[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3602/golang-github-containers-buildah

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
656722d8 by Salvatore Bonaccorso at 2021-07-18T09:56:50+02:00
Add CVE-2021-3602/golang-github-containers-buildah

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4585,8 +4585,13 @@ CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can resu
 	[stretch] - libphp-phpmailer <postponed> (Minor issue, fix along with next DLA)
 	NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/
 	NOTE: https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 (v6.5.0)
-CVE-2021-3602
+CVE-2021-3602 [Host environment variables leaked in build container when using chroot isolation]
 	RESERVED
+	- golang-github-containers-buildah <unfixed>
+	NOTE: https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj
+	NOTE: https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0 (main)
+	NOTE: https://github.com/containers/buildah/commit/23c478b815fb93c094070baa336bcb6a27c01683 (release-1.21)
+	NOTE: https://github.com/containers/buildah/commit/f4f2a7fc78fa4f12e2f6e6c4ab450aae0d182f3e (release-1.19)
 CVE-2021-34695
 	RESERVED
 CVE-2021-34694



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/656722d8e077fbaeff796d63706d163f17433805

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/656722d8e077fbaeff796d63706d163f17433805
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210718/4e82ef68/attachment.htm>