[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2023-30549
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 1 16:10:44 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8671af22 by Salvatore Bonaccorso at 2023-08-01T17:10:14+02:00
Update notes for CVE-2023-30549
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12148,8 +12148,14 @@ CVE-2023-30551 (Rekor is an open source software supply chain transparency log.
CVE-2023-30550 (MeterSphere is an open source continuous testing platform, covering fu ...)
NOT-FOR-US: MeterSphere
CVE-2023-30549 (Apptainer is an open source container platform for Linux. There is an ...)
- - singularity-container <unfixed> (bug #1035026)
+ - singularity-container <unfixed> (bug #1035026; unimportant)
NOTE: https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg
+ NOTE: Sylabs and Apptainer projects are in disagreement to track this issue and
+ NOTE: their handling with respect to unpatches filesystem vulnerabilities. Sylanbs
+ NOTE: will add a configuration option to disable all mounts of extfs file systems
+ NOTE: as well in a future singularity-container version, as similar done by the
+ NOTE: Apptainer project.
+ NOTE: Details in https://sylabs.io/2023/04/response-to-cve-2023-30549/
CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the gatsby framework which exposes ...)
NOT-FOR-US: gatsby-plugin-sharp
CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8671af22eda83143c6c33508a7ead2ff3c6aebaa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8671af22eda83143c6c33508a7ead2ff3c6aebaa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230801/e077674c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list