CVE-2024-23651 https://github.com/advisories/GHSA-m3r6-h7wv-7xxv, CVE-2024-23652 https://github.com/advisories/GHSA-4v98-7qmw-rqr8, and CVE-2024-23653 https://github.com/advisories/GHSA-wr6v-9f75-vh2g https://github.com/containers/podman/releases/tag/v4.9.2
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17fae8ae6b2f316d1fc277d298adc179535090b6 commit 17fae8ae6b2f316d1fc277d298adc179535090b6 Author: Rahil Bhimjiani <me@rahil.rocks> AuthorDate: 2024-02-03 01:02:03 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-02-08 03:17:17 +0000 app-containers/podman: add 4.9.2 This release addresses a number of Buildkit vulnerabilities including but not limited to: CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653. Bug: https://bugs.gentoo.org/923751 Signed-off-by: Rahil Bhimjiani <me@rahil.rocks> Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/podman/Manifest | 1 + app-containers/podman/podman-4.9.2.ebuild | 136 ++++++++++++++++++++++++++++++ 2 files changed, 137 insertions(+)
Bumping up to glsa? since the lowest version in tree is 4.9.4.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3671dbb8919b2952a3de8b9a51e7573f2b16d234 commit 3671dbb8919b2952a3de8b9a51e7573f2b16d234 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-05 07:05:25 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-05 07:06:00 +0000 [ GLSA 202407-12 ] podman: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/829896 Bug: https://bugs.gentoo.org/870931 Bug: https://bugs.gentoo.org/896372 Bug: https://bugs.gentoo.org/921290 Bug: https://bugs.gentoo.org/923751 Bug: https://bugs.gentoo.org/927500 Bug: https://bugs.gentoo.org/927501 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-12.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+)
