"## 4.4.2 - This release fixes CVE-2023-0778, which allowed a malicious user to potentially replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system." Please bump to 4.4.2.
Looks like this was fixed a while ago.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3671dbb8919b2952a3de8b9a51e7573f2b16d234 commit 3671dbb8919b2952a3de8b9a51e7573f2b16d234 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-05 07:05:25 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-05 07:06:00 +0000 [ GLSA 202407-12 ] podman: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/829896 Bug: https://bugs.gentoo.org/870931 Bug: https://bugs.gentoo.org/896372 Bug: https://bugs.gentoo.org/921290 Bug: https://bugs.gentoo.org/923751 Bug: https://bugs.gentoo.org/927500 Bug: https://bugs.gentoo.org/927501 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-12.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+)
