| Summary: | <app-containers/podman-4.8.3: Terrapin vulnerability | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Rahil Bhimjiani <me> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | IN_PROGRESS --- | ||
| Severity: | minor | CC: | me, proxy-maint, zmedico |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 921291 | ||
| Bug Blocks: | 920280 | ||
|
Description
Rahil Bhimjiani
2024-01-03 14:33:30 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b4ac5adf3edb686d0b225dccb76de376835ad29 commit 6b4ac5adf3edb686d0b225dccb76de376835ad29 Author: Rahil Bhimjiani <me@rahil.rocks> AuthorDate: 2024-01-03 14:28:50 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-01-03 18:19:41 +0000 app-containers/podman: drop 4.5.x Signed-off-by: Rahil Bhimjiani <me@rahil.rocks> Bug: https://bugs.gentoo.org/921290 Closes: https://github.com/gentoo/gentoo/pull/34617 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/podman/Manifest | 1 - app-containers/podman/podman-4.5.0-r1.ebuild | 149 ----------------------- app-containers/podman/podman-4.5.0.ebuild | 172 --------------------------- 3 files changed, 322 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dbfe243252380a5c8cf873578f543042d0ef6ae4 commit dbfe243252380a5c8cf873578f543042d0ef6ae4 Author: Rahil Bhimjiani <me@rahil.rocks> AuthorDate: 2024-01-03 14:20:39 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-01-03 18:19:40 +0000 app-containers/podman: add 4.8.3 Security * Fixed GHSA-45x7-px36-x8w8 (https://github.com/advisories/GHSA-45x7-px36-x8w8) : CVE-2023-48795 by vendoring golang.org/x/crypto v0.17.0. Signed-off-by: Rahil Bhimjiani <me@rahil.rocks> Bug: https://bugs.gentoo.org/921290 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/podman/Manifest | 1 + app-containers/podman/podman-4.8.3.ebuild | 136 ++++++++++++++++++++++++++++++ 2 files changed, 137 insertions(+) oops. Apologies from my side. I did Resolved->Fixed and then read the note ""Note: Please do not mark this bug as resolved after bumping or stabilizing. The Security Team will take care of that. Thanks." Hope it's all fine. (In reply to Rahil Bhimjiani from comment #2) > oops. Apologies from my side. I did Resolved->Fixed and then read the note > ""Note: Please do not mark this bug as resolved after bumping or > stabilizing. The Security Team will take care of that. Thanks." I've reopened the bug. There is still more work for the maintainers as they need to clean up vulnerable versions. We also need to consider issuing a GLSA. Updated the whiteboard accordingly. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cb46c43c3629b8b167c311e860cbc9c607d7e23 commit 0cb46c43c3629b8b167c311e860cbc9c607d7e23 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2024-01-08 08:12:57 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-01-08 08:13:46 +0000 app-containers/podman: drop 4.7.2, 4.8.1, 4.8.2 Bug: https://bugs.gentoo.org/921290 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/podman/Manifest | 3 - app-containers/podman/podman-4.7.2.ebuild | 135 ----------------------------- app-containers/podman/podman-4.8.1.ebuild | 136 ------------------------------ app-containers/podman/podman-4.8.2.ebuild | 136 ------------------------------ 4 files changed, 410 deletions(-) Thank you for reporting! |
