{"affected":[{"ecosystem_specific":{"binaries":[{"hauler":"1.4.1-bp160.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"hauler","purl":"pkg:rpm/opensuse/hauler&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.1-bp160.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for hauler fixes the following issues:\n\nChanges in hauler:\n\n- Update to version 1.4.1 (bsc#1256546, CVE-2026-22772):\n  * fixed typos for containerd imports (#493)\n  * fix and support containerd imports of `hauls` (#492)\n  * bump github.com/sigstore/fulcio (#489)\n\n- Update to version 1.4.0:\n  * added/updated logging for `serve` and `remove` (#487)\n  * added/fixed helm chart images/dependencies features (#485)\n  * more experimental feature updates (#486)\n  * add experimental notes (#483)\n  * updated tempdir flag to store persistent flags (#484)\n  * delete artifacts from store (#473)\n  * path rewrites (#475)\n  * updated/fixed workflow dependency versions (#478)\n\n- Update to version 1.3.2:\n  * bump to latest cosign fork release (#481)\n  * Bump golang.org/x/crypto in the go_modules group across 1 directory (#476)\n","id":"openSUSE-RU-2026:20161-1","modified":"2026-01-27T17:25:17Z","published":"2026-01-27T17:25:17Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1256546"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-22772"}],"related":["CVE-2026-22772"],"summary":"Recommended update for hauler","upstream":["CVE-2026-22772"]}