Description: "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions."
@maintainer(s), please create an appropriate ebuild
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfd2964a5f3220b1aff8aff09caa32dac521e4fc commit bfd2964a5f3220b1aff8aff09caa32dac521e4fc Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-04-02 00:22:18 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-04-02 00:23:46 +0000 app-emulation/buildah: Remove vulnerable versions Bug: https://bugs.gentoo.org/715822 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-emulation/buildah/Manifest | 9 ----- app-emulation/buildah/buildah-1.11.5-r1.ebuild | 56 -------------------------- app-emulation/buildah/buildah-1.11.6.ebuild | 56 -------------------------- app-emulation/buildah/buildah-1.12.0.ebuild | 50 ----------------------- app-emulation/buildah/buildah-1.13.1.ebuild | 50 ----------------------- app-emulation/buildah/buildah-1.14.0.ebuild | 50 ----------------------- app-emulation/buildah/buildah-1.14.2.ebuild | 50 ----------------------- app-emulation/buildah/buildah-1.14.3.ebuild | 47 --------------------- app-emulation/buildah/buildah-1.14.4.ebuild | 47 --------------------- 9 files changed, 415 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79b2c618fff2d7d600b22404da0c1f5d16c58dcc commit 79b2c618fff2d7d600b22404da0c1f5d16c58dcc Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-04-02 00:20:56 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-04-02 00:23:46 +0000 app-emulation/buildah: Bump to version 1.14.5 Bug: https://bugs.gentoo.org/715822 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-emulation/buildah/Manifest | 1 + app-emulation/buildah/buildah-1.14.5.ebuild | 47 +++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+)
Cleanup done. I'm nominating you for an award for speed this month. Thank you! Closing because noglsa, tree clean.
