften used in conjunction with yielding, and tag the helper with__must_check to reduce the probabily of improper usage.Failing to zap a top-level SPTE manifests in one of two ways.  If a validSPTE is skipped by both kvm_tdp_mmu_zap_all() and kvm_tdp_mmu_put_root(),the shadow page will be leaked and KVM will WARN accordingly.  WARNING: CPU: 1 PID: 3509 at arch/x86/kvm/mmu/tdp_mmu.c:46 [kvm]  RIP: 0010:kvm_mmu_uninit_tdp_mmu+0x3e/0x50 [kvm]  Call Trace:   &lt;TASK&gt;   kvm_arch_destroy_vm+0x130/0x1b0 [kvm]   kvm_destroy_vm+0x162/0x2a0 [kvm]   kvm_vcpu_release+0x34/0x60 [kvm]   __fput+0x82/0x240   task_work_run+0x5c/0x90   do_exit+0x364/0xa10   ? futex_unqueue+0x38/0x60   do_group_exit+0x33/0xa0   get_signal+0x155/0x850   arch_do_signal_or_restart+0xed/0x750   exit_to_user_mode_prepare+0xc5/0x120   syscall_exit_to_user_mode+0x1d/0x40   do_syscall_64+0x48/0xc0   entry_SYSCALL_64_after_hwframe+0x44/0xaeIf kvm_tdp_mmu_zap_all() skips a gfn/SPTE but that SPTE is then zapped bykvm_tdp_mmu_put_root(), KVM triggers a use-after-free in the form ofmarking a struct page as dirty/accessed after it has been put back on thefree list.  This directly triggers a WARN due to encountering a page withpage_count() == 0, but it can also lead to data corruption and additionalerrors in the kernel.  WARNING: CPU: 7 PID: 1995658 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:171  RIP: 0010:kvm_is_zone_device_pfn.part.0+0x9e/0xd0 [kvm]  Call Trace:   &lt;TASK&gt;   kvm_set_pfn_dirty+0x120/0x1d0 [kvm]   __handle_changed_spte+0x92e/0xca0 [kvm]   __handle_changed_spte+0x63c/0xca0 [kvm]   __handle_changed_spte+0x63c/0xca0 [kvm]   __handle_changed_spte+0x63c/0xca0 [kvm]   zap_gfn_range+0x549/0x620 [kvm]   kvm_tdp_mmu_put_root+0x1b6/0x270 [kvm]   mmu_free_root_page+0x219/0x2c0 [kvm]   kvm_mmu_free_roots+0x1b4/0x4e0 [kvm]   kvm_mmu_unload+0x1c/0xa0 [kvm]   kvm_arch_destroy_vm+0x1f2/0x5c0 [kvm]   kvm_put_kvm+0x3b1/0x8b0 [kvm]   kvm_vcpu_release+0x4e/0x70 [kvm]   __fput+0x1f7/0x8c0   task_work_run+0xf8/0x1a0   do_exit+0x97b/0x2230   do_group_exit+0xda/0x2a0   get_signal+0x3be/0x1e50   arch_do_signal_or_restart+0x244/0x17f0   exit_to_user_mode_prepare+0xcb/0x120   syscall_exit_to_user_mode+0x1d/0x40   do_syscall_64+0x4d/0x90   entry_SYSCALL_64_after_hwframe+0x44/0xaeNote, the underlying bug existed even before commit 1af4a96025b3 (&#34;KVM:x86/mmu: Yield in TDU MMU iter even if no SPTES changed&#34;) moved calls totdp_mmu_iter_cond_resched() to the beginning of loops, as KVM could stillincorrectly advance past a top-level entry when yielding on a lower-levelentry.  But with respect to leaking shadow pages, the bug was introducedby yielding before processing the current gfn.Alternatively, tdp_mmu_iter_cond_resched() could simply fall through, orcallers could jump to their &#34;retry&#34; label.  The downside of that approachis that tdp_mmu_iter_cond_resched() _must_ be called before anything elsein the loop, and there&#39;s no easy way to enfornce that requirement.Ideally, KVM would handling the cond_resched() fully within the iteratormacro (the code is actually quite clean) and avoid this entire class ofbugs, but that is extremely difficult do wh---truncated---(CVE-2021-47094)In the Linux kernel, the following vulnerability has been resolved:net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.Getting a reference on the socket found in a lookup whileholding a lock should happen before releasing the lock.nfc_llcp_sock_get_sn() has a similar problem.Finally nfc_llcp_recv_snl() needs to make sure the socketfound by nfc_llcp_sock_from_sn() does not disappear.(CVE-2023-52502)In the Linux kernel, the following vulnerability has been resolved:jfs: fix array-index-out-of-bounds in diNewExt[Syz report]UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2index -878706688 is out of range for type &#39;struct iagctl[128]&#39;CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023Call Trace: &lt;TASK&gt; __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360 diAllocExt fs/jfs/jfs_imap.c:1949 [inline] diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666 diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225 vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106 do_mkdirat+0x264/0x3a0 fs/namei.c:4129 __do_sys_mkdir fs/namei.c:4149 [inline] __se_sys_mkdir fs/namei.c:4147 [inline] __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6bRIP: 0033:0x7fcb7e6a0b57Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48RSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000R10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000[Analysis]When the agstart is too large, it can cause agno overflow.[Fix]After obtaining agno, if the value is invalid, exit the subsequent process.Modified the test from agno &gt; MAXAG to agno &gt;= MAXAG based on linux-nextreport by kernel test robot (Dan Carpenter).(CVE-2023-52599)In the Linux kernel, the following vulnerability has been resolved:jfs: fix uaf in jfs_evict_inodeWhen the execution of diMount(ipimap) fails, the object ipimap that has beenreleased may be accessed in diFreeSpecial(). Asynchronous ipimap release occurswhen rcu_core() calls jfs_free_node().Therefore, when diMount(ipimap) fails, sbi-&gt;ipimap should not be initialized asipimap.(CVE-2023-52600)In the Linux kernel, the following vulnerability has been resolved:jfs: fix array-index-out-of-bounds in dbAdjTreeCurrently there is a bound check missing in the dbAdjTree whileaccessing the dmt_stree. To add the required check added the bool is_ctlwhich is required to determine the size as suggest in the followingcommit.https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/(CVE-2023-52601)Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.(CVE-2024-23307)In the Linux kernel, the following vulnerability has been resolved:tomoyo: fix UAF write bug in tomoyo_write_control()Since tomoyo_write_control() updates head-&gt;write_buf when write()of long lines is requested, we need to fetch head-&gt;write_buf afterhead-&gt;io_sem is held.  Otherwise, concurrent write() requests cancause use-after-free-write and double-free problems.(CVE-2024-26622)In the Linux kernel, the following vulnerability has been resolved:llc: call sock_orphan() at release timesyzbot reported an interesting trace [1] caused by a stale sk-&gt;sk_wqpointer in a closed llc socket.In commit ff7b11aa481f (&#34;net: socket: set sock-&gt;sk to NULL aftercalling proto_ops::release()&#34;) Eric Biggers hinted that some protocolsare missing a sock_orphan(), we need to perform a full audit.In net-next, I plan to clear sock-&gt;sk from sock_orphan() andamend Eric patch to add a warning.[1] BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline] BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline] BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline] BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468Read of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27CPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014Call Trace: &lt;TASK&gt;  __dump_stack lib/dump_stack.c:88 [inline]  dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106  print_address_description mm/kasan/report.c:377 [inline]  print_report+0xc4/0x620 mm/kasan/report.c:488  kasan_report+0xda/0x110 mm/kasan/report.c:601  list_empty include/linux/list.h:373 [inline]  waitqueue_active include/linux/wait.h:127 [inline]  sock_def_write_space_wfree net/core/sock.c:3384 [inline]  sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468  skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080  skb_release_all net/core/skbuff.c:1092 [inline]  napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404  e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970  e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline]  e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801  __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576  napi_poll net/core/dev.c:6645 [inline]  net_rx_action+0x956/0xe90 net/core/dev.c:6778  __do_softirq+0x21a/0x8de kernel/softirq.c:553  run_ksoftirqd kernel/softirq.c:921 [inline]  run_ksoftirqd+0x31/0x60 kernel/softirq.c:913  smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164  kthread+0x2c6/0x3a0 kernel/kthread.c:388  ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147  ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 &lt;/TASK&gt;Allocated by task 5167:  kasan_save_stack+0x33/0x50 mm/kasan/common.c:47  kasan_save_track+0x14/0x30 mm/kasan/common.c:68  unpoison_slab_object mm/kasan/common.c:314 [inline]  __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340  kasan_slab_alloc include/linux/kasan.h:201 [inline]  slab_post_alloc_hook mm/slub.c:3813 [inline]  slab_alloc_node mm/slub.c:3860 [inline]  kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879  alloc_inode_sb include/linux/fs.h:3019 [inline]  sock_alloc_inode+0x25/0x1c0 net/socket.c:308  alloc_inode+0x5d/0x220 fs/inode.c:260  new_inode_pseudo+0x16/0x80 fs/inode.c:1005  sock_alloc+0x40/0x270 net/socket.c:634  __sock_create+0xbc/0x800 net/socket.c:1535  sock_create net/socket.c:1622 [inline]  __sys_socket_create net/socket.c:1659 [inline]  __sys_socket+0x14c/0x260 net/socket.c:1706  __do_sys_socket net/socket.c:1720 [inline]  __se_sys_socket net/socket.c:1718 [inline]  __x64_sys_socket+0x72/0xb0 net/socket.c:1718  do_syscall_x64 arch/x86/entry/common.c:52 [inline]  do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6bFreed by task 0:  kasan_save_stack+0x33/0x50 mm/kasan/common.c:47  kasan_save_track+0x14/0x30 mm/kasan/common.c:68  kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640  poison_slab_object mm/kasan/common.c:241 [inline]  __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257  kasan_slab_free include/linux/kasan.h:184 [inline]  slab_free_hook mm/slub.c:2121 [inlin---truncated---(CVE-2024-26625)In the Linux kernel, the following vulnerability has been resolved:scsi: core: Move scsi_host_busy() out of host lock for waking up EH handlerInside scsi_eh_wakeup(), scsi_host_busy() is called &amp; checked with hostlock every time for deciding if error handler kthread needs to be waken up.This can be too heavy in case of recovery, such as: - N hardware queues - queue depth is M for each hardware queue - each scsi_host_busy() iterates over (N * M) tag/requestsIf recovery is triggered in case that all requests are in-flight, eachscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is calledfor the last in-flight request, scsi_host_busy() has been run for (N * M -1) times, and request has been iterated for (N*M - 1) * (N * M) times.If both N and M are big enough, hard lockup can be triggered on acquiringhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).Fix the issue by calling scsi_host_busy() outside the host lock. We don&#39;tneed the host lock for getting busy count because host the lock nevercovers that.[mkp: Drop unnecessary &#39;busy&#39; variables pointed out by Bart](CVE-2024-26627)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.132.0.159.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.132.0.159.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.132.0.159.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1360</id>
+          <title>An update for telnet is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-39028" id="CVE-2022-39028" title="CVE-2022-39028" type="cve"></reference>
+          </references>
+          <description>telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a &#34;telnet/tcp server failing (looping), service terminated&#34; error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.(CVE-2022-39028)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="telnet-debuginfo" release="79.ule3" version="0.17">
+                         <filename>telnet-debuginfo-0.17-79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="telnet-debugsource" release="79.ule3" version="0.17">
+                         <filename>telnet-debugsource-0.17-79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="telnet-help" release="79.ule3" version="0.17">
+                         <filename>telnet-help-0.17-79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="telnet" release="79.ule3" version="0.17">
+                         <filename>telnet-0.17-79.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="telnet-help" release="79.ule3" version="0.17">
+                         <filename>telnet-help-0.17-79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="telnet-debugsource" release="79.ule3" version="0.17">
+                         <filename>telnet-debugsource-0.17-79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="telnet" release="79.ule3" version="0.17">
+                         <filename>telnet-0.17-79.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="telnet-debuginfo" release="79.ule3" version="0.17">
+                         <filename>telnet-debuginfo-0.17-79.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1364</id>
+          <title>An update for rubygem-activestorage is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26144" id="CVE-2024-26144" title="CVE-2024-26144" type="cve"></reference>
+          </references>
+          <description>Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user&#39;s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.(CVE-2024-26144)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="rubygem-activestorage" release="2.ule3" version="6.1.4.1">
+                         <filename>rubygem-activestorage-6.1.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-activestorage-doc" release="2.ule3" version="6.1.4.1">
+                         <filename>rubygem-activestorage-doc-6.1.4.1-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1371</id>
+          <title>An update for unixODBC is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-1013" id="CVE-2024-1013" title="CVE-2024-1013" type="cve"></reference>
+          </references>
+          <description>An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.(CVE-2024-1013)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="unixODBC-devel" release="3.h1.ule3" version="2.3.7">
+                         <filename>unixODBC-devel-2.3.7-3.h1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unixODBC" release="3.h1.ule3" version="2.3.7">
+                         <filename>unixODBC-2.3.7-3.h1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unixODBC-debugsource" release="3.h1.ule3" version="2.3.7">
+                         <filename>unixODBC-debugsource-2.3.7-3.h1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="unixODBC-debuginfo" release="3.h1.ule3" version="2.3.7">
+                         <filename>unixODBC-debuginfo-2.3.7-3.h1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unixODBC" release="3.h1.ule3" version="2.3.7">
+                         <filename>unixODBC-2.3.7-3.h1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unixODBC-debuginfo" release="3.h1.ule3" version="2.3.7">
+                         <filename>unixODBC-debuginfo-2.3.7-3.h1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unixODBC-debugsource" release="3.h1.ule3" version="2.3.7">
+                         <filename>unixODBC-debugsource-2.3.7-3.h1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="unixODBC-devel" release="3.h1.ule3" version="2.3.7">
+                         <filename>unixODBC-devel-2.3.7-3.h1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1377</id>
+          <title>An update for mod_security is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48279" id="CVE-2022-48279" title="CVE-2022-48279" type="cve"></reference>
+          </references>
+          <description>In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.(CVE-2022-48279)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mod_security" release="3.ule3" version="2.9.5">
+                         <filename>mod_security-2.9.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_security-debugsource" release="3.ule3" version="2.9.5">
+                         <filename>mod_security-debugsource-2.9.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_security-debuginfo" release="3.ule3" version="2.9.5">
+                         <filename>mod_security-debuginfo-2.9.5-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_security" release="3.ule3" version="2.9.5">
+                         <filename>mod_security-2.9.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_security-debuginfo" release="3.ule3" version="2.9.5">
+                         <filename>mod_security-debuginfo-2.9.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_security-debugsource" release="3.ule3" version="2.9.5">
+                         <filename>mod_security-debugsource-2.9.5-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1379</id>
+          <title>An update for expat is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52426" id="CVE-2023-52426" title="CVE-2023-52426" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-28757" id="CVE-2024-28757" title="CVE-2024-28757" type="cve"></reference>
+          </references>
+          <description>libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426)libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).(CVE-2024-28757)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="expat-devel" release="10.ule3" version="2.4.1">
+                         <filename>expat-devel-2.4.1-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat" release="10.ule3" version="2.4.1">
+                         <filename>expat-2.4.1-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat-debuginfo" release="10.ule3" version="2.4.1">
+                         <filename>expat-debuginfo-2.4.1-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="expat-debugsource" release="10.ule3" version="2.4.1">
+                         <filename>expat-debugsource-2.4.1-10.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="expat-help" release="10.ule3" version="2.4.1">
+                         <filename>expat-help-2.4.1-10.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat" release="10.ule3" version="2.4.1">
+                         <filename>expat-2.4.1-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-devel" release="10.ule3" version="2.4.1">
+                         <filename>expat-devel-2.4.1-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-debuginfo" release="10.ule3" version="2.4.1">
+                         <filename>expat-debuginfo-2.4.1-10.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="expat-debugsource" release="10.ule3" version="2.4.1">
+                         <filename>expat-debugsource-2.4.1-10.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1384</id>
+          <title>An update for openvswitch is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2639" id="CVE-2022-2639" title="CVE-2022-2639" type="cve"></reference>
+          </references>
+          <description>An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-2639)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="openvswitch-debugsource" release="8.ule3" version="2.12.4">
+                         <filename>openvswitch-debugsource-2.12.4-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-devel" release="8.ule3" version="2.12.4">
+                         <filename>openvswitch-devel-2.12.4-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch" release="8.ule3" version="2.12.4">
+                         <filename>openvswitch-2.12.4-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-help" release="8.ule3" version="2.12.4">
+                         <filename>openvswitch-help-2.12.4-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="openvswitch-debuginfo" release="8.ule3" version="2.12.4">
+                         <filename>openvswitch-debuginfo-2.12.4-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debuginfo" release="8.ule3" version="2.12.4">
+                         <filename>openvswitch-debuginfo-2.12.4-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-help" release="8.ule3" version="2.12.4">
+                         <filename>openvswitch-help-2.12.4-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-debugsource" release="8.ule3" version="2.12.4">
+                         <filename>openvswitch-debugsource-2.12.4-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch-devel" release="8.ule3" version="2.12.4">
+                         <filename>openvswitch-devel-2.12.4-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="openvswitch" release="8.ule3" version="2.12.4">
+                         <filename>openvswitch-2.12.4-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1388</id>
+          <title>An update for python-pymongo is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-21506" id="CVE-2024-21506" title="CVE-2024-21506" type="cve"></reference>
+          </references>
+          <description>Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.(CVE-2024-21506)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-pymongo-debugsource" release="3.ule3" version="3.11.3">
+                         <filename>python-pymongo-debugsource-3.11.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-bson" release="3.ule3" version="3.11.3">
+                         <filename>python3-bson-3.11.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pymongo" release="3.ule3" version="3.11.3">
+                         <filename>python3-pymongo-3.11.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pymongo-gridfs" release="3.ule3" version="3.11.3">
+                         <filename>python3-pymongo-gridfs-3.11.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pymongo-debuginfo" release="3.ule3" version="3.11.3">
+                         <filename>python-pymongo-debuginfo-3.11.3-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python-pymongo-help" release="3.ule3" version="3.11.3">
+                         <filename>python-pymongo-help-3.11.3-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-bson" release="3.ule3" version="3.11.3">
+                         <filename>python3-bson-3.11.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pymongo-gridfs" release="3.ule3" version="3.11.3">
+                         <filename>python3-pymongo-gridfs-3.11.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pymongo" release="3.ule3" version="3.11.3">
+                         <filename>python3-pymongo-3.11.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pymongo-debugsource" release="3.ule3" version="3.11.3">
+                         <filename>python-pymongo-debugsource-3.11.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pymongo-debuginfo" release="3.ule3" version="3.11.3">
+                         <filename>python-pymongo-debuginfo-3.11.3-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1389</id>
+          <title>An update for nghttp2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-28182" id="CVE-2024-28182" title="CVE-2024-28182" type="cve"></reference>
+          </references>
+          <description>nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync.  This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.(CVE-2024-28182)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libnghttp2" release="5.ule3" version="1.46.0">
+                         <filename>libnghttp2-1.46.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libnghttp2-devel" release="5.ule3" version="1.46.0">
+                         <filename>libnghttp2-devel-1.46.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nghttp2-debugsource" release="5.ule3" version="1.46.0">
+                         <filename>nghttp2-debugsource-1.46.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nghttp2-debuginfo" release="5.ule3" version="1.46.0">
+                         <filename>nghttp2-debuginfo-1.46.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="nghttp2" release="5.ule3" version="1.46.0">
+                         <filename>nghttp2-1.46.0-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="nghttp2-help" release="5.ule3" version="1.46.0">
+                         <filename>nghttp2-help-1.46.0-5.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nghttp2-debuginfo" release="5.ule3" version="1.46.0">
+                         <filename>nghttp2-debuginfo-1.46.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libnghttp2" release="5.ule3" version="1.46.0">
+                         <filename>libnghttp2-1.46.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nghttp2-debugsource" release="5.ule3" version="1.46.0">
+                         <filename>nghttp2-debugsource-1.46.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libnghttp2-devel" release="5.ule3" version="1.46.0">
+                         <filename>libnghttp2-devel-1.46.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="nghttp2" release="5.ule3" version="1.46.0">
+                         <filename>nghttp2-1.46.0-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1390</id>
+          <title>An update for emacs is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-30204" id="CVE-2024-30204" title="CVE-2024-30204" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-30205" id="CVE-2024-30205" title="CVE-2024-30205" type="cve"></reference>
+          </references>
+          <description>In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.(CVE-2024-30204)In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.(CVE-2024-30205)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="emacs-lucid" release="13.ule3" version="27.2">
+                         <filename>emacs-lucid-27.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-devel" release="13.ule3" version="27.2">
+                         <filename>emacs-devel-27.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-debugsource" release="13.ule3" version="27.2">
+                         <filename>emacs-debugsource-27.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-nox" release="13.ule3" version="27.2">
+                         <filename>emacs-nox-27.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs" release="13.ule3" version="27.2">
+                         <filename>emacs-27.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-debuginfo" release="13.ule3" version="27.2">
+                         <filename>emacs-debuginfo-27.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="emacs-common" release="13.ule3" version="27.2">
+                         <filename>emacs-common-27.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-filesystem" release="13.ule3" version="27.2">
+                         <filename>emacs-filesystem-27.2-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-help" release="13.ule3" version="27.2">
+                         <filename>emacs-help-27.2-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="emacs-terminal" release="13.ule3" version="27.2">
+                         <filename>emacs-terminal-27.2-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-nox" release="13.ule3" version="27.2">
+                         <filename>emacs-nox-27.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-debuginfo" release="13.ule3" version="27.2">
+                         <filename>emacs-debuginfo-27.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs" release="13.ule3" version="27.2">
+                         <filename>emacs-27.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-devel" release="13.ule3" version="27.2">
+                         <filename>emacs-devel-27.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-lucid" release="13.ule3" version="27.2">
+                         <filename>emacs-lucid-27.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-debugsource" release="13.ule3" version="27.2">
+                         <filename>emacs-debugsource-27.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="emacs-common" release="13.ule3" version="27.2">
+                         <filename>emacs-common-27.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1391</id>
+          <title>An update for libvirt is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-1441" id="CVE-2024-1441" title="CVE-2024-1441" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-2494" id="CVE-2024-2494" title="CVE-2024-2494" type="cve"></reference>
+          </references>
+          <description>An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-1441)A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-2494)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libvirt-daemon-driver-nwfilter" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nwfilter-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-admin" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-admin-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-debuginfo" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-debuginfo-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-rbd" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-rbd-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-docs" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-docs-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-gluster" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-gluster-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-qemu" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-qemu-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-bash-completion" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-bash-completion-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-interface" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-interface-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-iscsi-direct" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-direct-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-qemu" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-qemu-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-client" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-client-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-iscsi" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-libs" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-libs-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-nss" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-nss-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-debugsource" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-debugsource-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-config-network" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-network-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-network" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-network-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-wireshark" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-wireshark-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-core" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-core-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-mpath" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-mpath-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-config-nwfilter" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-nwfilter-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-devel" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-devel-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-secret" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-secret-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-lock-sanlock" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-lock-sanlock-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-kvm" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-kvm-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-disk" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-disk-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-nodedev" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nodedev-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-scsi" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-scsi-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libvirt-daemon-driver-storage-logical" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-logical-6.2.0-63.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-libs" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-libs-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-debuginfo" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-debuginfo-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-lock-sanlock" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-lock-sanlock-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-kvm" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-kvm-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-disk" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-disk-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-nwfilter" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nwfilter-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-scsi" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-scsi-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-core" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-core-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-config-nwfilter" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-nwfilter-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-secret" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-secret-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-nodedev" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-nodedev-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-iscsi" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-devel" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-devel-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-qemu" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-qemu-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-docs" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-docs-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-debugsource" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-debugsource-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-logical" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-logical-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-mpath" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-mpath-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-gluster" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-gluster-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-rbd" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-rbd-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-nss" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-nss-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-client" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-client-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-admin" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-admin-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-storage-iscsi-direct" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-storage-iscsi-direct-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-qemu" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-qemu-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-wireshark" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-wireshark-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-config-network" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-config-network-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-bash-completion" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-bash-completion-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-interface" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-interface-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libvirt-daemon-driver-network" release="63.ule3" version="6.2.0">
+                         <filename>libvirt-daemon-driver-network-6.2.0-63.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1394</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-46926" id="CVE-2021-46926" title="CVE-2021-46926" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-47037" id="CVE-2021-47037" title="CVE-2021-47037" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52443" id="CVE-2023-52443" title="CVE-2023-52443" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52454" id="CVE-2023-52454" title="CVE-2023-52454" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52456" id="CVE-2023-52456" title="CVE-2023-52456" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52467" id="CVE-2023-52467" title="CVE-2023-52467" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52469" id="CVE-2023-52469" title="CVE-2023-52469" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52476" id="CVE-2023-52476" title="CVE-2023-52476" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52479" id="CVE-2023-52479" title="CVE-2023-52479" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52484" id="CVE-2023-52484" title="CVE-2023-52484" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26585" id="CVE-2024-26585" title="CVE-2024-26585" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26589" id="CVE-2024-26589" title="CVE-2024-26589" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26593" id="CVE-2024-26593" title="CVE-2024-26593" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26597" id="CVE-2024-26597" title="CVE-2024-26597" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26600" id="CVE-2024-26600" title="CVE-2024-26600" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26606" id="CVE-2024-26606" title="CVE-2024-26606" type="cve"></reference>
+          </references>
+          <description>In the Linux kernel, the following vulnerability has been resolved:ALSA: hda: intel-sdw-acpi: harden detection of controllerThe existing code currently sets a pointer to an ACPI handle beforechecking that it&#39;s actually a SoundWire controller. This can lead toissues where the graph walk continues and eventually fails, but thepointer was set already.This patch changes the logic so that the information provided tothe caller is set when a controller is found.(CVE-2021-46926)In the Linux kernel, the following vulnerability has been resolved:ASoC: q6afe-clocks: fix reprobing of the driverQ6afe-clocks driver can get reprobed. For example if the APR servicesare restarted after the firmware crash. However currently Q6afe-clocksdriver will oops because hw.init will get cleared during first _probecall. Rewrite the driver to fill the clock data at runtime rather thanusing big static array of clocks.(CVE-2021-47037)In the Linux kernel, the following vulnerability has been resolved:apparmor: avoid crash when parsed profile name is emptyWhen processing a packed profile in unpack_profile() described like &#34;profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}&#34;a string &#34;:samba-dcerpcd&#34; is unpacked as a fully-qualified name and thenpassed to aa_splitn_fqname().aa_splitn_fqname() treats &#34;:samba-dcerpcd&#34; as only containing a namespace.Thus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Lateraa_alloc_profile() crashes as the new profile name is NULL now.general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTIKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]CPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014RIP: 0010:strlen+0x1e/0xa0Call Trace: &lt;TASK&gt; ? strlen+0x1e/0xa0 aa_policy_init+0x1bb/0x230 aa_alloc_profile+0xb1/0x480 unpack_profile+0x3bc/0x4960 aa_unpack+0x309/0x15e0 aa_replace_profiles+0x213/0x33c0 policy_update+0x261/0x370 profile_replace+0x20e/0x2a0 vfs_write+0x2af/0xe00 ksys_write+0x126/0x250 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 &lt;/TASK&gt;---[ end trace 0000000000000000 ]---RIP: 0010:strlen+0x1e/0xa0It seems such behaviour of aa_splitn_fqname() is expected and checked inother places where it is called (e.g. aa_remove_profiles). Well, thereis an explicit comment &#34;a ns name without a following profile is allowed&#34;inside.AFAICS, nothing can prevent unpacked &#34;name&#34; to be in form like&#34;:samba-dcerpcd&#34; - it is passed from userspace.Deny the whole profile set replacement in such case and inform user withEPROTO and an explaining message.Found by Linux Verification Center (linuxtesting.org).(CVE-2023-52443)In the Linux kernel, the following vulnerability has been resolved:nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU lengthIf the host sends an H2CData command with an invalid DATAL,the kernel may crash in nvmet_tcp_build_pdu_iovec().Unable to handle kernel NULL pointer dereference atvirtual address 0000000000000000lr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp]Call trace:  process_one_work+0x174/0x3c8  worker_thread+0x2d0/0x3e8  kthread+0x104/0x110Fix the bug by raising a fatal error if DATAL isn&#39;t coherentwith the packet size.Also, the PDU length should never exceed the MAXH2CDATA parameter whichhas been communicated to the host in nvmet_tcp_handle_icreq().(CVE-2023-52454)In the Linux kernel, the following vulnerability has been resolved:serial: imx: fix tx statemachine deadlockWhen using the serial port as RS485 port, the tx statemachine is used tocontrol the RTS pin to drive the RS485 transceiver TX_EN pin. When theTTY port is closed in the middle of a transmission (for instance duringuserland application crash), imx_uart_shutdown disables the interfaceand disables the Transmission Complete interrupt. afer that,imx_uart_stop_tx bails on an incomplete transmission, to be retriggeredby the TC interrupt. This interrupt is disabled and therefore the txstatemachine never transitions out of SEND. The statemachine is indeadlock now, and the TX_EN remains low, making the interface useless.imx_uart_stop_tx now checks for incomplete transmission AND whether TCinterrupts are enabled before bailing to be retriggered. This makes surethe state machine handling is reached, and is properly set toWAIT_AFTER_SEND.(CVE-2023-52456)In the Linux kernel, the following vulnerability has been resolved:mfd: syscon: Fix null pointer dereference in of_syscon_register()kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure.(CVE-2023-52467)In the Linux kernel, the following vulnerability has been resolved:drivers/amd/pm: fix a use-after-free in kv_parse_power_tableWhen ps allocated by kzalloc equals to NULL, kv_parse_power_tablefrees adev-&gt;pm.dpm.ps that allocated before. However, after the controlflow goes through the following call chains:kv_parse_power_table  |-&gt; kv_dpm_init        |-&gt; kv_dpm_sw_init&#x9;      |-&gt; kv_dpm_finiThe adev-&gt;pm.dpm.ps is used in the for loop of kv_dpm_fini after itsfirst free in kv_parse_power_table and causes a use-after-free bug.(CVE-2023-52469)In the Linux kernel, the following vulnerability has been resolved:perf/x86/lbr: Filter vsyscall addressesWe found that a panic can occur when a vsyscall is made while LBR samplingis active. If the vsyscall is interrupted (NMI) for perf sampling, thiscall sequence can occur (most recent at top):    __insn_get_emulate_prefix()    insn_get_emulate_prefix()    insn_get_prefixes()    insn_get_opcode()    decode_branch_type()    get_branch_type()    intel_pmu_lbr_filter()    intel_pmu_handle_irq()    perf_event_nmi_handler()Within __insn_get_emulate_prefix() at frame 0, a macro is called:    peek_nbyte_next(insn_byte_t, insn, i)Within this macro, this dereference occurs:    (insn)-&gt;next_byteInspecting registers at this point, the value of the next_byte field is theaddress of the vsyscall made, for example the location of the vsyscallversion of gettimeofday() at 0xffffffffff600000. The access to an addressin the vsyscall region will trigger an oops due to an unhandled page fault.To fix the bug, filtering for vsyscalls can be done whendetermining the branch type. This patch will returna &#34;none&#34; branch if a kernel address if found to lie in thevsyscall region.(CVE-2023-52476)In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix uaf in smb20_oplock_break_ackdrop reference after use opinfo.(CVE-2023-52479)In the Linux kernel, the following vulnerability has been resolved:iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_rangeWhen running an SVA case, the following soft lockup is triggered:--------------------------------------------------------------------watchdog: BUG: soft lockup - CPU#244 stuck for 26s!pstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)pc : arm_smmu_cmdq_issue_cmdlist+0x178/0xa50lr : arm_smmu_cmdq_issue_cmdlist+0x150/0xa50sp : ffff8000d83ef290x29: ffff8000d83ef290 x28: 000000003b9aca00 x27: 0000000000000000x26: ffff8000d83ef3c0 x25: da86c0812194a0e8 x24: 0000000000000000x23: 0000000000000040 x22: ffff8000d83ef340 x21: ffff0000c63980c0x20: 0000000000000001 x19: ffff0000c6398080 x18: 0000000000000000x17: 0000000000000000 x16: 0000000000000000 x15: ffff3000b4a3bbb0x14: ffff3000b4a30888 x13: ffff3000b4a3cf60 x12: 0000000000000000x11: 0000000000000000 x10: 0000000000000000 x9 : ffffc08120e4d6bcx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000048cfax5 : 0000000000000000 x4 : 0000000000000001 x3 : 000000000000000ax2 : 0000000080000000 x1 : 0000000000000000 x0 : 0000000000000001Call trace: arm_smmu_cmdq_issue_cmdlist+0x178/0xa50 __arm_smmu_tlb_inv_range+0x118/0x254 arm_smmu_tlb_inv_range_asid+0x6c/0x130 arm_smmu_mm_invalidate_range+0xa0/0xa4 __mmu_notifier_invalidate_range_end+0x88/0x120 unmap_vmas+0x194/0x1e0 unmap_region+0xb4/0x144 do_mas_align_munmap+0x290/0x490 do_mas_munmap+0xbc/0x124 __vm_munmap+0xa8/0x19c __arm64_sys_munmap+0x28/0x50 invoke_syscall+0x78/0x11c el0_svc_common.constprop.0+0x58/0x1c0 do_el0_svc+0x34/0x60 el0_svc+0x2c/0xd4 el0t_64_sync_handler+0x114/0x140 el0t_64_sync+0x1a4/0x1a8--------------------------------------------------------------------Note that since 6.6-rc1 the arm_smmu_mm_invalidate_range above is renamedto &#34;arm_smmu_mm_arch_invalidate_secondary_tlbs&#34;, yet the problem remains.The commit 06ff87bae8d3 (&#34;arm64: mm: remove unused functions and variableprotoypes&#34;) fixed a similar lockup on the CPU MMU side. Yet, it can occurto SMMU too, since arm_smmu_mm_arch_invalidate_secondary_tlbs() is calledtypically next to MMU tlb flush function, e.g.&#x9;tlb_flush_mmu_tlbonly {&#x9;&#x9;tlb_flush {&#x9;&#x9;&#x9;__flush_tlb_range {&#x9;&#x9;&#x9;&#x9;// check MAX_TLBI_OPS&#x9;&#x9;&#x9;}&#x9;&#x9;}&#x9;&#x9;mmu_notifier_arch_invalidate_secondary_tlbs {&#x9;&#x9;&#x9;arm_smmu_mm_arch_invalidate_secondary_tlbs {&#x9;&#x9;&#x9;&#x9;// does not check MAX_TLBI_OPS&#x9;&#x9;&#x9;}&#x9;&#x9;}&#x9;}Clone a CMDQ_MAX_TLBI_OPS from the MAX_TLBI_OPS in tlbflush.h, since in anSVA case SMMU uses the CPU page table, so it makes sense to align with thetlbflush code. Then, replace per-page TLBI commands with a single per-asidTLBI command, if the request size hits this threshold.(CVE-2023-52484)In the Linux kernel, the following vulnerability has been resolved:tls: fix race between tx work scheduling and socket closeSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)may exit as soon as the async crypto handler calls complete().Reorder scheduling the work before calling complete().This seems more logical in the first place, as it&#39;sthe inverse order of what the submitting thread will do.(CVE-2024-26585)In the Linux kernel, the following vulnerability has been resolved:bpf: Reject variable offset alu on PTR_TO_FLOW_KEYSFor PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed offfor validation. However, variable offset ptr alu is not prohibitedfor this ptr kind. So the variable offset is not checked.The following prog is accepted:  func#0 @0  0: R1=ctx() R10=fp0  0: (bf) r6 = r1                       ; R1=ctx() R6_w=ctx()  1: (79) r7 = *(u64 *)(r6 +144)        ; R6_w=ctx() R7_w=flow_keys()  2: (b7) r8 = 1024                     ; R8_w=1024  3: (37) r8 /= 1                       ; R8_w=scalar()  4: (57) r8 &amp;= 1024                    ; R8_w=scalar(smin=smin32=0,  smax=umax=smax32=umax32=1024,var_off=(0x0; 0x400))  5: (0f) r7 += r8  mark_precise: frame0: last_idx 5 first_idx 0 subseq_idx -1  mark_precise: frame0: regs=r8 stack= before 4: (57) r8 &amp;= 1024  mark_precise: frame0: regs=r8 stack= before 3: (37) r8 /= 1  mark_precise: frame0: regs=r8 stack= before 2: (b7) r8 = 1024  6: R7_w=flow_keys(smin=smin32=0,smax=umax=smax32=umax32=1024,var_off  =(0x0; 0x400)) R8_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=1024,  var_off=(0x0; 0x400))  6: (79) r0 = *(u64 *)(r7 +0)          ; R0_w=scalar()  7: (95) exitThis prog loads flow_keys to r7, and adds the variable offset r8to r7, and finally causes out-of-bounds access:  BUG: unable to handle page fault for address: ffffc90014c80038  [...]  Call Trace:   &lt;TASK&gt;   bpf_dispatcher_nop_func include/linux/bpf.h:1231 [inline]   __bpf_prog_run include/linux/filter.h:651 [inline]   bpf_prog_run include/linux/filter.h:658 [inline]   bpf_prog_run_pin_on_cpu include/linux/filter.h:675 [inline]   bpf_flow_dissect+0x15f/0x350 net/core/flow_dissector.c:991   bpf_prog_test_run_flow_dissector+0x39d/0x620 net/bpf/test_run.c:1359   bpf_prog_test_run kernel/bpf/syscall.c:4107 [inline]   __sys_bpf+0xf8f/0x4560 kernel/bpf/syscall.c:5475   __do_sys_bpf kernel/bpf/syscall.c:5561 [inline]   __se_sys_bpf kernel/bpf/syscall.c:5559 [inline]   __x64_sys_bpf+0x73/0xb0 kernel/bpf/syscall.c:5559   do_syscall_x64 arch/x86/entry/common.c:52 [inline]   do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83   entry_SYSCALL_64_after_hwframe+0x63/0x6bFix this by rejecting ptr alu with variable offset on flow_keys.Applying the patch rejects the program with &#34;R7 pointer arithmeticon flow_keys prohibited&#34;.(CVE-2024-26589)In the Linux kernel, the following vulnerability has been resolved:i2c: i801: Fix block process call transactionsAccording to the Intel datasheets, software must reset the blockbuffer index twice for block process call transactions: once beforewriting the outgoing data to the buffer, and once again beforereading the incoming data from the buffer.The driver is currently missing the second reset, causing the wrongportion of the block buffer to be read.(CVE-2024-26593)In the Linux kernel, the following vulnerability has been resolved:net: qualcomm: rmnet: fix global oob in rmnet_policyThe variable rmnet_link_ops assign a *bigger* maxtype which leads to aglobal out-of-bounds read when parsing the netlink attributes. See bugtrace below:==================================================================BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G                 N 6.1.0 #3Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014Call Trace: &lt;TASK&gt; __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c:495 validate_nla lib/nlattr.c:386 [inline] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 nla_parse_nested_deprecated include/net/netlink.h:1248 [inline] __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594 rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091 netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0x154/0x190 net/socket.c:734 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcdRIP: 0033:0x7fdcf2072359Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002eRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000 &lt;/TASK&gt;The buggy address belongs to the variable: rmnet_policy+0x30/0xe0The buggy address belongs to the physical page:page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243flags: 0x200000000001000(reserved|node=0|zone=2)raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000page dumped because: kasan: bad access detectedMemory state around the buggy address: ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07 ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9&gt;ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9                                                 ^ ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9According to the comment of `nla_parse_nested_deprecated`, the maxtypeshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.(CVE-2024-26597)In the Linux kernel, the following vulnerability has been resolved:phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRPIf the external phy working together with phy-omap-usb2 does not implementsend_srp(), we may still attempt to call it. This can happen on an idleEthernet gadget triggering a wakeup for example:configfs-gadget.g1 gadget.0: ECM Suspendconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup...Unable to handle kernel NULL pointer dereference at virtual address00000000 when execute...PC is at 0x0LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]...musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24cdev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4sch_direct_xmit from __dev_queue_xmit+0x334/0xd88__dev_queue_xmit from arp_solicit+0xf0/0x268arp_solicit from neigh_probe+0x54/0x7cneigh_probe from __neigh_event_send+0x22c/0x47c__neigh_event_send from neigh_resolve_output+0x14c/0x1c0neigh_resolve_output from ip_finish_output2+0x1c8/0x628ip_finish_output2 from ip_send_skb+0x40/0xd8ip_send_skb from udp_send_skb+0x124/0x340udp_send_skb from udp_sendmsg+0x780/0x984udp_sendmsg from __sys_sendto+0xd8/0x158__sys_sendto from ret_fast_syscall+0x0/0x58Let&#39;s fix the issue by checking for send_srp() and set_vbus() beforecalling them. For USB peripheral only cases these both could be NULL.(CVE-2024-26600)In the Linux kernel, the following vulnerability has been resolved:binder: signal epoll threads of self-workIn (e)poll mode, threads often depend on I/O events to determine whendata is ready for consumption. Within binder, a thread may initiate acommand via BINDER_WRITE_READ without a read buffer and then make useof epoll_wait() or similar to consume any responses afterwards.It is then crucial that epoll threads are signaled via wakeup when theyqueue their own work. Otherwise, they risk waiting indefinitely for anevent leaving their work unhandled. What is worse, subsequent commandswon&#39;t trigger a wakeup either as the thread has pending work.(CVE-2024-26606)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.133.0.160.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.133.0.160.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.133.0.160.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1402</id>
+          <title>An update for nodejs-qs is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-24999" id="CVE-2022-24999" title="CVE-2022-24999" type="cve"></reference>
+          </references>
+          <description>qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&amp;a[__proto__]&amp;a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has &#34;deps: qs@6.9.7&#34; in its release description, is not vulnerable).(CVE-2022-24999)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="nodejs-qs" release="2.ule3" version="6.5.1">
+                         <filename>nodejs-qs-6.5.1-2.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1405</id>
+          <title>An update for mozjs78 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23599" id="CVE-2023-23599" title="CVE-2023-23599" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-23601" id="CVE-2023-23601" title="CVE-2023-23601" type="cve"></reference>
+          </references>
+          <description>When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox &lt; 109, Thunderbird &lt; 102.7, and Firefox ESR &lt; 102.7.(CVE-2023-23599)Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox &lt; 109, Thunderbird &lt; 102.7, and Firefox ESR &lt; 102.7.(CVE-2023-23601)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libmozjs-91-0" release="4.ule3" version="91.6.0">
+                         <filename>libmozjs-91-0-91.6.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mozjs91-debuginfo" release="4.ule3" version="91.6.0">
+                         <filename>mozjs91-debuginfo-91.6.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mozjs91-devel" release="4.ule3" version="91.6.0">
+                         <filename>mozjs91-devel-91.6.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mozjs91-debugsource" release="4.ule3" version="91.6.0">
+                         <filename>mozjs91-debugsource-91.6.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mozjs91" release="4.ule3" version="91.6.0">
+                         <filename>mozjs91-91.6.0-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mozjs91-debugsource" release="4.ule3" version="91.6.0">
+                         <filename>mozjs91-debugsource-91.6.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mozjs91-devel" release="4.ule3" version="91.6.0">
+                         <filename>mozjs91-devel-91.6.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mozjs91" release="4.ule3" version="91.6.0">
+                         <filename>mozjs91-91.6.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mozjs91-debuginfo" release="4.ule3" version="91.6.0">
+                         <filename>mozjs91-debuginfo-91.6.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libmozjs-91-0" release="4.ule3" version="91.6.0">
+                         <filename>libmozjs-91-0-91.6.0-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1412</id>
+          <title>An update for curl is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-2398" id="CVE-2024-2398" title="CVE-2024-2398" type="cve"></reference>
+          </references>
+          <description>When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.  Further, this error condition fails silently and is therefore not easily detected by an application.(CVE-2024-2398)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="curl-debuginfo" release="28.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl-devel" release="28.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl" release="28.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libcurl" release="28.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="curl-debugsource" release="28.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="curl-help" release="28.ule3" version="7.79.1">
+                         <filename>curl-help-7.79.1-28.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl" release="28.ule3" version="7.79.1">
+                         <filename>curl-7.79.1-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debuginfo" release="28.ule3" version="7.79.1">
+                         <filename>curl-debuginfo-7.79.1-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="curl-debugsource" release="28.ule3" version="7.79.1">
+                         <filename>curl-debugsource-7.79.1-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl" release="28.ule3" version="7.79.1">
+                         <filename>libcurl-7.79.1-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libcurl-devel" release="28.ule3" version="7.79.1">
+                         <filename>libcurl-devel-7.79.1-28.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1415</id>
+          <title>An update for varnish is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-30156" id="CVE-2024-30156" title="CVE-2024-30156" type="cve"></reference>
+          </references>
+          <description>Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.(CVE-2024-30156)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="varnish" release="1.ule3" version="7.4.3">
+                         <filename>varnish-7.4.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debugsource" release="1.ule3" version="7.4.3">
+                         <filename>varnish-debugsource-7.4.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-devel" release="1.ule3" version="7.4.3">
+                         <filename>varnish-devel-7.4.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="varnish-debuginfo" release="1.ule3" version="7.4.3">
+                         <filename>varnish-debuginfo-7.4.3-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="varnish-help" release="1.ule3" version="7.4.3">
+                         <filename>varnish-help-7.4.3-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish" release="1.ule3" version="7.4.3">
+                         <filename>varnish-7.4.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debugsource" release="1.ule3" version="7.4.3">
+                         <filename>varnish-debugsource-7.4.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-debuginfo" release="1.ule3" version="7.4.3">
+                         <filename>varnish-debuginfo-7.4.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="varnish-devel" release="1.ule3" version="7.4.3">
+                         <filename>varnish-devel-7.4.3-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1416</id>
+          <title>An update for xorg-x11-server is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-31080" id="CVE-2024-31080" title="CVE-2024-31080" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-31081" id="CVE-2024-31081" title="CVE-2024-31081" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-31082" id="CVE-2024-31082" title="CVE-2024-31082" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-31083" id="CVE-2024-31083" title="CVE-2024-31083" type="cve"></reference>
+          </references>
+          <description>A heap-based buffer over-read vulnerability was found in the X.org server&#39;s ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker&#39;s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31080)A heap-based buffer over-read vulnerability was found in the X.org server&#39;s ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker&#39;s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31081)A heap-based buffer over-read vulnerability was found in the X.org server&#39;s ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker&#39;s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31082)A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.(CVE-2024-31083)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="xorg-x11-server-Xnest" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xdmx" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xephyr" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-devel" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-Xvfb" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debugsource" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-debuginfo" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="xorg-x11-server-common" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-28.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-help" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-help-1.20.11-28.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="xorg-x11-server-source" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-source-1.20.11-28.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xephyr" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xephyr-1.20.11-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debuginfo" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debuginfo-1.20.11-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-common" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-common-1.20.11-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-debugsource" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-debugsource-1.20.11-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xnest" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xnest-1.20.11-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xdmx" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xdmx-1.20.11-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-devel" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-devel-1.20.11-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-1.20.11-28.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="xorg-x11-server-Xvfb" release="28.ule3" version="1.20.11">
+                         <filename>xorg-x11-server-Xvfb-1.20.11-28.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1418</id>
+          <title>An update for iperf3 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-7250" id="CVE-2023-7250" title="CVE-2023-7250" type="cve"></reference>
+          </references>
+          <description>A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.(CVE-2023-7250)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="iperf3-devel" release="1.ule3" version="3.16">
+                         <filename>iperf3-devel-3.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="iperf3-debuginfo" release="1.ule3" version="3.16">
+                         <filename>iperf3-debuginfo-3.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="iperf3" release="1.ule3" version="3.16">
+                         <filename>iperf3-3.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="iperf3-debugsource" release="1.ule3" version="3.16">
+                         <filename>iperf3-debugsource-3.16-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="iperf3-help" release="1.ule3" version="3.16">
+                         <filename>iperf3-help-3.16-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iperf3-devel" release="1.ule3" version="3.16">
+                         <filename>iperf3-devel-3.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iperf3-debuginfo" release="1.ule3" version="3.16">
+                         <filename>iperf3-debuginfo-3.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iperf3-debugsource" release="1.ule3" version="3.16">
+                         <filename>iperf3-debugsource-3.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="iperf3" release="1.ule3" version="3.16">
+                         <filename>iperf3-3.16-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1424</id>
+          <title>An update for flatpak is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28100" id="CVE-2023-28100" title="CVE-2023-28100" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-28101" id="CVE-2023-28101" title="CVE-2023-28101" type="cve"></reference>
+          </references>
+          <description>Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don&#39;t run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.(CVE-2023-28100)Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.(CVE-2023-28101)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="flatpak-debuginfo" release="7.ule3" version="1.10.2">
+                         <filename>flatpak-debuginfo-1.10.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flatpak-devel" release="7.ule3" version="1.10.2">
+                         <filename>flatpak-devel-1.10.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flatpak" release="7.ule3" version="1.10.2">
+                         <filename>flatpak-1.10.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flatpak-debugsource" release="7.ule3" version="1.10.2">
+                         <filename>flatpak-debugsource-1.10.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="flatpak-help" release="7.ule3" version="1.10.2">
+                         <filename>flatpak-help-1.10.2-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flatpak" release="7.ule3" version="1.10.2">
+                         <filename>flatpak-1.10.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flatpak-debuginfo" release="7.ule3" version="1.10.2">
+                         <filename>flatpak-debuginfo-1.10.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flatpak-debugsource" release="7.ule3" version="1.10.2">
+                         <filename>flatpak-debugsource-1.10.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flatpak-devel" release="7.ule3" version="1.10.2">
+                         <filename>flatpak-devel-1.10.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1428</id>
+          <title>An update for wireshark is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0666" id="CVE-2023-0666" title="CVE-2023-0666" type="cve"></reference>
+          </references>
+          <description>Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.(CVE-2023-0666)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="wireshark" release="7.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-help" release="7.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-devel" release="7.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debugsource" release="7.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="wireshark-debuginfo" release="7.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark" release="7.ule3" version="3.6.14">
+                         <filename>wireshark-3.6.14-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debugsource" release="7.ule3" version="3.6.14">
+                         <filename>wireshark-debugsource-3.6.14-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-devel" release="7.ule3" version="3.6.14">
+                         <filename>wireshark-devel-3.6.14-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-debuginfo" release="7.ule3" version="3.6.14">
+                         <filename>wireshark-debuginfo-3.6.14-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="wireshark-help" release="7.ule3" version="3.6.14">
+                         <filename>wireshark-help-3.6.14-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1432</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24784" id="CVE-2024-24784" title="CVE-2024-24784" type="cve"></reference>
+          </references>
+          <description>The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.(CVE-2024-24784)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="30.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-30.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="30.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-30.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="30.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-30.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="30.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-30.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1433</id>
+          <title>An update for ruby is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-27280" id="CVE-2024-27280" title="CVE-2024-27280" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-27281" id="CVE-2024-27281" title="CVE-2024-27281" type="cve"></reference>
+          </references>
+          <description>A buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a StringIO object can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.(CVE-2024-27280)A flaw was found in Rubygem RDoc. When parsing .rdoc_options used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution.(CVE-2024-27281)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="ruby-devel" release="132.ule3" version="3.0.3">
+                         <filename>ruby-devel-3.0.3-132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-psych" release="132.ule3" version="3.3.2">
+                         <filename>rubygem-psych-3.3.2-132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-io-console" release="132.ule3" version="0.5.7">
+                         <filename>rubygem-io-console-0.5.7-132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-debuginfo" release="132.ule3" version="3.0.3">
+                         <filename>ruby-debuginfo-3.0.3-132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby-debugsource" release="132.ule3" version="3.0.3">
+                         <filename>ruby-debugsource-3.0.3-132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="ruby" release="132.ule3" version="3.0.3">
+                         <filename>ruby-3.0.3-132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-json" release="132.ule3" version="2.5.1">
+                         <filename>rubygem-json-2.5.1-132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-bigdecimal" release="132.ule3" version="3.0.0">
+                         <filename>rubygem-bigdecimal-3.0.0-132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="rubygem-openssl" release="132.ule3" version="2.2.1">
+                         <filename>rubygem-openssl-2.2.1-132.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygems-devel" release="132.ule3" version="3.2.32">
+                         <filename>rubygems-devel-3.2.32-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-did_you_mean" release="132.ule3" version="1.5.0">
+                         <filename>rubygem-did_you_mean-1.5.0-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rbs" release="132.ule3" version="1.4.0">
+                         <filename>rubygem-rbs-1.4.0-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ruby-help" release="132.ule3" version="3.0.3">
+                         <filename>ruby-help-3.0.3-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-test-unit" release="132.ule3" version="3.3.7">
+                         <filename>rubygem-test-unit-3.3.7-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-minitest" release="132.ule3" version="5.14.2">
+                         <filename>rubygem-minitest-5.14.2-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-typeprof" release="132.ule3" version="0.15.2">
+                         <filename>rubygem-typeprof-0.15.2-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="ruby-irb" release="132.ule3" version="3.0.3">
+                         <filename>ruby-irb-3.0.3-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rake" release="132.ule3" version="13.0.3">
+                         <filename>rubygem-rake-13.0.3-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygems" release="132.ule3" version="3.2.32">
+                         <filename>rubygems-3.2.32-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rexml" release="132.ule3" version="3.2.5">
+                         <filename>rubygem-rexml-3.2.5-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-bundler" release="132.ule3" version="2.2.32">
+                         <filename>rubygem-bundler-2.2.32-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rss" release="132.ule3" version="0.2.9">
+                         <filename>rubygem-rss-0.2.9-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="rubygem-rdoc" release="132.ule3" version="6.3.3">
+                         <filename>rubygem-rdoc-6.3.3-132.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-io-console" release="132.ule3" version="0.5.7">
+                         <filename>rubygem-io-console-0.5.7-132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-openssl" release="132.ule3" version="2.2.1">
+                         <filename>rubygem-openssl-2.2.1-132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-debuginfo" release="132.ule3" version="3.0.3">
+                         <filename>ruby-debuginfo-3.0.3-132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-bigdecimal" release="132.ule3" version="3.0.0">
+                         <filename>rubygem-bigdecimal-3.0.0-132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-devel" release="132.ule3" version="3.0.3">
+                         <filename>ruby-devel-3.0.3-132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-psych" release="132.ule3" version="3.3.2">
+                         <filename>rubygem-psych-3.3.2-132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="rubygem-json" release="132.ule3" version="2.5.1">
+                         <filename>rubygem-json-2.5.1-132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby" release="132.ule3" version="3.0.3">
+                         <filename>ruby-3.0.3-132.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="ruby-debugsource" release="132.ule3" version="3.0.3">
+                         <filename>ruby-debugsource-3.0.3-132.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1434</id>
+          <title>An update for libdwarf is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-2002" id="CVE-2024-2002" title="CVE-2024-2002" type="cve"></reference>
+          </references>
+          <description>A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.(CVE-2024-2002)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="1" arch="aarch64" name="libdwarf-devel" release="1.ule3" version="0.9.1">
+                         <filename>libdwarf-devel-0.9.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="libdwarf" release="1.ule3" version="0.9.1">
+                         <filename>libdwarf-0.9.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="libdwarf-debugsource" release="1.ule3" version="0.9.1">
+                         <filename>libdwarf-debugsource-0.9.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="libdwarf-tools" release="1.ule3" version="0.9.1">
+                         <filename>libdwarf-tools-0.9.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="aarch64" name="libdwarf-debuginfo" release="1.ule3" version="0.9.1">
+                         <filename>libdwarf-debuginfo-0.9.1-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="noarch" name="libdwarf-help" release="1.ule3" version="0.9.1">
+                         <filename>libdwarf-help-0.9.1-1.ule3.noarch.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libdwarf-devel" release="1.ule3" version="0.9.1">
+                         <filename>libdwarf-devel-0.9.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libdwarf-debugsource" release="1.ule3" version="0.9.1">
+                         <filename>libdwarf-debugsource-0.9.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libdwarf-tools" release="1.ule3" version="0.9.1">
+                         <filename>libdwarf-tools-0.9.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libdwarf" release="1.ule3" version="0.9.1">
+                         <filename>libdwarf-0.9.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="1" arch="x86_64" name="libdwarf-debuginfo" release="1.ule3" version="0.9.1">
+                         <filename>libdwarf-debuginfo-0.9.1-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1436</id>
+          <title>An update for pcp is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-3019" id="CVE-2024-3019" title="CVE-2024-3019" type="cve"></reference>
+          </references>
+          <description>A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the &#39;Metrics settings&#39; page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.(CVE-2024-3019)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="pcp-pmda-ds389log" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-ds389log-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-rabbitmq" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-rabbitmq-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-sendmail" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-sendmail-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-oracle" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-oracle-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-debugsource" release="9.ule3" version="5.3.5">
+                         <filename>pcp-debugsource-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-samba" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-samba-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-json" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-json-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-export-pcp2graphite" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2graphite-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-zimbra" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-zimbra-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-zeroconf" release="9.ule3" version="5.3.5">
+                         <filename>pcp-zeroconf-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-named" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-named-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pcp" release="9.ule3" version="5.3.5">
+                         <filename>python3-pcp-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-dbping" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-dbping-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-debuginfo" release="9.ule3" version="5.3.5">
+                         <filename>pcp-debuginfo-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-selinux" release="9.ule3" version="5.3.5">
+                         <filename>pcp-selinux-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perl-PCP-LogImport" release="9.ule3" version="5.3.5">
+                         <filename>perl-PCP-LogImport-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-export-pcp2elasticsearch" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2elasticsearch-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-lio" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-lio-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-gluster" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-gluster-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-roomtemp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-roomtemp-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-postgresql" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-postgresql-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-lmsensors" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-lmsensors-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-system-tools" release="9.ule3" version="5.3.5">
+                         <filename>pcp-system-tools-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-logger" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-logger-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-export-pcp2zabbix" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2zabbix-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-netcheck" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-netcheck-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-export-pcp2json" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2json-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-lustrecomm" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-lustrecomm-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-gpfs" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-gpfs-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-smart" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-smart-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-hacluster" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-hacluster-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-weblog" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-weblog-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-import-ganglia2pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-import-ganglia2pcp-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-mongodb" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-mongodb-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perl-PCP-PMDA" release="9.ule3" version="5.3.5">
+                         <filename>perl-PCP-PMDA-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-elasticsearch" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-elasticsearch-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-gpsd" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-gpsd-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-memcache" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-memcache-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-lustre" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-lustre-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-mailq" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-mailq-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-openvswitch" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-openvswitch-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-export-pcp2xml" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2xml-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-nfsclient" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-nfsclient-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-bpf" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-bpf-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-import-iostat2pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-import-iostat2pcp-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-apache" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-apache-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perl-PCP-LogSummary" release="9.ule3" version="5.3.5">
+                         <filename>perl-PCP-LogSummary-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-postfix" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-postfix-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-netfilter" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-netfilter-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-mounts" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-mounts-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-nvidia-gpu" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-nvidia-gpu-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-redis" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-redis-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-denki" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-denki-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-dm" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-dm-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-snmp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-snmp-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-export-pcp2influxdb" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2influxdb-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-mic" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-mic-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-perfevent" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-perfevent-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-haproxy" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-haproxy-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-export-zabbix-agent" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-zabbix-agent-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-bind2" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-bind2-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-trace" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-trace-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-slurm" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-slurm-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-rsyslog" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-rsyslog-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-libvirt" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-libvirt-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-nutcracker" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-nutcracker-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-systemd" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-systemd-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-import-collectl2pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-import-collectl2pcp-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-gfs2" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-gfs2-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-gui" release="9.ule3" version="5.3.5">
+                         <filename>pcp-gui-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-shping" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-shping-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-bonding" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-bonding-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-ds389" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-ds389-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-import-sar2pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-import-sar2pcp-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perl-PCP-MMV" release="9.ule3" version="5.3.5">
+                         <filename>perl-PCP-MMV-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-openmetrics" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-openmetrics-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-cisco" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-cisco-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-news" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-news-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-import-mrtg2pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-import-mrtg2pcp-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-cifs" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-cifs-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-infiniband" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-infiniband-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-devel" release="9.ule3" version="5.3.5">
+                         <filename>pcp-devel-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-podman" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-podman-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-summary" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-summary-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-pdns" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-pdns-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-sockets" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-sockets-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-activemq" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-activemq-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-nginx" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-nginx-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-docker" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-docker-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-mysql" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-mysql-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-unbound" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-unbound-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-conf" release="9.ule3" version="5.3.5">
+                         <filename>pcp-conf-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-bash" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-bash-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-zswap" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-zswap-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-export-pcp2spark" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2spark-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="pcp-pmda-bpftrace" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-bpftrace-5.3.5-9.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="pcp-help" release="9.ule3" version="5.3.5">
+                         <filename>pcp-help-5.3.5-9.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-gpsd" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-gpsd-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pcp" release="9.ule3" version="5.3.5">
+                         <filename>python3-pcp-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-shping" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-shping-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-openvswitch" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-openvswitch-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-cifs" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-cifs-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-export-pcp2zabbix" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2zabbix-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-gfs2" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-gfs2-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-debugsource" release="9.ule3" version="5.3.5">
+                         <filename>pcp-debugsource-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-weblog" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-weblog-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-samba" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-samba-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-dbping" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-dbping-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-podman" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-podman-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-summary" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-summary-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-gpfs" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-gpfs-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-pdns" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-pdns-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-netfilter" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-netfilter-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-sockets" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-sockets-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-rsyslog" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-rsyslog-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-ds389log" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-ds389log-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-slurm" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-slurm-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-oracle" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-oracle-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-postgresql" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-postgresql-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-selinux" release="9.ule3" version="5.3.5">
+                         <filename>pcp-selinux-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-gluster" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-gluster-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-mongodb" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-mongodb-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-nginx" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-nginx-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-bonding" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-bonding-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-hacluster" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-hacluster-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-openmetrics" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-openmetrics-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-PCP-MMV" release="9.ule3" version="5.3.5">
+                         <filename>perl-PCP-MMV-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-rabbitmq" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-rabbitmq-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-haproxy" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-haproxy-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-mic" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-mic-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-lio" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-lio-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-libvirt" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-libvirt-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-lmsensors" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-lmsensors-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-apache" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-apache-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-zimbra" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-zimbra-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-conf" release="9.ule3" version="5.3.5">
+                         <filename>pcp-conf-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-export-pcp2influxdb" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2influxdb-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-PCP-LogSummary" release="9.ule3" version="5.3.5">
+                         <filename>perl-PCP-LogSummary-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-logger" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-logger-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-elasticsearch" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-elasticsearch-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-bpftrace" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-bpftrace-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-export-pcp2xml" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2xml-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-import-ganglia2pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-import-ganglia2pcp-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-perfevent" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-perfevent-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-mounts" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-mounts-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-zeroconf" release="9.ule3" version="5.3.5">
+                         <filename>pcp-zeroconf-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-named" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-named-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-export-pcp2json" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2json-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-news" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-news-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-lustre" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-lustre-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-denki" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-denki-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-bcc" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-bcc-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-trace" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-trace-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-sendmail" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-sendmail-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-infiniband" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-infiniband-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-snmp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-snmp-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-gui" release="9.ule3" version="5.3.5">
+                         <filename>pcp-gui-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-debuginfo" release="9.ule3" version="5.3.5">
+                         <filename>pcp-debuginfo-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-import-collectl2pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-import-collectl2pcp-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-bind2" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-bind2-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-bpf" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-bpf-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-import-mrtg2pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-import-mrtg2pcp-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-mysql" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-mysql-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-systemd" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-systemd-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-PCP-LogImport" release="9.ule3" version="5.3.5">
+                         <filename>perl-PCP-LogImport-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-roomtemp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-roomtemp-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-unbound" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-unbound-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-cisco" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-cisco-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-docker" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-docker-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-json" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-json-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-import-iostat2pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-import-iostat2pcp-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-export-pcp2spark" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2spark-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-lustrecomm" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-lustrecomm-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-netcheck" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-netcheck-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-import-sar2pcp" release="9.ule3" version="5.3.5">
+                         <filename>pcp-import-sar2pcp-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perl-PCP-PMDA" release="9.ule3" version="5.3.5">
+                         <filename>perl-PCP-PMDA-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-activemq" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-activemq-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-bash" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-bash-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-smart" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-smart-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-mssql" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-mssql-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-postfix" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-postfix-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-export-pcp2graphite" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2graphite-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-mailq" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-mailq-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-memcache" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-memcache-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-nfsclient" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-nfsclient-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-export-pcp2elasticsearch" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-pcp2elasticsearch-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-nvidia-gpu" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-nvidia-gpu-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-redis" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-redis-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-ds389" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-ds389-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-nutcracker" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-nutcracker-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-zswap" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-zswap-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-system-tools" release="9.ule3" version="5.3.5">
+                         <filename>pcp-system-tools-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-export-zabbix-agent" release="9.ule3" version="5.3.5">
+                         <filename>pcp-export-zabbix-agent-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-devel" release="9.ule3" version="5.3.5">
+                         <filename>pcp-devel-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="pcp-pmda-dm" release="9.ule3" version="5.3.5">
+                         <filename>pcp-pmda-dm-5.3.5-9.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1438</id>
+          <title>An update for jpegoptim is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-32325" id="CVE-2022-32325" title="CVE-2022-32325" type="cve"></reference>
+          </references>
+          <description>JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.(CVE-2022-32325)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="jpegoptim-debugsource" release="1.ule3" version="1.5.5">
+                         <filename>jpegoptim-debugsource-1.5.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="jpegoptim-debuginfo" release="1.ule3" version="1.5.5">
+                         <filename>jpegoptim-debuginfo-1.5.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="jpegoptim" release="1.ule3" version="1.5.5">
+                         <filename>jpegoptim-1.5.5-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jpegoptim" release="1.ule3" version="1.5.5">
+                         <filename>jpegoptim-1.5.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jpegoptim-debuginfo" release="1.ule3" version="1.5.5">
+                         <filename>jpegoptim-debuginfo-1.5.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jpegoptim-debugsource" release="1.ule3" version="1.5.5">
+                         <filename>jpegoptim-debugsource-1.5.5-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1439</id>
+          <title>An update for gnutls is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-28834" id="CVE-2024-28834" title="CVE-2024-28834" type="cve"></reference>
+          </references>
+          <description>A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.(CVE-2024-28834)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gnutls-debugsource" release="12.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-devel" release="12.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debuginfo" release="12.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-utils" release="12.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls" release="12.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-12.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gnutls-help" release="12.ule3" version="3.7.2">
+                         <filename>gnutls-help-3.7.2-12.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-devel" release="12.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls" release="12.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debuginfo" release="12.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-utils" release="12.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debugsource" release="12.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-12.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1440</id>
+          <title>An update for jose is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-50967" id="CVE-2023-50967" title="CVE-2023-50967" type="cve"></reference>
+          </references>
+          <description>latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.(CVE-2023-50967)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="jose-debugsource" release="2.ule3" version="11">
+                         <filename>jose-debugsource-11-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="jose-help" release="2.ule3" version="11">
+                         <filename>jose-help-11-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="jose-debuginfo" release="2.ule3" version="11">
+                         <filename>jose-debuginfo-11-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="jose-devel" release="2.ule3" version="11">
+                         <filename>jose-devel-11-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="jose" release="2.ule3" version="11">
+                         <filename>jose-11-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jose" release="2.ule3" version="11">
+                         <filename>jose-11-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jose-devel" release="2.ule3" version="11">
+                         <filename>jose-devel-11-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jose-debuginfo" release="2.ule3" version="11">
+                         <filename>jose-debuginfo-11-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jose-debugsource" release="2.ule3" version="11">
+                         <filename>jose-debugsource-11-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="jose-help" release="2.ule3" version="11">
+                         <filename>jose-help-11-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1443</id>
+          <title>An update for libgsasl is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-2469" id="CVE-2022-2469" title="CVE-2022-2469" type="cve"></reference>
+          </references>
+          <description>GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client(CVE-2022-2469)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libgsasl" release="2.ule3" version="1.8.1">
+                         <filename>libgsasl-1.8.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgsasl-devel" release="2.ule3" version="1.8.1">
+                         <filename>libgsasl-devel-1.8.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgsasl-debuginfo" release="2.ule3" version="1.8.1">
+                         <filename>libgsasl-debuginfo-1.8.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libgsasl-debugsource" release="2.ule3" version="1.8.1">
+                         <filename>libgsasl-debugsource-1.8.1-2.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgsasl-debuginfo" release="2.ule3" version="1.8.1">
+                         <filename>libgsasl-debuginfo-1.8.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgsasl-devel" release="2.ule3" version="1.8.1">
+                         <filename>libgsasl-devel-1.8.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgsasl" release="2.ule3" version="1.8.1">
+                         <filename>libgsasl-1.8.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libgsasl-debugsource" release="2.ule3" version="1.8.1">
+                         <filename>libgsasl-debugsource-1.8.1-2.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1450</id>
+          <title>An update for LibRaw is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-32142" id="CVE-2021-32142" title="CVE-2021-32142" type="cve"></reference>
+          </references>
+          <description>Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.(CVE-2021-32142)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="LibRaw-debugsource" release="7.ule3" version="0.20.2">
+                         <filename>LibRaw-debugsource-0.20.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="LibRaw-devel" release="7.ule3" version="0.20.2">
+                         <filename>LibRaw-devel-0.20.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="LibRaw-debuginfo" release="7.ule3" version="0.20.2">
+                         <filename>LibRaw-debuginfo-0.20.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="LibRaw" release="7.ule3" version="0.20.2">
+                         <filename>LibRaw-0.20.2-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="LibRaw-debuginfo" release="7.ule3" version="0.20.2">
+                         <filename>LibRaw-debuginfo-0.20.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="LibRaw-devel" release="7.ule3" version="0.20.2">
+                         <filename>LibRaw-devel-0.20.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="LibRaw-debugsource" release="7.ule3" version="0.20.2">
+                         <filename>LibRaw-debugsource-0.20.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="LibRaw" release="7.ule3" version="0.20.2">
+                         <filename>LibRaw-0.20.2-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1451</id>
+          <title>An update for python-pillow is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-28219" id="CVE-2024-28219" title="CVE-2024-28219" type="cve"></reference>
+          </references>
+          <description>In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.(CVE-2024-28219)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python-pillow-debuginfo" release="7.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow" release="7.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-tk" release="7.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-devel" release="7.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python-pillow-debugsource" release="7.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-pillow-qt" release="7.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-7.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-pillow-help" release="7.ule3" version="9.0.1">
+                         <filename>python3-pillow-help-9.0.1-7.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-tk" release="7.ule3" version="9.0.1">
+                         <filename>python3-pillow-tk-9.0.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-qt" release="7.ule3" version="9.0.1">
+                         <filename>python3-pillow-qt-9.0.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow" release="7.ule3" version="9.0.1">
+                         <filename>python3-pillow-9.0.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-pillow-devel" release="7.ule3" version="9.0.1">
+                         <filename>python3-pillow-devel-9.0.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debugsource" release="7.ule3" version="9.0.1">
+                         <filename>python-pillow-debugsource-9.0.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python-pillow-debuginfo" release="7.ule3" version="9.0.1">
+                         <filename>python-pillow-debuginfo-9.0.1-7.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1452</id>
+          <title>An update for mod_http2 is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-27316" id="CVE-2024-27316" title="CVE-2024-27316" type="cve"></reference>
+          </references>
+          <description>HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.(CVE-2024-27316)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="mod_http2-debugsource" release="3.ule3" version="1.15.25">
+                         <filename>mod_http2-debugsource-1.15.25-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_http2-debuginfo" release="3.ule3" version="1.15.25">
+                         <filename>mod_http2-debuginfo-1.15.25-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="mod_http2" release="3.ule3" version="1.15.25">
+                         <filename>mod_http2-1.15.25-3.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="mod_http2-help" release="3.ule3" version="1.15.25">
+                         <filename>mod_http2-help-1.15.25-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_http2" release="3.ule3" version="1.15.25">
+                         <filename>mod_http2-1.15.25-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_http2-debuginfo" release="3.ule3" version="1.15.25">
+                         <filename>mod_http2-debuginfo-1.15.25-3.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="mod_http2-debugsource" release="3.ule3" version="1.15.25">
+                         <filename>mod_http2-debugsource-1.15.25-3.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1454</id>
+          <title>An update for gstreamer1-plugins-base is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-12"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-37328" id="CVE-2023-37328" title="CVE-2023-37328" type="cve"></reference>
+          </references>
+          <description>Heap-based buffer overflow in the subparse subtitle parser when handling certain SRT subtitle files in GStreamer versions before 1.22.4 / 1.20.7. It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.https://gstreamer.freedesktop.org/security/sa-2023-0002.html(CVE-2023-37328)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gstreamer1-plugins-base" release="6.ule3" version="1.18.4">
+                         <filename>gstreamer1-plugins-base-1.18.4-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-base-debuginfo" release="6.ule3" version="1.18.4">
+                         <filename>gstreamer1-plugins-base-debuginfo-1.18.4-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-base-devel" release="6.ule3" version="1.18.4">
+                         <filename>gstreamer1-plugins-base-devel-1.18.4-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gstreamer1-plugins-base-debugsource" release="6.ule3" version="1.18.4">
+                         <filename>gstreamer1-plugins-base-debugsource-1.18.4-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gstreamer1-plugins-base-help" release="6.ule3" version="1.18.4">
+                         <filename>gstreamer1-plugins-base-help-1.18.4-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-base-devel" release="6.ule3" version="1.18.4">
+                         <filename>gstreamer1-plugins-base-devel-1.18.4-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-base-debugsource" release="6.ule3" version="1.18.4">
+                         <filename>gstreamer1-plugins-base-debugsource-1.18.4-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-base" release="6.ule3" version="1.18.4">
+                         <filename>gstreamer1-plugins-base-1.18.4-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gstreamer1-plugins-base-debuginfo" release="6.ule3" version="1.18.4">
+                         <filename>gstreamer1-plugins-base-debuginfo-1.18.4-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1461</id>
+          <title>An update for libssh2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-48795" id="CVE-2023-48795" title="CVE-2023-48795" type="cve"></reference>
+          </references>
+          <description>The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH&#39;s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libssh2-debuginfo" release="6.ule3" version="1.10.0">
+                         <filename>libssh2-debuginfo-1.10.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh2-devel" release="6.ule3" version="1.10.0">
+                         <filename>libssh2-devel-1.10.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh2" release="6.ule3" version="1.10.0">
+                         <filename>libssh2-1.10.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libssh2-debugsource" release="6.ule3" version="1.10.0">
+                         <filename>libssh2-debugsource-1.10.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="libssh2-help" release="6.ule3" version="1.10.0">
+                         <filename>libssh2-help-1.10.0-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh2" release="6.ule3" version="1.10.0">
+                         <filename>libssh2-1.10.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh2-debugsource" release="6.ule3" version="1.10.0">
+                         <filename>libssh2-debugsource-1.10.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh2-devel" release="6.ule3" version="1.10.0">
+                         <filename>libssh2-devel-1.10.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libssh2-debuginfo" release="6.ule3" version="1.10.0">
+                         <filename>libssh2-debuginfo-1.10.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1465</id>
+          <title>An update for docker is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-29018" id="CVE-2024-29018" title="CVE-2024-29018" type="cve"></reference>
+          </references>
+          <description>Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby&#39;s networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well.When containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs.Containers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly.In addition to configuring the Linux kernel&#39;s various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver.When a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container&#39;s network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself.As a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved.Many systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host&#39;s configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected.Because `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace&#39;s normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.Docker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address.Moby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container&#39;s network namespace.(CVE-2024-29018)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package epoch="2" arch="aarch64" name="docker-engine" release="334.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-334.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="docker-engine-debuginfo" release="334.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-334.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="aarch64" name="docker-engine-debugsource" release="334.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-334.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="docker-engine" release="334.ule3" version="18.09.0">
+                         <filename>docker-engine-18.09.0-334.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="docker-engine-debugsource" release="334.ule3" version="18.09.0">
+                         <filename>docker-engine-debugsource-18.09.0-334.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package epoch="2" arch="x86_64" name="docker-engine-debuginfo" release="334.ule3" version="18.09.0">
+                         <filename>docker-engine-debuginfo-18.09.0-334.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1475</id>
+          <title>An update for apache-mime4j is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-21742" id="CVE-2024-21742" title="CVE-2024-21742" type="cve"></reference>
+          </references>
+          <description>Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.This can be exploited by an attacker to add unintended headers to MIME messages.(CVE-2024-21742)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="noarch" name="apache-mime4j" release="3.ule3" version="0.8.1">
+                         <filename>apache-mime4j-0.8.1-3.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="apache-mime4j-javadoc" release="3.ule3" version="0.8.1">
+                         <filename>apache-mime4j-javadoc-0.8.1-3.ule3.noarch.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1481</id>
+          <title>An update for llvm is now available for openEuler-22.03-LTS</title>
+          <severity>Low</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-46049" id="CVE-2023-46049" title="CVE-2023-46049" type="cve"></reference>
+          </references>
+          <description>LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.(CVE-2023-46049)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="llvm-devel" release="4.ule3" version="12.0.1">
+                         <filename>llvm-devel-12.0.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="llvm-debugsource" release="4.ule3" version="12.0.1">
+                         <filename>llvm-debugsource-12.0.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="llvm-debuginfo" release="4.ule3" version="12.0.1">
+                         <filename>llvm-debuginfo-12.0.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="llvm" release="4.ule3" version="12.0.1">
+                         <filename>llvm-12.0.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="llvm-libs" release="4.ule3" version="12.0.1">
+                         <filename>llvm-libs-12.0.1-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="llvm-help" release="4.ule3" version="12.0.1">
+                         <filename>llvm-help-12.0.1-4.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="llvm" release="4.ule3" version="12.0.1">
+                         <filename>llvm-12.0.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="llvm-devel" release="4.ule3" version="12.0.1">
+                         <filename>llvm-devel-12.0.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="llvm-libs" release="4.ule3" version="12.0.1">
+                         <filename>llvm-libs-12.0.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="llvm-debuginfo" release="4.ule3" version="12.0.1">
+                         <filename>llvm-debuginfo-12.0.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="llvm-debugsource" release="4.ule3" version="12.0.1">
+                         <filename>llvm-debugsource-12.0.1-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1485</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-47070" id="CVE-2021-47070" title="CVE-2021-47070" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2021-47101" id="CVE-2021-47101" title="CVE-2021-47101" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52464" id="CVE-2023-52464" title="CVE-2023-52464" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52475" id="CVE-2023-52475" title="CVE-2023-52475" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52500" id="CVE-2023-52500" title="CVE-2023-52500" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52507" id="CVE-2023-52507" title="CVE-2023-52507" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52510" id="CVE-2023-52510" title="CVE-2023-52510" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52515" id="CVE-2023-52515" title="CVE-2023-52515" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52516" id="CVE-2023-52516" title="CVE-2023-52516" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52522" id="CVE-2023-52522" title="CVE-2023-52522" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52530" id="CVE-2023-52530" title="CVE-2023-52530" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52560" id="CVE-2023-52560" title="CVE-2023-52560" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52561" id="CVE-2023-52561" title="CVE-2023-52561" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52566" id="CVE-2023-52566" title="CVE-2023-52566" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52573" id="CVE-2023-52573" title="CVE-2023-52573" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52578" id="CVE-2023-52578" title="CVE-2023-52578" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52583" id="CVE-2023-52583" title="CVE-2023-52583" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52587" id="CVE-2023-52587" title="CVE-2023-52587" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52594" id="CVE-2023-52594" title="CVE-2023-52594" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52595" id="CVE-2023-52595" title="CVE-2023-52595" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52597" id="CVE-2023-52597" title="CVE-2023-52597" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52598" id="CVE-2023-52598" title="CVE-2023-52598" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52622" id="CVE-2023-52622" title="CVE-2023-52622" type="cve"></reference>
+          </references>
+          <description>In the Linux kernel, the following vulnerability has been resolved:uio_hv_generic: Fix another memory leak in error handling pathsMemory allocated by &#39;vmbus_alloc_ring()&#39; at the beginning of the probefunction is never freed in the error handling path.Add the missing &#39;vmbus_free_ring()&#39; call.Note that it is already freed in the .remove function.(CVE-2021-47070)In the Linux kernel, the following vulnerability has been resolved:asix: fix uninit-value in asix_mdio_read()asix_read_cmd() may read less than sizeof(smsr) bytes and in this casesmsr will be uninitialized.Fail log:BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497BUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497 asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497(CVE-2021-47101)In the Linux kernel, the following vulnerability has been resolved:EDAC/thunderx: Fix possible out-of-bounds string accessEnabling -Wstringop-overflow globally exposes a warning for a common bugin the usage of strncat():  drivers/edac/thunderx_edac.c: In function &#39;thunderx_ocx_com_threaded_isr&#39;:  drivers/edac/thunderx_edac.c:1136:17: error: &#39;strncat&#39; specified bound 1024 equals destination size [-Werror=stringop-overflow=]   1136 |                 strncat(msg, other, OCX_MESSAGE_SIZE);        |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   ...   1145 |                                 strncat(msg, other, OCX_MESSAGE_SIZE);   ...   1150 |                                 strncat(msg, other, OCX_MESSAGE_SIZE);   ...Apparently the author of this driver expected strncat() to behave theway that strlcat() does, which uses the size of the destination bufferas its third argument rather than the length of the source buffer. Theresult is that there is no check on the size of the allocated buffer.Change it to strlcat().  [ bp: Trim compiler output, fixup commit message. ](CVE-2023-52464)In the Linux kernel, the following vulnerability has been resolved:Input: powermate - fix use-after-free in powermate_config_completesyzbot has found a use-after-free bug [1] in the powermate driver. Thishappens when the device is disconnected, which leads to a memory free fromthe powermate_device struct.  When an asynchronous control messagecompletes after the kfree and its callback is invoked, the lock does notexist anymore and hence the bug.Use usb_kill_urb() on pm-&gt;config to cancel any in-progress requests upondevice disconnection.[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e(CVE-2023-52475)In the Linux kernel, the following vulnerability has been resolved:scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG commandTags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freedwhen we receive the response.(CVE-2023-52500)In the Linux kernel, the following vulnerability has been resolved:nfc: nci: assert requested protocol is validThe protocol is used in a bit mask to determine if the protocol issupported. Assert the provided protocol is less than the maximumdefined so it doesn&#39;t potentially perform a shift-out-of-bounds andprovide a clearer error for undefined protocols vs unsupported ones.(CVE-2023-52507)In the Linux kernel, the following vulnerability has been resolved:ieee802154: ca8210: Fix a potential UAF in ca8210_probeIf of_clk_add_provider() fails in ca8210_register_ext_clock(),it calls clk_unregister() to release priv-&gt;clk and returns anerror. However, the caller ca8210_probe() then calls ca8210_remove(),where priv-&gt;clk is freed again in ca8210_unregister_ext_clock(). Inthis case, a use-after-free may happen in the second time we callclk_unregister().Fix this by removing the first clk_unregister(). Also, priv-&gt;clk couldbe an error code on failure of clk_register_fixed_rate(). UseIS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().(CVE-2023-52510)In the Linux kernel, the following vulnerability has been resolved:RDMA/srp: Do not call scsi_done() from srp_abort()After scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handlercallback, it performs one of the following actions:* Call scsi_queue_insert().* Call scsi_finish_command().* Call scsi_eh_scmd_add().Hence, SCSI abort handlers must not call scsi_done(). Otherwise allthe above actions would trigger a use-after-free. Hence remove thescsi_done() call from srp_abort(). Keep the srp_free_req() callbefore returning SUCCESS because we may not see the command again ifSUCCESS is returned.(CVE-2023-52515)In the Linux kernel, the following vulnerability has been resolved:dma-debug: don&#39;t call __dma_entry_alloc_check_leak() under free_entries_lock__dma_entry_alloc_check_leak() calls into printk -&gt; serial consoleoutput (qcom geni) and grabs port-&gt;lock under free_entries_lockspin lock, which is a reverse locking dependency chain as qcom_geniIRQ handler can call into dma-debug code and grab free_entries_lockunder port-&gt;lock.Move __dma_entry_alloc_check_leak() call out of free_entries_lockscope so that we don&#39;t acquire serial console&#39;s port-&gt;lock under it.Trimmed-down lockdep splat: The existing dependency chain (in reverse order) is:               -&gt; #2 (free_entries_lock){-.-.}-{2:2}:        _raw_spin_lock_irqsave+0x60/0x80        dma_entry_alloc+0x38/0x110        debug_dma_map_page+0x60/0xf8        dma_map_page_attrs+0x1e0/0x230        dma_map_single_attrs.constprop.0+0x6c/0xc8        geni_se_rx_dma_prep+0x40/0xcc        qcom_geni_serial_isr+0x310/0x510        __handle_irq_event_percpu+0x110/0x244        handle_irq_event_percpu+0x20/0x54        handle_irq_event+0x50/0x88        handle_fasteoi_irq+0xa4/0xcc        handle_irq_desc+0x28/0x40        generic_handle_domain_irq+0x24/0x30        gic_handle_irq+0xc4/0x148        do_interrupt_handler+0xa4/0xb0        el1_interrupt+0x34/0x64        el1h_64_irq_handler+0x18/0x24        el1h_64_irq+0x64/0x68        arch_local_irq_enable+0x4/0x8        ____do_softirq+0x18/0x24        ...               -&gt; #1 (&amp;port_lock_key){-.-.}-{2:2}:        _raw_spin_lock_irqsave+0x60/0x80        qcom_geni_serial_console_write+0x184/0x1dc        console_flush_all+0x344/0x454        console_unlock+0x94/0xf0        vprintk_emit+0x238/0x24c        vprintk_default+0x3c/0x48        vprintk+0xb4/0xbc        _printk+0x68/0x90        register_console+0x230/0x38c        uart_add_one_port+0x338/0x494        qcom_geni_serial_probe+0x390/0x424        platform_probe+0x70/0xc0        really_probe+0x148/0x280        __driver_probe_device+0xfc/0x114        driver_probe_device+0x44/0x100        __device_attach_driver+0x64/0xdc        bus_for_each_drv+0xb0/0xd8        __device_attach+0xe4/0x140        device_initial_probe+0x1c/0x28        bus_probe_device+0x44/0xb0        device_add+0x538/0x668        of_device_add+0x44/0x50        of_platform_device_create_pdata+0x94/0xc8        of_platform_bus_create+0x270/0x304        of_platform_populate+0xac/0xc4        devm_of_platform_populate+0x60/0xac        geni_se_probe+0x154/0x160        platform_probe+0x70/0xc0        ...               -&gt; #0 (console_owner){-...}-{0:0}:        __lock_acquire+0xdf8/0x109c        lock_acquire+0x234/0x284        console_flush_all+0x330/0x454        console_unlock+0x94/0xf0        vprintk_emit+0x238/0x24c        vprintk_default+0x3c/0x48        vprintk+0xb4/0xbc        _printk+0x68/0x90        dma_entry_alloc+0xb4/0x110        debug_dma_map_sg+0xdc/0x2f8        __dma_map_sg_attrs+0xac/0xe4        dma_map_sgtable+0x30/0x4c        get_pages+0x1d4/0x1e4 [msm]        msm_gem_pin_pages_locked+0x38/0xac [msm]        msm_gem_pin_vma_locked+0x58/0x88 [msm]        msm_ioctl_gem_submit+0xde4/0x13ac [msm]        drm_ioctl_kernel+0xe0/0x15c        drm_ioctl+0x2e8/0x3f4        vfs_ioctl+0x30/0x50        ... Chain exists of:   console_owner --&gt; &amp;port_lock_key --&gt; free_entries_lock  Possible unsafe locking scenario:        CPU0                    CPU1        ----                    ----   lock(free_entries_lock);                                lock(&amp;port_lock_key);                                lock(free_entries_lock);   lock(console_owner);                *** DEADLOCK *** Call trace:  dump_backtrace+0xb4/0xf0  show_stack+0x20/0x30  dump_stack_lvl+0x60/0x84  dump_stack+0x18/0x24  print_circular_bug+0x1cc/0x234  check_noncircular+0x78/0xac  __lock_acquire+0xdf8/0x109c  lock_acquire+0x234/0x284  console_flush_all+0x330/0x454  consol---truncated---(CVE-2023-52516)In the Linux kernel, the following vulnerability has been resolved:net: fix possible store tearing in neigh_periodic_work()While looking at a related syzbot report involving neigh_periodic_work(),I found that I forgot to add an annotation when deleting anRCU protected item from a list.Readers use rcu_deference(*np), we need to use eitherrcu_assign_pointer() or WRITE_ONCE() on writer sideto prevent store tearing.I use rcu_assign_pointer() to have lockdep support,this was the choice made in neigh_flush_dev().(CVE-2023-52522)In the Linux kernel, the following vulnerability has been resolved:wifi: mac80211: fix potential key use-after-freeWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()but returns 0 due to KRACK protection (identical key reinstall),ieee80211_gtk_rekey_add() will still return a pointer into thekey, in a potential use-after-free. This normally doesn&#39;t happensince it&#39;s only called by iwlwifi in case of WoWLAN rekey offloadwhich has its own KRACK protection, but still better to fix, dothat by returning an error code and converting that to success onthe cfg80211 boundary only, leaving the error for bad callers ofieee80211_gtk_rekey_add().(CVE-2023-52530)In the Linux kernel, the following vulnerability has been resolved:mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=yand CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected.Since commit 9f86d624292c (&#34;mm/damon/vaddr-test: remove unnecessaryvariables&#34;), the damon_destroy_ctx() is removed, but still calldamon_new_target() and damon_new_region(), the damon_region which isallocated by kmem_cache_alloc() in damon_new_region() and the damon_targetwhich is allocated by kmalloc in damon_new_target() are not freed.  Andthe damon_region which is allocated in damon_new_region() indamon_set_regions() is also not freed.So use damon_destroy_target to free all the damon_regions and damon_target.    unreferenced object 0xffff888107c9a940 (size 64):      comm &#34;kunit_try_catch&#34;, pid 1069, jiffies 4294670592 (age 732.761s)      hex dump (first 32 bytes):        00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b  ............kkkk        60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff  `...............      backtrace:        [&lt;ffffffff817e0167&gt;] kmalloc_trace+0x27/0xa0        [&lt;ffffffff819c11cf&gt;] damon_new_target+0x3f/0x1b0        [&lt;ffffffff819c7d55&gt;] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0        [&lt;ffffffff819c82be&gt;] damon_test_apply_three_regions1+0x21e/0x260        [&lt;ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90        [&lt;ffffffff81237cf6&gt;] kthread+0x2b6/0x380        [&lt;ffffffff81097add&gt;] ret_from_fork+0x2d/0x70        [&lt;ffffffff81003791&gt;] ret_from_fork_asm+0x11/0x20    unreferenced object 0xffff8881079cc740 (size 56):      comm &#34;kunit_try_catch&#34;, pid 1069, jiffies 4294670592 (age 732.761s)      hex dump (first 32 bytes):        05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00  ................        6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b  kkkkkkkk....kkkk      backtrace:        [&lt;ffffffff819bc492&gt;] damon_new_region+0x22/0x1c0        [&lt;ffffffff819c7d91&gt;] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0        [&lt;ffffffff819c82be&gt;] damon_test_apply_three_regions1+0x21e/0x260        [&lt;ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90        [&lt;ffffffff81237cf6&gt;] kthread+0x2b6/0x380        [&lt;ffffffff81097add&gt;] ret_from_fork+0x2d/0x70        [&lt;ffffffff81003791&gt;] ret_from_fork_asm+0x11/0x20    unreferenced object 0xffff888107c9ac40 (size 64):      comm &#34;kunit_try_catch&#34;, pid 1071, jiffies 4294670595 (age 732.843s)      hex dump (first 32 bytes):        00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b  ............kkkk        a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff  ........x.v.....      backtrace:        [&lt;ffffffff817e0167&gt;] kmalloc_trace+0x27/0xa0        [&lt;ffffffff819c11cf&gt;] damon_new_target+0x3f/0x1b0        [&lt;ffffffff819c7d55&gt;] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0        [&lt;ffffffff819c851e&gt;] damon_test_apply_three_regions2+0x21e/0x260        [&lt;ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90        [&lt;ffffffff81237cf6&gt;] kthread+0x2b6/0x380        [&lt;ffffffff81097add&gt;] ret_from_fork+0x2d/0x70        [&lt;ffffffff81003791&gt;] ret_from_fork_asm+0x11/0x20    unreferenced object 0xffff8881079ccc80 (size 56):      comm &#34;kunit_try_catch&#34;, pid 1071, jiffies 4294670595 (age 732.843s)      hex dump (first 32 bytes):        05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00  ................        6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b  kkkkkkkk....kkkk      backtrace:        [&lt;ffffffff819bc492&gt;] damon_new_region+0x22/0x1c0        [&lt;ffffffff819c7d91&gt;] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0        [&lt;ffffffff819c851e&gt;] damon_test_apply_three_regions2+0x21e/0x260        [&lt;ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90        [&lt;ffffffff81237cf6&gt;] kthread+0x2b6/0x380        [&lt;ffffffff81097add&gt;] ret_from_fork+0x2d/0x70        [&lt;ffff---truncated---(CVE-2023-52560)In the Linux kernel, the following vulnerability has been resolved:arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reservedAdding a reserved memory region for the framebuffer memory(the splash memory region set up by the bootloader).It fixes a kernel panic (arm-smmu: Unhandled context faultat this particular memory region) reported on DB845c runningv5.10.y.(CVE-2023-52561)In the Linux kernel, the following vulnerability has been resolved:nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop thereference count of bh when the call to nilfs_dat_translate() fails.  Ifthe reference count hits 0 and its owner page gets unlocked, bh may befreed.  However, bh-&gt;b_page is dereferenced to put the page after that,which may result in a use-after-free bug.  This patch moves the releaseoperation after unlocking and putting the page.NOTE: The function in question is only called in GC, and in combinationwith current userland tools, address translation using DAT does not occurin that function, so the code path that causes this issue will not beexecuted.  However, it is possible to run that code path by intentionallymodifying the userland GC library or by calling the GC ioctl directly.[konishi.ryusuke@gmail.com: NOTE added to the commit log](CVE-2023-52566)In the Linux kernel, the following vulnerability has been resolved:net: rds: Fix possible NULL-pointer dereferenceIn rds_rdma_cm_event_handler_cmn() check, if conn pointer existsbefore dereferencing it as rdma_set_service_type() argumentFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2023-52573)In the Linux kernel, the following vulnerability has been resolved:net: bridge: use DEV_STATS_INC()syzbot/KCSAN reported data-races in br_handle_frame_finish() [1]This function can run from multiple cpus without mutual exclusion.Adopt SMP safe DEV_STATS_INC() to update dev-&gt;stats fields.Handles updates to dev-&gt;stats.tx_dropped while we are at it.[1]BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finishread-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 1:br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189br_nf_hook_thresh+0x1ed/0x220br_nf_pre_routing_finish_ipv6+0x50f/0x540NF_HOOK include/linux/netfilter.h:304 [inline]br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]br_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417__netif_receive_skb_one_core net/core/dev.c:5521 [inline]__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637process_backlog+0x21f/0x380 net/core/dev.c:5965__napi_poll+0x60/0x3b0 net/core/dev.c:6527napi_poll net/core/dev.c:6594 [inline]net_rx_action+0x32b/0x750 net/core/dev.c:6727__do_softirq+0xc1/0x265 kernel/softirq.c:553run_ksoftirqd+0x17/0x20 kernel/softirq.c:921smpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164kthread+0x1d7/0x210 kernel/kthread.c:388ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 0:br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189br_nf_hook_thresh+0x1ed/0x220br_nf_pre_routing_finish_ipv6+0x50f/0x540NF_HOOK include/linux/netfilter.h:304 [inline]br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]br_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417__netif_receive_skb_one_core net/core/dev.c:5521 [inline]__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637process_backlog+0x21f/0x380 net/core/dev.c:5965__napi_poll+0x60/0x3b0 net/core/dev.c:6527napi_poll net/core/dev.c:6594 [inline]net_rx_action+0x32b/0x750 net/core/dev.c:6727__do_softirq+0xc1/0x265 kernel/softirq.c:553do_softirq+0x5e/0x90 kernel/softirq.c:454__local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210spin_unlock_bh include/linux/spinlock.h:396 [inline]batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1356batadv_tt_purge+0x2b/0x630 net/batman-adv/translation-table.c:3560process_one_work kernel/workqueue.c:2630 [inline]process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703worker_thread+0x525/0x730 kernel/workqueue.c:2784kthread+0x1d7/0x210 kernel/kthread.c:388ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304value changed: 0x00000000000d7190 -&gt; 0x00000000000d7191Reported by Kernel Concurrency Sanitizer on:CPU: 0 PID: 14848 Comm: kworker/u4:11 Not tainted 6.6.0-rc1-syzkaller-00236-gad8a69f361b9 #0(CVE-2023-52578)In the Linux kernel, the following vulnerability has been resolved:ceph: fix deadlock or deadcode of misusing dget()The lock order is incorrect between denty and its parent, we shouldalways make sure that the parent get the lock first.But since this deadcode is never used and the parent dir will alwaysbe set from the callers, let&#39;s just remove it.(CVE-2023-52583)In the Linux kernel, the following vulnerability has been resolved:IB/ipoib: Fix mcast list lockingReleasing the `priv-&gt;lock` while iterating the `priv-&gt;multicast_list` in`ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` toremove the items while in the middle of iteration. If the mcast is removedwhile the lock was dropped, the for loop spins forever resulting in a hardlockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel):    Task A (kworker/u72:2 below)       | Task B (kworker/u72:0 below)    -----------------------------------+-----------------------------------    ipoib_mcast_join_task(work)        | ipoib_ib_dev_flush_light(work)      spin_lock_irq(&amp;priv-&gt;lock)       | __ipoib_ib_dev_flush(priv, ...)      list_for_each_entry(mcast,       | ipoib_mcast_dev_flush(dev = priv-&gt;dev)          &amp;priv-&gt;multicast_list, list) |        ipoib_mcast_join(dev, mcast)   |          spin_unlock_irq(&amp;priv-&gt;lock) |                                       |   spin_lock_irqsave(&amp;priv-&gt;lock, flags)                                       |   list_for_each_entry_safe(mcast, tmcast,                                       |                  &amp;priv-&gt;multicast_list, list)                                       |     list_del(&amp;mcast-&gt;list);                                       |     list_add_tail(&amp;mcast-&gt;list, &amp;remove_list)                                       |   spin_unlock_irqrestore(&amp;priv-&gt;lock, flags)          spin_lock_irq(&amp;priv-&gt;lock)   |                                       |   ipoib_mcast_remove_list(&amp;remove_list)   (Here, `mcast` is no longer on the  |     list_for_each_entry_safe(mcast, tmcast,    `priv-&gt;multicast_list` and we keep |                            remove_list, list)    spinning on the `remove_list` of   |  &gt;&gt;&gt;  wait_for_completion(&amp;mcast-&gt;done)    the other thread which is blocked  |    and the list is still valid on     |    it&#39;s stack.)Fix this by keeping the lock held and changing to GFP_ATOMIC to preventeventual sleeps.Unfortunately we could not reproduce the lockup and confirm this fix butbased on the code review I think this fix should address such lockups.crash&gt; bc 31PID: 747      TASK: ff1c6a1a007e8000  CPU: 31   COMMAND: &#34;kworker/u72:2&#34;--    [exception RIP: ipoib_mcast_join_task+0x1b1]    RIP: ffffffffc0944ac1  RSP: ff646f199a8c7e00  RFLAGS: 00000002    RAX: 0000000000000000  RBX: ff1c6a1a04dc82f8  RCX: 0000000000000000                                  work (&amp;priv-&gt;mcast_task{,.work})    RDX: ff1c6a192d60ac68  RSI: 0000000000000286  RDI: ff1c6a1a04dc8000           &amp;mcast-&gt;list    RBP: ff646f199a8c7e90   R8: ff1c699980019420   R9: ff1c6a1920c9a000    R10: ff646f199a8c7e00  R11: ff1c6a191a7d9800  R12: ff1c6a192d60ac00                                                         mcast    R13: ff1c6a1d82200000  R14: ff1c6a1a04dc8000  R15: ff1c6a1a04dc82d8           dev                    priv (&amp;priv-&gt;lock)     &amp;priv-&gt;multicast_list (aka head)    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018--- &lt;NMI exception stack&gt; --- #5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib] #6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967crash&gt; rx ff646f199a8c7e68ff646f199a8c7e68:  ff1c6a1a04dc82f8 &lt;&lt;&lt; work = &amp;priv-&gt;mcast_task.workcrash&gt; list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000(empty)crash&gt; ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000  mcast_task.work.func = 0xffffffffc0944910 &lt;ipoib_mcast_join_task&gt;,  mcast_mutex.owner.counter = 0xff1c69998efec000crash&gt; b 8PID: 8        TASK: ff1c69998efec000  CPU: 33   COMMAND: &#34;kworker/u72:0&#34;-- #3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646 #4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib] #5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib] #6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib] #7 [ff---truncated---(CVE-2023-52587)In the Linux kernel, the following vulnerability has been resolved:wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bugoccurs when txs-&gt;cnt, data from a URB provided by a USB device, isbigger than the size of the array txs-&gt;txstatus, which isHTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bughandling code after the check. Make the function return if that is thecase.Found by a modified version of syzkaller.UBSAN: array-index-out-of-bounds in htc_drv_txrx.cindex 13 is out of range for type &#39;__wmi_event_txstatus [12]&#39;Call Trace: ath9k_htc_txstatus ath9k_wmi_event_tasklet tasklet_action_common __do_softirq irq_exit_rxu sysvec_apic_timer_interrupt(CVE-2023-52594)In the Linux kernel, the following vulnerability has been resolved:wifi: rt2x00: restart beacon queue when hardware resetWhen a hardware reset is triggered, all registers are reset, so allqueues are forced to stop in hardware interface. However, mac80211will not automatically stop the queue. If we don&#39;t manually stop thebeacon queue, the queue will be deadlocked and unable to start again.This patch fixes the issue where Apple devices cannot connect to theAP after calling ieee80211_restart_hw().(CVE-2023-52595)In the Linux kernel, the following vulnerability has been resolved:KVM: s390: fix setting of fpc registerkvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control(fpc) register of a guest cpu. The new value is tested for validity bytemporarily loading it into the fpc register.This may lead to corruption of the fpc register of the host process:if an interrupt happens while the value is temporarily loaded into the fpcregister, and within interrupt context floating point or vector registersare used, the current fp/vx registers are saved with save_fpu_regs()assuming they belong to user space and will be loaded into fp/vx registerswhen returning to user space.test_fp_ctl() restores the original user space / host process fpc registervalue, however it will be discarded, when returning to user space.In result the host process will incorrectly continue to run with the valuethat was supposed to be used for a guest cpu.Fix this by simply removing the test. There is another test right beforethe SIE context is entered which will handles invalid values.This results in a change of behaviour: invalid values will now be acceptedinstead of that the ioctl fails with -EINVAL. This seems to be acceptable,given that this interface is most likely not used anymore, and this is inaddition the same behaviour implemented with the memory mapped interface(replace invalid values with zero) - see sync_regs() in kvm-s390.c.(CVE-2023-52597)In the Linux kernel, the following vulnerability has been resolved:s390/ptrace: handle setting of fpc register correctlyIf the content of the floating point control (fpc) register of a tracedprocess is modified with the ptrace interface the new value is tested forvalidity by temporarily loading it into the fpc register.This may lead to corruption of the fpc register of the tracing process:if an interrupt happens while the value is temporarily loaded into thefpc register, and within interrupt context floating point or vectorregisters are used, the current fp/vx registers are saved withsave_fpu_regs() assuming they belong to user space and will be loaded intofp/vx registers when returning to user space.test_fp_ctl() restores the original user space fpc register value, howeverit will be discarded, when returning to user space.In result the tracer will incorrectly continue to run with the value thatwas supposed to be used for the traced process.Fix this by saving fpu register contents with save_fpu_regs() before usingtest_fp_ctl().(CVE-2023-52598)In the Linux kernel, the following vulnerability has been resolved:ext4: avoid online resizing failures due to oversized flex bgWhen we online resize an ext4 filesystem with a oversized flexbg_size,     mkfs.ext4 -F -G 67108864 $dev -b 4096 100M     mount $dev $dir     resize2fs $dev 16Gthe following WARN_ON is triggered:==================================================================WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550Modules linked in: sg(E)CPU: 0 PID: 427 Comm: resize2fs Tainted: G  E  6.6.0-rc5+ #314RIP: 0010:__alloc_pages+0x411/0x550Call Trace: &lt;TASK&gt; __kmalloc_large_node+0xa2/0x200 __kmalloc+0x16e/0x290 ext4_resize_fs+0x481/0xd80 __ext4_ioctl+0x1616/0x1d90 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xf0/0x150 do_syscall_64+0x3b/0x90==================================================================This is because flexbg_size is too large and the size of the new_group_dataarray to be allocated exceeds MAX_ORDER. Currently, the minimum value ofMAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the correspondingmaximum number of groups that can be allocated is: (PAGE_SIZE &lt;&lt; MAX_ORDER) / sizeof(struct ext4_new_group_data) ≈ 21845And the value that is down-aligned to the power of 2 is 16384. Therefore,this value is defined as MAX_RESIZE_BG, and the number of groups addedeach time does not exceed this value during resizing, and is added multipletimes to complete the online resizing. The difference is that the metadatain a flex_bg may be more dispersed.(CVE-2023-52622)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.134.0.161.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.134.0.161.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.134.0.161.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1488</id>
+          <title>An update for golang is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-19"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-45288" id="CVE-2023-45288" title="CVE-2023-45288" type="cve"></reference>
+          </references>
+          <description>An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request&#39;s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.(CVE-2023-45288)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="golang" release="32.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-32.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-help" release="32.ule3" version="1.17.3">
+                         <filename>golang-help-1.17.3-32.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="golang-devel" release="32.ule3" version="1.17.3">
+                         <filename>golang-devel-1.17.3-32.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="golang" release="32.ule3" version="1.17.3">
+                         <filename>golang-1.17.3-32.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1489</id>
+          <title>An update for systemd is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-50387" id="CVE-2023-50387" title="CVE-2023-50387" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-50868" id="CVE-2023-50868" title="CVE-2023-50868" type="cve"></reference>
+          </references>
+          <description>Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the &#34;KeyTrap&#34; issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.(CVE-2023-50387)The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the &#34;NSEC3&#34; issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.(CVE-2023-50868)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="systemd-container" release="75.ule3" version="249">
+                         <filename>systemd-container-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-nspawn" release="75.ule3" version="249">
+                         <filename>systemd-nspawn-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd" release="75.ule3" version="249">
+                         <filename>systemd-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-debugsource" release="75.ule3" version="249">
+                         <filename>systemd-debugsource-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-timesyncd" release="75.ule3" version="249">
+                         <filename>systemd-timesyncd-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-debuginfo" release="75.ule3" version="249">
+                         <filename>systemd-debuginfo-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-pam" release="75.ule3" version="249">
+                         <filename>systemd-pam-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-networkd" release="75.ule3" version="249">
+                         <filename>systemd-networkd-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-libs" release="75.ule3" version="249">
+                         <filename>systemd-libs-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-devel" release="75.ule3" version="249">
+                         <filename>systemd-devel-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-resolved" release="75.ule3" version="249">
+                         <filename>systemd-resolved-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="systemd-udev" release="75.ule3" version="249">
+                         <filename>systemd-udev-249-75.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="systemd-help" release="75.ule3" version="249">
+                         <filename>systemd-help-249-75.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-libs" release="75.ule3" version="249">
+                         <filename>systemd-libs-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-container" release="75.ule3" version="249">
+                         <filename>systemd-container-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-udev" release="75.ule3" version="249">
+                         <filename>systemd-udev-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-nspawn" release="75.ule3" version="249">
+                         <filename>systemd-nspawn-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-timesyncd" release="75.ule3" version="249">
+                         <filename>systemd-timesyncd-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd" release="75.ule3" version="249">
+                         <filename>systemd-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-debuginfo" release="75.ule3" version="249">
+                         <filename>systemd-debuginfo-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-networkd" release="75.ule3" version="249">
+                         <filename>systemd-networkd-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-debugsource" release="75.ule3" version="249">
+                         <filename>systemd-debugsource-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-resolved" release="75.ule3" version="249">
+                         <filename>systemd-resolved-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-devel" release="75.ule3" version="249">
+                         <filename>systemd-devel-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="systemd-pam" release="75.ule3" version="249">
+                         <filename>systemd-pam-249-75.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1490</id>
+          <title>An update for flatpak is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-32462" id="CVE-2024-32462" title="CVE-2024-32462" type="cve"></reference>
+          </references>
+          <description>Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It&#39;s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.(CVE-2024-32462)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="flatpak-debugsource" release="8.ule3" version="1.10.2">
+                         <filename>flatpak-debugsource-1.10.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flatpak" release="8.ule3" version="1.10.2">
+                         <filename>flatpak-1.10.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flatpak-debuginfo" release="8.ule3" version="1.10.2">
+                         <filename>flatpak-debuginfo-1.10.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="flatpak-devel" release="8.ule3" version="1.10.2">
+                         <filename>flatpak-devel-1.10.2-8.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="flatpak-help" release="8.ule3" version="1.10.2">
+                         <filename>flatpak-help-1.10.2-8.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flatpak-devel" release="8.ule3" version="1.10.2">
+                         <filename>flatpak-devel-1.10.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flatpak" release="8.ule3" version="1.10.2">
+                         <filename>flatpak-1.10.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flatpak-debugsource" release="8.ule3" version="1.10.2">
+                         <filename>flatpak-debugsource-1.10.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="flatpak-debuginfo" release="8.ule3" version="1.10.2">
+                         <filename>flatpak-debuginfo-1.10.2-8.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1491</id>
+          <title>An update for qemu is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-0330" id="CVE-2023-0330" title="CVE-2023-0330" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24474" id="CVE-2024-24474" title="CVE-2024-24474" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-3446" id="CVE-2024-3446" title="CVE-2024-3446" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-3447" id="CVE-2024-3447" title="CVE-2024-3447" type="cve"></reference>
+          </references>
+          <description>A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.(CVE-2023-0330)QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.(CVE-2024-24474)A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.(CVE-2024-3446)A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s-&gt;data_count` and the size of  `s-&gt;fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.(CVE-2024-3447)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="qemu-system-riscv" release="88.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-hw-usb-host" release="88.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-rbd" release="88.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-ssh" release="88.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-img" release="88.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-curl" release="88.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-block-iscsi" release="88.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu" release="88.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-system-aarch64" release="88.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-system-arm" release="88.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-guest-agent" release="88.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-system-x86_64" release="88.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-debuginfo" release="88.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="qemu-debugsource" release="88.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-88.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="qemu-help" release="88.ule3" version="6.2.0">
+                         <filename>qemu-help-6.2.0-88.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-x86_64" release="88.ule3" version="6.2.0">
+                         <filename>qemu-system-x86_64-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-iscsi" release="88.ule3" version="6.2.0">
+                         <filename>qemu-block-iscsi-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu" release="88.ule3" version="6.2.0">
+                         <filename>qemu-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-debuginfo" release="88.ule3" version="6.2.0">
+                         <filename>qemu-debuginfo-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-arm" release="88.ule3" version="6.2.0">
+                         <filename>qemu-system-arm-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-img" release="88.ule3" version="6.2.0">
+                         <filename>qemu-img-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-riscv" release="88.ule3" version="6.2.0">
+                         <filename>qemu-system-riscv-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-ssh" release="88.ule3" version="6.2.0">
+                         <filename>qemu-block-ssh-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-debugsource" release="88.ule3" version="6.2.0">
+                         <filename>qemu-debugsource-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-guest-agent" release="88.ule3" version="6.2.0">
+                         <filename>qemu-guest-agent-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-seabios" release="88.ule3" version="6.2.0">
+                         <filename>qemu-seabios-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-rbd" release="88.ule3" version="6.2.0">
+                         <filename>qemu-block-rbd-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-block-curl" release="88.ule3" version="6.2.0">
+                         <filename>qemu-block-curl-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-hw-usb-host" release="88.ule3" version="6.2.0">
+                         <filename>qemu-hw-usb-host-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="qemu-system-aarch64" release="88.ule3" version="6.2.0">
+                         <filename>qemu-system-aarch64-6.2.0-88.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1493</id>
+          <title>An update for atril is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-51698" id="CVE-2023-51698" title="CVE-2023-51698" type="cve"></reference>
+          </references>
+          <description>Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.(CVE-2023-51698)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="atril-libs" release="4.ule3" version="1.22.3">
+                         <filename>atril-libs-1.22.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="atril-debugsource" release="4.ule3" version="1.22.3">
+                         <filename>atril-debugsource-1.22.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="atril" release="4.ule3" version="1.22.3">
+                         <filename>atril-1.22.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="atril-debuginfo" release="4.ule3" version="1.22.3">
+                         <filename>atril-debuginfo-1.22.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="atril-devel" release="4.ule3" version="1.22.3">
+                         <filename>atril-devel-1.22.3-4.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="atril-debuginfo" release="4.ule3" version="1.22.3">
+                         <filename>atril-debuginfo-1.22.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="atril-debugsource" release="4.ule3" version="1.22.3">
+                         <filename>atril-debugsource-1.22.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="atril-devel" release="4.ule3" version="1.22.3">
+                         <filename>atril-devel-1.22.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="atril-libs" release="4.ule3" version="1.22.3">
+                         <filename>atril-libs-1.22.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="atril" release="4.ule3" version="1.22.3">
+                         <filename>atril-1.22.3-4.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1498</id>
+          <title>An update for kernel is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-48629" id="CVE-2022-48629" title="CVE-2022-48629" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52441" id="CVE-2023-52441" title="CVE-2023-52441" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52486" id="CVE-2023-52486" title="CVE-2023-52486" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52491" id="CVE-2023-52491" title="CVE-2023-52491" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52492" id="CVE-2023-52492" title="CVE-2023-52492" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52493" id="CVE-2023-52493" title="CVE-2023-52493" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52494" id="CVE-2023-52494" title="CVE-2023-52494" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52498" id="CVE-2023-52498" title="CVE-2023-52498" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52503" id="CVE-2023-52503" title="CVE-2023-52503" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52504" id="CVE-2023-52504" title="CVE-2023-52504" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52524" id="CVE-2023-52524" title="CVE-2023-52524" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52574" id="CVE-2023-52574" title="CVE-2023-52574" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52607" id="CVE-2023-52607" title="CVE-2023-52607" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52608" id="CVE-2023-52608" title="CVE-2023-52608" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-52617" id="CVE-2023-52617" title="CVE-2023-52617" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-7042" id="CVE-2023-7042" title="CVE-2023-7042" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-24861" id="CVE-2024-24861" title="CVE-2024-24861" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26608" id="CVE-2024-26608" title="CVE-2024-26608" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26615" id="CVE-2024-26615" title="CVE-2024-26615" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26654" id="CVE-2024-26654" title="CVE-2024-26654" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26656" id="CVE-2024-26656" title="CVE-2024-26656" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-26696" id="CVE-2024-26696" title="CVE-2024-26696" type="cve"></reference>
+          </references>
+          <description>In the Linux kernel, the following vulnerability has been resolved:crypto: qcom-rng - ensure buffer for generate is completely filledThe generate function in struct rng_alg expects that the destinationbuffer is completely filled if the function returns 0. qcom_rng_read()can run into a situation where the buffer is partially filled withrandomness and the remaining part of the buffer is zeroed sinceqcom_rng_generate() doesn&#39;t check the return value. This issue canbe reproduced by running the following from libkcapi:    kcapi-rng -b 9000000 &gt; OUTFILEThe generated OUTFILE will have three huge sections that contain allzeros, and this is caused by the code where the test&#39;val &amp; PRNG_STATUS_DATA_AVAIL&#39; fails.Let&#39;s fix this issue by ensuring that qcom_rng_read() always returnswith a full buffer if the function returns success. Let&#39;s also haveqcom_rng_generate() return the correct value.Here&#39;s some statistics from the ent project(https://www.fourmilab.ch/random/) that shows information about thequality of the generated numbers:    $ ent -c qcom-random-before    Value Char Occurrences Fraction      0           606748   0.067416      1            33104   0.003678      2            33001   0.003667    ...    253   �        32883   0.003654    254   �        33035   0.003671    255   �        33239   0.003693    Total:       9000000   1.000000    Entropy = 7.811590 bits per byte.    Optimum compression would reduce the size    of this 9000000 byte file by 2 percent.    Chi square distribution for 9000000 samples is 9329962.81, and    randomly would exceed this value less than 0.01 percent of the    times.    Arithmetic mean value of data bytes is 119.3731 (127.5 = random).    Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).    Serial correlation coefficient is 0.159130 (totally uncorrelated =    0.0).Without this patch, the results of the chi-square test is 0.01%, andthe numbers are certainly not random according to ent&#39;s project page.The results improve with this patch:    $ ent -c qcom-random-after    Value Char Occurrences Fraction      0            35432   0.003937      1            35127   0.003903      2            35424   0.003936    ...    253   �        35201   0.003911    254   �        34835   0.003871    255   �        35368   0.003930    Total:       9000000   1.000000    Entropy = 7.999979 bits per byte.    Optimum compression would reduce the size    of this 9000000 byte file by 0 percent.    Chi square distribution for 9000000 samples is 258.77, and randomly    would exceed this value 42.24 percent of the times.    Arithmetic mean value of data bytes is 127.5006 (127.5 = random).    Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).    Serial correlation coefficient is 0.000468 (totally uncorrelated =    0.0).This change was tested on a Nexus 5 phone (msm8974 SoC).(CVE-2022-48629)In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix out of bounds in init_smb2_rsp_hdr()If client send smb2 negotiate request and then send smb1 negotiaterequest, init_smb2_rsp_hdr is called for smb1 negotiate request sinceneed_neg is set to false. This patch ignore smb1 packets after -&gt;need_negis set to false.(CVE-2023-52441)In the Linux kernel, the following vulnerability has been resolved:drm: Don&#39;t unref the same fb many times by mistake due to deadlock handlingIf we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl()we proceed to unref the fb and then retry the whole thing from the top.But we forget to reset the fb pointer back to NULL, and so if we thenget another error during the retry, before the fb lookup, we proceedthe unref the same fb again without having gotten another reference.The end result is that the fb will (eventually) end up being freedwhile it&#39;s still in use.Reset fb to NULL once we&#39;ve unreffed it to avoid doing it againuntil we&#39;ve done another fb lookup.This turned out to be pretty easy to hit on a DG2 when doing asyncflips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom Isaw that drm_closefb() simply got stuck in a busy loop while walkingthe framebuffer list. Fortunately I was able to convince it to oopsinstead, and from there it was easier to track down the culprit.(CVE-2023-52486)In the Linux kernel, the following vulnerability has been resolved:media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_runIn mtk_jpeg_probe, &amp;jpeg-&gt;job_timeout_work is bound withmtk_jpeg_job_timeout_work.In mtk_jpeg_dec_device_run, if error happens inmtk_jpeg_set_dec_dst, it will finally start the worker whilemark the job as finished by invoking v4l2_m2m_job_finish.There are two methods to trigger the bug. If we remove themodule, it which will call mtk_jpeg_remove to make cleanup.The possible sequence is as follows, which will cause ause-after-free bug.CPU0                  CPU1mtk_jpeg_dec_...    |  start worker&#x9;    |                    |mtk_jpeg_job_timeout_workmtk_jpeg_remove     |  v4l2_m2m_release  |    kfree(m2m_dev); |                    |                    | v4l2_m2m_get_curr_priv                    |   m2m_dev-&gt;curr_ctx //useIf we close the file descriptor, which will call mtk_jpeg_release,it will have a similar sequence.Fix this bug by starting timeout worker only if started jpegdec workersuccessfully. Then v4l2_m2m_job_finish will only be called ineither mtk_jpeg_job_timeout_work or mtk_jpeg_dec_device_run.(CVE-2023-52491)In the Linux kernel, the following vulnerability has been resolved:dmaengine: fix NULL pointer in channel unregistration function__dma_async_device_channel_register() can fail. In case of failure,chan-&gt;local is freed (with free_percpu()), and chan-&gt;local is nullified.When dma_async_device_unregister() is called (because of managed API orintentionally by DMA controller driver), channels are unconditionallyunregistered, leading to this NULL pointer:[    1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0[...][    1.484499] Call trace:[    1.486930]  device_del+0x40/0x394[    1.490314]  device_unregister+0x20/0x7c[    1.494220]  __dma_async_device_channel_unregister+0x68/0xc0Look at dma_async_device_register() function error path, channel deviceunregistration is done only if chan-&gt;local is not NULL.Then add the same condition at the beginning of__dma_async_device_channel_unregister() function, to avoid NULL pointerissue whatever the API used to reach this function.(CVE-2023-52492)In the Linux kernel, the following vulnerability has been resolved:bus: mhi: host: Drop chan lock before queuing buffersEnsure read and write locks for the channel are not taken in succession bydropping the read lock from parse_xfer_event() such that a callback givento client can potentially queue buffers and acquire the write lock in thatprocess. Any queueing of buffers should be done without channel read lockacquired as it can result in multiple locks and a soft lockup.[mani: added fixes tag and cc&#39;ed stable](CVE-2023-52493)In the Linux kernel, the following vulnerability has been resolved:bus: mhi: host: Add alignment check for event ring read pointerThough we do check the event ring read pointer by &#34;is_valid_ring_ptr&#34;to make sure it is in the buffer range, but there is another risk thepointer may be not aligned.  Since we are expecting event ring elementsare 128 bits(struct mhi_ring_element) aligned, an unaligned read pointercould lead to multiple issues like DoS or ring buffer memory corruption.So add a alignment check for event ring read pointer.(CVE-2023-52494)In the Linux kernel, the following vulnerability has been resolved:PM: sleep: Fix possible deadlocks in core system-wide PM codeIt is reported that in low-memory situations the system-wide resume corecode deadlocks, because async_schedule_dev() executes its argumentfunction synchronously if it cannot allocate memory (and not only inthat case) and that function attempts to acquire a mutex that is alreadyheld.  Executing the argument function synchronously from withindpm_async_fn() may also be problematic for ordering reasons (it maycause a consumer device&#39;s resume callback to be invoked before arequisite supplier device&#39;s one, for example).Address this by changing the code in question to useasync_schedule_dev_nocall() for scheduling the asynchronousexecution of device suspend and resume functions and to directlyrun them synchronously if async_schedule_dev_nocall() returns false.(CVE-2023-52498)In the Linux kernel, the following vulnerability has been resolved:tee: amdtee: fix use-after-free vulnerability in amdtee_close_sessionThere is a potential race condition in amdtee_close_session that maycause use-after-free in amdtee_open_session. For instance, if a sessionhas refcount == 1, and one thread tries to free this session via:    kref_put(&amp;sess-&gt;refcount, destroy_session);the reference count will get decremented, and the next step would be tocall destroy_session(). However, if in another thread,amdtee_open_session() is called before destroy_session() has completedexecution, alloc_session() may return &#39;sess&#39; that will be freed uplater in destroy_session() leading to use-after-free inamdtee_open_session.To fix this issue, treat decrement of sess-&gt;refcount and removal of&#39;sess&#39; from session list in destroy_session() as a critical section, sothat it is executed atomically.(CVE-2023-52503)In the Linux kernel, the following vulnerability has been resolved:x86/alternatives: Disable KASAN in apply_alternatives()Fei has reported that KASAN triggers during apply_alternatives() ona 5-level paging machine:&#x9;BUG: KASAN: out-of-bounds in rcu_is_watching()&#x9;Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0&#x9;...&#x9;__asan_load4()&#x9;rcu_is_watching()&#x9;trace_hardirqs_on()&#x9;text_poke_early()&#x9;apply_alternatives()&#x9;...On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().KASAN gets confused when apply_alternatives() patches theKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_STARTstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.Fix it for real by disabling KASAN while the kernel is patching alternatives.[ mingo: updated the changelog ](CVE-2023-52504)In the Linux kernel, the following vulnerability has been resolved:net: nfc: llcp: Add lock when modifying device listThe device list needs its associated lock held when modifying it, or thelist could become corrupted, as syzbot discovered.(CVE-2023-52524)In the Linux kernel, the following vulnerability has been resolved:team: fix null-ptr-deref when team device type is changedGet a null-ptr-deref bug as follows with reproducer [1].BUG: kernel NULL pointer dereference, address: 0000000000000228...RIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q]...Call Trace: &lt;TASK&gt; ? __die+0x24/0x70 ? page_fault_oops+0x82/0x150 ? exc_page_fault+0x69/0x150 ? asm_exc_page_fault+0x26/0x30 ? vlan_dev_hard_header+0x35/0x140 [8021q] ? vlan_dev_hard_header+0x8e/0x140 [8021q] neigh_connected_output+0xb2/0x100 ip6_finish_output2+0x1cb/0x520 ? nf_hook_slow+0x43/0xc0 ? ip6_mtu+0x46/0x80 ip6_finish_output+0x2a/0xb0 mld_sendpack+0x18f/0x250 mld_ifc_work+0x39/0x160 process_one_work+0x1e6/0x3f0 worker_thread+0x4d/0x2f0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30[1]$ teamd -t team0 -d -c &#39;{&#34;runner&#34;: {&#34;name&#34;: &#34;loadbalance&#34;}}&#39;$ ip link add name t-dummy type dummy$ ip link add link t-dummy name t-dummy.100 type vlan id 100$ ip link add name t-nlmon type nlmon$ ip link set t-nlmon master team0$ ip link set t-nlmon nomaster$ ip link set t-dummy up$ ip link set team0 up$ ip link set t-dummy.100 down$ ip link set t-dummy.100 master team0When enslave a vlan device to team device and team device type is changedfrom non-ether to ether, header_ops of team device is changed tovlan_header_ops. That is incorrect and will trigger null-ptr-dereffor vlan-&gt;real_dev in vlan_dev_hard_header() because team device is nota vlan device.Cache eth_header_ops in team_setup(), then assign cached header_ops toheader_ops of team net device when its type is changed from non-etherto ether to fix the bug.(CVE-2023-52574)In the Linux kernel, the following vulnerability has been resolved:powerpc/mm: Fix null-pointer dereference in pgtable_cache_addkasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure. Ensure the allocation was successfulby checking the pointer validity.(CVE-2023-52607)In the Linux kernel, the following vulnerability has been resolved:firmware: arm_scmi: Check mailbox/SMT channel for consistencyOn reception of a completion interrupt the shared memory area is accessedto retrieve the message header at first and then, if the message sequencenumber identifies a transaction which is still pending, the relatedpayload is fetched too.When an SCMI command times out the channel ownership remains with theplatform until eventually a late reply is received and, as a consequence,any further transmission attempt remains pending, waiting for the channelto be relinquished by the platform.Once that late reply is received the channel ownership is given backto the agent and any pending request is then allowed to proceed andoverwrite the SMT area of the just delivered late reply; then the waitfor the reply to the new request starts.It has been observed that the spurious IRQ related to the late reply canbe wrongly associated with the freshly enqueued request: when that happensthe SCMI stack in-flight lookup procedure is fooled by the fact that themessage header now present in the SMT area is related to the new pendingtransaction, even though the real reply has still to arrive.This race-condition on the A2P channel can be detected by looking at thechannel status bits: a genuine reply from the platform will have set thechannel free bit before triggering the completion IRQ.Add a consistency check to validate such condition in the A2P ISR.(CVE-2023-52608)In the Linux kernel, the following vulnerability has been resolved:PCI: switchtec: Fix stdev_release() crash after surprise hot removeA PCI device hot removal may occur while stdev-&gt;cdev is held open. The callto stdev_release() then happens during close or exit, at a point way pastswitchtec_pci_remove(). Otherwise the last ref would vanish with thetrailing put_device(), just before return.At that later point in time, the devm cleanup has already removed thestdev-&gt;mmio_mrpc mapping. Also, the stdev-&gt;pdev reference was not a countedone. Therefore, in DMA mode, the iowrite32() in stdev_release() will causea fatal page fault, and the subsequent dma_free_coherent(), if reached,would pass a stale &amp;stdev-&gt;pdev-&gt;dev pointer.Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), afterstdev_kill(). Counting the stdev-&gt;pdev ref is now optional, but may preventfuture accidents.Reproducible via the script athttps://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com(CVE-2023-52617)A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.(CVE-2023-7042)A race condition was found in the Linux kernel&#39;s media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.(CVE-2024-24861)In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix global oob in ksmbd_nl_policySimilar to a reported issue (check the commit b33fb5b801c6 (&#34;net:qualcomm: rmnet: fix global oob in rmnet_policy&#34;), my local fuzzer findsanother global out-of-bounds read for policy ksmbd_nl_policy. See bugtrace below:==================================================================BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600Read of size 1 at addr ffffffff8f24b100 by task syz-executor.1/62810CPU: 0 PID: 62810 Comm: syz-executor.1 Tainted: G                 N 6.1.0 #3Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014Call Trace: &lt;TASK&gt; __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c:495 validate_nla lib/nlattr.c:386 [inline] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 __nlmsg_parse include/net/netlink.h:748 [inline] genl_family_rcv_msg_attrs_parse.constprop.0+0x1b0/0x290 net/netlink/genetlink.c:565 genl_family_rcv_msg_doit+0xda/0x330 net/netlink/genetlink.c:734 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline] genl_rcv_msg+0x441/0x780 net/netlink/genetlink.c:850 netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540 genl_rcv+0x24/0x40 net/netlink/genetlink.c:861 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0x154/0x190 net/socket.c:734 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcdRIP: 0033:0x7fdd66a8f359Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48RSP: 002b:00007fdd65e00168 EFLAGS: 00000246 ORIG_RAX: 000000000000002eRAX: ffffffffffffffda RBX: 00007fdd66bbcf80 RCX: 00007fdd66a8f359RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000003RBP: 00007fdd66ada493 R08: 0000000000000000 R09: 0000000000000000R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000R13: 00007ffc84b81aff R14: 00007fdd65e00300 R15: 0000000000022000 &lt;/TASK&gt;The buggy address belongs to the variable: ksmbd_nl_policy+0x100/0xa80The buggy address belongs to the physical page:page:0000000034f47940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ccc4bflags: 0x200000000001000(reserved|node=0|zone=2)raw: 0200000000001000 ffffea00073312c8 ffffea00073312c8 0000000000000000raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000page dumped because: kasan: bad access detectedMemory state around the buggy address: ffffffff8f24b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff8f24b080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&gt;ffffffff8f24b100: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 00 07 f9                   ^ ffffffff8f24b180: f9 f9 f9 f9 00 05 f9 f9 f9 f9 f9 f9 00 00 00 05 ffffffff8f24b200: f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 00 00 04 f9==================================================================To fix it, add a placeholder named __KSMBD_EVENT_MAX and letKSMBD_EVENT_MAX to be its original value - 1 according to what othernetlink families do. Also change two sites that refer theKSMBD_EVENT_MAX to correct value.(CVE-2024-26608)In the Linux kernel, the following vulnerability has been resolved:net/smc: fix illegal rmb_desc access in SMC-D connection dumpA crash was found when dumping SMC-D connections. It can be reproducedby following steps:- run nginx/wrk test:  smc_run nginx  smc_run wrk -t 16 -c 1000 -d &lt;duration&gt; -H &#39;Connection: Close&#39; &lt;URL&gt;- continuously dump SMC-D connections in parallel:  watch -n 1 &#39;smcss -D&#39; BUG: kernel NULL pointer dereference, address: 0000000000000030 CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G&#x9;E      6.7.0+ #55 RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag] Call Trace:  &lt;TASK&gt;  ? __die+0x24/0x70  ? page_fault_oops+0x66/0x150  ? exc_page_fault+0x69/0x140  ? asm_exc_page_fault+0x26/0x30  ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]  ? __kmalloc_node_track_caller+0x35d/0x430  ? __alloc_skb+0x77/0x170  smc_diag_dump_proto+0xd0/0xf0 [smc_diag]  smc_diag_dump+0x26/0x60 [smc_diag]  netlink_dump+0x19f/0x320  __netlink_dump_start+0x1dc/0x300  smc_diag_handler_dump+0x6a/0x80 [smc_diag]  ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag]  sock_diag_rcv_msg+0x121/0x140  ? __pfx_sock_diag_rcv_msg+0x10/0x10  netlink_rcv_skb+0x5a/0x110  sock_diag_rcv+0x28/0x40  netlink_unicast+0x22a/0x330  netlink_sendmsg+0x1f8/0x420  __sock_sendmsg+0xb0/0xc0  ____sys_sendmsg+0x24e/0x300  ? copy_msghdr_from_user+0x62/0x80  ___sys_sendmsg+0x7c/0xd0  ? __do_fault+0x34/0x160  ? do_read_fault+0x5f/0x100  ? do_fault+0xb0/0x110  ? __handle_mm_fault+0x2b0/0x6c0  __sys_sendmsg+0x4d/0x80  do_syscall_64+0x69/0x180  entry_SYSCALL_64_after_hwframe+0x6e/0x76It is possible that the connection is in process of being establishedwhen we dump it. Assumed that the connection has been registered in alink group by smc_conn_create() but the rmb_desc has not yet beeninitialized by smc_buf_create(), thus causing the illegal access toconn-&gt;rmb_desc. So fix it by checking before dump.(CVE-2024-26615)In the Linux kernel, the following vulnerability has been resolved:ALSA: sh: aica: reorder cleanup operations to avoid UAF bugsThe dreamcastcard-&gt;timer could schedule the spu_dma_work and thespu_dma_work could also arm the dreamcastcard-&gt;timer.When the snd_pcm_substream is closing, the aica_channel will bedeallocated. But it could still be dereferenced in the workerthread. The reason is that del_timer() will return directlyregardless of whether the timer handler is running or not andthe worker could be rescheduled in the timer handler. As a result,the UAF bug will happen. The racy situation is shown below:      (Thread 1)                 |      (Thread 2)snd_aicapcm_pcm_close()          | ...                             |  run_spu_dma() //worker                                 |    mod_timer()  flush_work()                   |  del_timer()                    |  aica_period_elapsed() //timer  kfree(dreamcastcard-&gt;channel)  |    schedule_work()                                 |  run_spu_dma() //worker  ...                            |    dreamcastcard-&gt;channel-&gt; //USEIn order to mitigate this bug and other possible corner cases,call mod_timer() conditionally in run_spu_dma(), then implementPCM sync_stop op to cancel both the timer and worker. The sync_stopop will be called from PCM core appropriately when needed.(CVE-2024-26654)In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: fix use-after-free bugThe bug can be triggered by sending a single amdgpu_gem_userptr_ioctlto the AMDGPU DRM driver on any ASICs with an invalid address and size.The bug was reported by Joonkyo Jung &lt;joonkyoj@yonsei.ac.kr&gt;.For example the following code:static void Syzkaller1(int fd){&#x9;struct drm_amdgpu_gem_userptr arg;&#x9;int ret;&#x9;arg.addr = 0xffffffffffff0000;&#x9;arg.size = 0x80000000; /*2 Gb*/&#x9;arg.flags = 0x7;&#x9;ret = drmIoctl(fd, 0xc1186451/*amdgpu_gem_userptr_ioctl*/, &amp;arg);}Due to the address and size are not valid there is a failure inamdgpu_hmm_register-&gt;mmu_interval_notifier_insert-&gt;__mmu_interval_notifier_insert-&gt;check_shl_overflow, but we even the amdgpu_hmm_register failure we still callamdgpu_hmm_unregister into  amdgpu_gem_object_free which causes access to a bad address.The following stack is below when the issue is reproduced when Kazan is enabled:[  +0.000014] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020[  +0.000009] RIP: 0010:mmu_interval_notifier_remove+0x327/0x340[  +0.000017] Code: ff ff 49 89 44 24 08 48 b8 00 01 00 00 00 00 ad de 4c 89 f7 49 89 47 40 48 83 c0 22 49 89 47 48 e8 ce d1 2d 01 e9 32 ff ff ff &lt;0f&gt; 0b e9 16 ff ff ff 4c 89 ef e8 fa 14 b3 ff e9 36 ff ff ff e8 80[  +0.000014] RSP: 0018:ffffc90002657988 EFLAGS: 00010246[  +0.000013] RAX: 0000000000000000 RBX: 1ffff920004caf35 RCX: ffffffff8160565b[  +0.000011] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8881a9f78260[  +0.000010] RBP: ffffc90002657a70 R08: 0000000000000001 R09: fffff520004caf25[  +0.000010] R10: 0000000000000003 R11: ffffffff8161d1d6 R12: ffff88810e988c00[  +0.000010] R13: ffff888126fb5a00 R14: ffff88810e988c0c R15: ffff8881a9f78260[  +0.000011] FS:  00007ff9ec848540(0000) GS:ffff8883cc880000(0000) knlGS:0000000000000000[  +0.000012] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033[  +0.000010] CR2: 000055b3f7e14328 CR3: 00000001b5770000 CR4: 0000000000350ef0[  +0.000010] Call Trace:[  +0.000006]  &lt;TASK&gt;[  +0.000007]  ? show_regs+0x6a/0x80[  +0.000018]  ? __warn+0xa5/0x1b0[  +0.000019]  ? mmu_interval_notifier_remove+0x327/0x340[  +0.000018]  ? report_bug+0x24a/0x290[  +0.000022]  ? handle_bug+0x46/0x90[  +0.000015]  ? exc_invalid_op+0x19/0x50[  +0.000016]  ? asm_exc_invalid_op+0x1b/0x20[  +0.000017]  ? kasan_save_stack+0x26/0x50[  +0.000017]  ? mmu_interval_notifier_remove+0x23b/0x340[  +0.000019]  ? mmu_interval_notifier_remove+0x327/0x340[  +0.000019]  ? mmu_interval_notifier_remove+0x23b/0x340[  +0.000020]  ? __pfx_mmu_interval_notifier_remove+0x10/0x10[  +0.000017]  ? kasan_save_alloc_info+0x1e/0x30[  +0.000018]  ? srso_return_thunk+0x5/0x5f[  +0.000014]  ? __kasan_kmalloc+0xb1/0xc0[  +0.000018]  ? srso_return_thunk+0x5/0x5f[  +0.000013]  ? __kasan_check_read+0x11/0x20[  +0.000020]  amdgpu_hmm_unregister+0x34/0x50 [amdgpu][  +0.004695]  amdgpu_gem_object_free+0x66/0xa0 [amdgpu][  +0.004534]  ? __pfx_amdgpu_gem_object_free+0x10/0x10 [amdgpu][  +0.004291]  ? do_syscall_64+0x5f/0xe0[  +0.000023]  ? srso_return_thunk+0x5/0x5f[  +0.000017]  drm_gem_object_free+0x3b/0x50 [drm][  +0.000489]  amdgpu_gem_userptr_ioctl+0x306/0x500 [amdgpu][  +0.004295]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu][  +0.004270]  ? srso_return_thunk+0x5/0x5f[  +0.000014]  ? __this_cpu_preempt_check+0x13/0x20[  +0.000015]  ? srso_return_thunk+0x5/0x5f[  +0.000013]  ? sysvec_apic_timer_interrupt+0x57/0xc0[  +0.000020]  ? srso_return_thunk+0x5/0x5f[  +0.000014]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20[  +0.000022]  ? drm_ioctl_kernel+0x17b/0x1f0 [drm][  +0.000496]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu][  +0.004272]  ? drm_ioctl_kernel+0x190/0x1f0 [drm][  +0.000492]  drm_ioctl_kernel+0x140/0x1f0 [drm][  +0.000497]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu][  +0.004297]  ? __pfx_drm_ioctl_kernel+0x10/0x10 [d---truncated---(CVE-2024-26656)In the Linux kernel, the following vulnerability has been resolved:nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()Syzbot reported a hang issue in migrate_pages_batch() called by mbind()and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2.While migrate_pages_batch() locks a folio and waits for the writeback tocomplete, the log writer thread that should bring the writeback tocompletion picks up the folio being written back innilfs_lookup_dirty_data_buffers() that it calls for subsequent logcreation and was trying to lock the folio.  Thus causing a deadlock.In the first place, it is unexpected that folios/pages in the middle ofwriteback will be updated and become dirty.  Nilfs2 adds a checksum toverify the validity of the log being written and uses it for recovery atmount, so data changes during writeback are suppressed.  Since this isbroken, an unclean shutdown could potentially cause recovery to fail.Investigation revealed that the root cause is that the wait for writebackcompletion in nilfs_page_mkwrite() is conditional, and if the backingdevice does not require stable writes, data may be modified withoutwaiting.Fix these issues by making nilfs_page_mkwrite() wait for writeback tofinish regardless of the stable write requirement of the backing device.(CVE-2024-26696)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="python3-perf-debuginfo" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-headers" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool-debuginfo" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="bpftool" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-source" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-debuginfo" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-devel" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="perf-debuginfo" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="python3-perf" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debuginfo" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-debugsource" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="kernel-tools-devel" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.135.0.162.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf-debuginfo" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>python3-perf-debuginfo-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool-debuginfo" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>bpftool-debuginfo-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-devel" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-tools-devel-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>perf-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools-debuginfo" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-tools-debuginfo-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debugsource" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-debugsource-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-headers" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-headers-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-tools" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-tools-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-debuginfo" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-debuginfo-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-devel" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-devel-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="perf-debuginfo" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>perf-debuginfo-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="kernel-source" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>kernel-source-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="python3-perf" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>python3-perf-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="bpftool" release="60.135.0.162.ule3" version="5.10.0">
+                         <filename>bpftool-5.10.0-60.135.0.162.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1502</id>
+          <title>An update for less is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-32487" id="CVE-2024-32487" title="CVE-2024-32487" type="cve"></reference>
+          </references>
+          <description>less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.(CVE-2024-32487)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="less" release="6.ule3" version="590">
+                         <filename>less-590-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="less-debuginfo" release="6.ule3" version="590">
+                         <filename>less-debuginfo-590-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="less-debugsource" release="6.ule3" version="590">
+                         <filename>less-debugsource-590-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="less-help" release="6.ule3" version="590">
+                         <filename>less-help-590-6.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="less" release="6.ule3" version="590">
+                         <filename>less-590-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="less-debugsource" release="6.ule3" version="590">
+                         <filename>less-debugsource-590-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="less-debuginfo" release="6.ule3" version="590">
+                         <filename>less-debuginfo-590-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1503</id>
+          <title>An update for skopeo is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2022-41723" id="CVE-2022-41723" title="CVE-2022-41723" type="cve"></reference>
+          </references>
+          <description>A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="skopeo" release="5.ule3" version="1.5.2">
+                         <filename>skopeo-1.5.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="containers-common" release="5.ule3" version="1.5.2">
+                         <filename>containers-common-1.5.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="skopeo-debuginfo" release="5.ule3" version="1.5.2">
+                         <filename>skopeo-debuginfo-1.5.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="skopeo-debugsource" release="5.ule3" version="1.5.2">
+                         <filename>skopeo-debugsource-1.5.2-5.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="skopeo-debuginfo" release="5.ule3" version="1.5.2">
+                         <filename>skopeo-debuginfo-1.5.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="skopeo-debugsource" release="5.ule3" version="1.5.2">
+                         <filename>skopeo-debugsource-1.5.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="skopeo" release="5.ule3" version="1.5.2">
+                         <filename>skopeo-1.5.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="containers-common" release="5.ule3" version="1.5.2">
+                         <filename>containers-common-1.5.2-5.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1506</id>
+          <title>An update for gnutls is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-28835" id="CVE-2024-28835" title="CVE-2024-28835" type="cve"></reference>
+          </references>
+          <description>A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the &#34;certtool --verify-chain&#34; command.(CVE-2024-28835)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="gnutls-utils" release="13.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls" release="13.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-devel" release="13.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debugsource" release="13.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="gnutls-debuginfo" release="13.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-13.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="gnutls-help" release="13.ule3" version="3.7.2">
+                         <filename>gnutls-help-3.7.2-13.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debugsource" release="13.ule3" version="3.7.2">
+                         <filename>gnutls-debugsource-3.7.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-debuginfo" release="13.ule3" version="3.7.2">
+                         <filename>gnutls-debuginfo-3.7.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-devel" release="13.ule3" version="3.7.2">
+                         <filename>gnutls-devel-3.7.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls" release="13.ule3" version="3.7.2">
+                         <filename>gnutls-3.7.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="gnutls-utils" release="13.ule3" version="3.7.2">
+                         <filename>gnutls-utils-3.7.2-13.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1513</id>
+          <title>An update for edk2 is now available for openEuler-22.03-LTS</title>
+          <severity>Moderate</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-2511" id="CVE-2024-2511" title="CVE-2024-2511" type="cve"></reference>
+          </references>
+          <description>Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations to triggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option isbeing used (but not if early_data support is also configured and the defaultanti-replay protection is in use). In this case, under certain conditions, thesession cache can get into an incorrect state and it will fail to flush properlyas it fills. The session cache will continue to grow in an unbounded manner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normal operation.This issue only affects TLS servers supporting TLSv1.3. It does not affect TLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL1.0.2 is also not affected by this issue.(CVE-2024-2511)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="edk2-debuginfo" release="17.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-debugsource" release="17.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="edk2-devel" release="17.ule3" version="202011">
+                         <filename>edk2-devel-202011-17.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="python3-edk2-devel" release="17.ule3" version="202011">
+                         <filename>python3-edk2-devel-202011-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-aarch64" release="17.ule3" version="202011">
+                         <filename>edk2-aarch64-202011-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-ovmf" release="17.ule3" version="202011">
+                         <filename>edk2-ovmf-202011-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="noarch" name="edk2-help" release="17.ule3" version="202011">
+                         <filename>edk2-help-202011-17.ule3.noarch.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-devel" release="17.ule3" version="202011">
+                         <filename>edk2-devel-202011-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debuginfo" release="17.ule3" version="202011">
+                         <filename>edk2-debuginfo-202011-17.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="edk2-debugsource" release="17.ule3" version="202011">
+                         <filename>edk2-debugsource-202011-17.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1514</id>
+          <title>An update for firefox is now available for openEuler-22.03-LTS</title>
+          <severity>Important</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2023-44488" id="CVE-2023-44488" title="CVE-2023-44488" type="cve"></reference>
+          </references>
+          <description>VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.(CVE-2023-44488)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="firefox" release="6.ule3" version="102.15.0">
+                         <filename>firefox-102.15.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debugsource" release="6.ule3" version="102.15.0">
+                         <filename>firefox-debugsource-102.15.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="firefox-debuginfo" release="6.ule3" version="102.15.0">
+                         <filename>firefox-debuginfo-102.15.0-6.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debugsource" release="6.ule3" version="102.15.0">
+                         <filename>firefox-debugsource-102.15.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox-debuginfo" release="6.ule3" version="102.15.0">
+                         <filename>firefox-debuginfo-102.15.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="firefox" release="6.ule3" version="102.15.0">
+                         <filename>firefox-102.15.0-6.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+     <update from="openeuler.org" type="security" status="stable">
+          <id>openEuler-SA-2024-1515</id>
+          <title>An update for freerdp is now available for openEuler-22.03-LTS</title>
+          <severity>Critical</severity>
+          <release>openEuler</release>
+          <issued date="2024-04-26"></issued>
+          <references>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-32039" id="CVE-2024-32039" title="CVE-2024-32039" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-32040" id="CVE-2024-32040" title="CVE-2024-32040" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-32041" id="CVE-2024-32041" title="CVE-2024-32041" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-32458" id="CVE-2024-32458" title="CVE-2024-32458" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-32459" id="CVE-2024-32459" title="CVE-2024-32459" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-32460" id="CVE-2024-32460" title="CVE-2024-32460" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-32658" id="CVE-2024-32658" title="CVE-2024-32658" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-32659" id="CVE-2024-32659" title="CVE-2024-32659" type="cve"></reference>
+               <reference href="https://nvd.nist.gov/vuln/detail/CVE-2024-32660" id="CVE-2024-32660" title="CVE-2024-32660" type="cve"></reference>
+          </references>
+          <description>FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).(CVE-2024-32039)FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).(CVE-2024-32040)FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.(CVE-2024-32041)FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).(CVE-2024-32458)FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.(CVE-2024-32459)FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.(CVE-2024-32460)FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.(CVE-2024-32658)FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.(CVE-2024-32659)FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.(CVE-2024-32660)</description>
+          <pkglist>
+               <collection>
+                    <name>openEuler</name>
+                    <package arch="aarch64" name="libwinpr-devel" release="1.ule3" version="2.11.7">
+                         <filename>libwinpr-devel-2.11.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freerdp" release="1.ule3" version="2.11.7">
+                         <filename>freerdp-2.11.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freerdp-debugsource" release="1.ule3" version="2.11.7">
+                         <filename>freerdp-debugsource-2.11.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="libwinpr" release="1.ule3" version="2.11.7">
+                         <filename>libwinpr-2.11.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freerdp-debuginfo" release="1.ule3" version="2.11.7">
+                         <filename>freerdp-debuginfo-2.11.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freerdp-help" release="1.ule3" version="2.11.7">
+                         <filename>freerdp-help-2.11.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="aarch64" name="freerdp-devel" release="1.ule3" version="2.11.7">
+                         <filename>freerdp-devel-2.11.7-1.ule3.aarch64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwinpr-devel" release="1.ule3" version="2.11.7">
+                         <filename>libwinpr-devel-2.11.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freerdp" release="1.ule3" version="2.11.7">
+                         <filename>freerdp-2.11.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freerdp-debuginfo" release="1.ule3" version="2.11.7">
+                         <filename>freerdp-debuginfo-2.11.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="libwinpr" release="1.ule3" version="2.11.7">
+                         <filename>libwinpr-2.11.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freerdp-help" release="1.ule3" version="2.11.7">
+                         <filename>freerdp-help-2.11.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freerdp-debugsource" release="1.ule3" version="2.11.7">
+                         <filename>freerdp-debugsource-2.11.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+                    <package arch="x86_64" name="freerdp-devel" release="1.ule3" version="2.11.7">
+                         <filename>freerdp-devel-2.11.7-1.ule3.x86_64.rpm</filename>
+                    </package>
+               </collection>
+          </pkglist>
+     </update>
+</updates>