[pkg-go] Bug#1019591: libpod: CVE-2022-2989
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 25 21:28:12 BST 2022
Hi,
On Tue, Oct 25, 2022 at 03:41:12PM -0400, Antoine Beaupré wrote:
> fixed 101959 4.2.0+ds1-1
> thanks
>
> > Please adjust the affected versions in the BTS as needed.
>
> I *believe* the fix for this is:
>
> https://github.com/containers/podman/pull/15696
> https://github.com/containers/podman/commit/21540161f20daffd884eba99b2cc31373c9a0ec4
>
> at least that's what
>
> https://bugzilla.redhat.com/show_bug.cgi?id=2121445
>
> ... links to now.
>
> So I *think* this is fixed in 4.2.0+ds1-1 and later, currently in
> experimental. But there's a bunch of confidential tickets on the redhat
> side of things, so it's not clear to me if the fix is complete or what.
But looking at the 4.2.0+ds1-3 it does not seem to be integrated
actually in 4.2.0 upstream, but rather probbly in a RHEL specific
branch tagged v4.2.0-rhel.
Upstream there is
https://github.com/containers/podman/commit/5c7f28336171f0a5137edd274e45608120d31289 (v4.3.0-rc1)
Regards,
Salvatore
More information about the Pkg-go-maintainers
mailing list