[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2023-30549

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 1 16:10:44 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8671af22 by Salvatore Bonaccorso at 2023-08-01T17:10:14+02:00
Update notes for CVE-2023-30549

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12148,8 +12148,14 @@ CVE-2023-30551 (Rekor is an open source software supply chain transparency log.
 CVE-2023-30550 (MeterSphere is an open source continuous testing platform, covering fu ...)
 	NOT-FOR-US: MeterSphere
 CVE-2023-30549 (Apptainer is an open source container platform for Linux. There is an  ...)
-	- singularity-container <unfixed> (bug #1035026)
+	- singularity-container <unfixed> (bug #1035026; unimportant)
 	NOTE: https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg
+	NOTE: Sylabs and Apptainer projects are in disagreement to track this issue and
+	NOTE: their handling with respect to unpatches filesystem vulnerabilities. Sylanbs
+	NOTE: will add a configuration option to disable all mounts of extfs file systems
+	NOTE: as well in a future singularity-container version, as similar done by the
+	NOTE: Apptainer project.
+	NOTE: Details in https://sylabs.io/2023/04/response-to-cve-2023-30549/
 CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the gatsby framework which exposes ...)
 	NOT-FOR-US: gatsby-plugin-sharp
 CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8671af22eda83143c6c33508a7ead2ff3c6aebaa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8671af22eda83143c6c33508a7ead2ff3c6aebaa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230801/e077674c/attachment.htm>

More information about the debian-security-tracker-commits mailing list