Summary: | <app-containers/skopeo-1.3.0: deadlock vulnerability through embedded app-containers/containers-storage (CVE-2021-20291) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 785895 |
Description
GLSAMaker/CVETool Bot
2021-04-26 22:25:27 UTC
Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Fix was in storage-1.28.1, so seems this was done upstream in: commit 5485daff13f3a984eeeb7dc5f840fd11612289d2 Author: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue Apr 13 08:44:26 2021 +0000 Bump github.com/containers/storage from 1.26.0 to 1.29.0 Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.26.0 to 1.29.0. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.26.0...v1.29.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Which first made it into Gentoo in: commit 779759573696a2d0ec5ec26157b1e41f637ce020 Author: Zac Medico <zmedico@gentoo.org> Date: Mon Jun 14 10:43:30 2021 -0700 app-emulation/skopeo: Bump to version 1.3.0 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> There were no stable versions of skopeo at the time, and we've been cleaned up for a long while. All done! |