| Summary: | app-containers/buildah: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | minor | CC: | zmedico |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | B4 [upstream] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2022-12-08 17:53:27 UTC
Mailed the RedHat CNA email to ask for more information. "Ana McTaggart updated your request with the following comments: In regards to these. These bugs come about when "podman --remote build ..." is run, thus affecting buildah, but the bug itself needs to be fixed in podman and the fix can be found https://github.com/containers/podman/pull/16315 [https://github.com/containers/podman/pull/16315], which was an external reference on the CVE. I think they're still working out a few details on how to implement it. I'm not 100% sure how/when it will be fixed in Buildah, that seems to be a point of discussion on the podman side. We're still waiting for a fixed in version there as well. Hope this helps, let me know if you have any more questions." So, the bugs are in Buildah, but can also be fixed in Podman. But no references to any upstream report in Buildah. |