[pkg-go] Bug#1108473: podman: CVE-2025-6032
Moritz Mühlenhoff
jmm at inutil.org
Sun Jun 29 13:02:29 BST 2025
Package: podman
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for podman.
CVE-2025-6032[0]:
| A flaw was found in Podman. The podman machine init command fails to
| verify the TLS certificate when downloading the VM images from an
| OCI registry. This issue results in a Man In The Middle attack.
https://github.com/advisories/GHSA-65gg-3w2w-hr4h
https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-6032
https://www.cve.org/CVERecord?id=CVE-2025-6032
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-go-maintainers
mailing list