[pkg-go] Bug#1019591: libpod: CVE-2022-2989

Salvatore Bonaccorso carnil at debian.org
Tue Oct 25 21:28:12 BST 2022


On Tue, Oct 25, 2022 at 03:41:12PM -0400, Antoine Beaupré wrote:
> fixed 101959 4.2.0+ds1-1
> thanks
> > Please adjust the affected versions in the BTS as needed.
> I *believe* the fix for this is:
> https://github.com/containers/podman/pull/15696
> https://github.com/containers/podman/commit/21540161f20daffd884eba99b2cc31373c9a0ec4
> at least that's what
> https://bugzilla.redhat.com/show_bug.cgi?id=2121445
> ... links to now.
> So I *think* this is fixed in 4.2.0+ds1-1 and later, currently in
> experimental. But there's a bunch of confidential tickets on the redhat
> side of things, so it's not clear to me if the fix is complete or what.

But looking at the 4.2.0+ds1-3 it does not seem to be integrated
actually in 4.2.0 upstream, but rather probbly in a RHEL specific
branch tagged v4.2.0-rhel.

Upstream there is 

https://github.com/containers/podman/commit/5c7f28336171f0a5137edd274e45608120d31289 (v4.3.0-rc1)


More information about the Pkg-go-maintainers mailing list