CVE-2020-25039 (https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7): Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. CVE-2020-25040 (https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762): Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=48b50da8ccd7882fffb3a9239b7ac9cab6b6cbdc commit 48b50da8ccd7882fffb3a9239b7ac9cab6b6cbdc Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2020-10-05 12:03:43 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2020-10-05 12:03:43 +0000 sys-cluster/singularity: remove old Bug: https://bugs.gentoo.org/746431 Signed-off-by: Marek Szuba <marecki@gentoo.org> sys-cluster/singularity/Manifest | 1 - sys-cluster/singularity/singularity-3.6.2.ebuild | 73 ------------------------ 2 files changed, 74 deletions(-)
Thanks!
