Affected:
- openSUSE:Backports:SLE-15-SP3/squirrel  3.0.7
- openSUSE:Backports:SLE-15-SP4/squirrel  3.0.7
- openSUSE:Factory/squirrel               3.0.7

This is an autogenerated message for OBS integration:
This bug (1201974) was mentioned in
https://build.opensuse.org/request/show/1058212 Factory / squirrel

Wolfgang, can you please copy the Factory package to the Backport repositories mentioned by Hu in comment#1 ?
That should fix the problem for PackageHub.

I created two maintenance requests for updating squirrel in openSUSE:Backports:SLE-15-SP3:Update and openSUSE:Backports:SLE-15-SP4:Update
It was already updated in openSUSE:Backports:SLE-15-SP5

This is an autogenerated message for OBS integration:
This bug (1201974) was mentioned in
https://build.opensuse.org/request/show/1072379 Backports:SLE-15-SP4 / squirrel

Just to repeat what I wrote in the submit request for SP4...

Looks like upstream doesn't really care much about ABI stability between versions here. Since this package includes a -devel package, the patch probably should be backported for SP4, as it looks simple enough.

The ABI changes here should include SONAME change (SOVER increase) since old code will just *not* run with the new library.

The following is a small sample looking at the header diff from the -devel subpackage


< SQUIRREL_API SQRESULT sq_getclosureinfo(HSQUIRRELVM v,SQInteger idx,SQUnsignedInteger *nparams,SQUnsignedInteger *nfreevars);
---
> SQUIRREL_API SQRESULT sq_getclosureinfo(HSQUIRRELVM v,SQInteger idx,SQInteger *nparams,SQInteger *nfreevars);

SP4 backport fix submitted in https://build.opensuse.org/request/show/1073131

openSUSE-SU-2023:0080-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1201974
CVE References: CVE-2021-41556
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    squirrel-3.0.7-bp154.3.3.1

Closing bug.