Summary: | <app-containers/buildah-1.33.5 multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Rahil Bhimjiani <me> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | me |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/35159 https://bugs.gentoo.org/show_bug.cgi?id=923751 https://github.com/gentoo/gentoo/pull/35502 |
||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 924456 | ||
Bug Blocks: | 924288 |
Description
Rahil Bhimjiani
2024-02-03 01:49:03 UTC
We only put fixed versions in the summary (so we update it to the first fixed versions in tree once stuff is merged). Could you also split this into podman vs buildah (file a new bug for one of them)? Thanks. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe94090c6c36be4cf9ea7f989ee41e908b8019a2 commit fe94090c6c36be4cf9ea7f989ee41e908b8019a2 Author: Rahil Bhimjiani <me@rahil.rocks> AuthorDate: 2024-02-03 00:57:28 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-02-08 03:17:17 +0000 app-containers/buildah: add 1.33.5 This release addresses a number of Buildkit vulnerabilities including but not limited to: CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653. Bug: https://bugs.gentoo.org/923650 Signed-off-by: Rahil Bhimjiani <me@rahil.rocks> Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/buildah/Manifest | 1 + app-containers/buildah/buildah-1.33.5.ebuild | 125 +++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bac2d4fb3007aa999ed3ae25c276a79ee19c66f8 commit bac2d4fb3007aa999ed3ae25c276a79ee19c66f8 Author: Rahil Bhimjiani <me@rahil.rocks> AuthorDate: 2024-02-23 07:33:29 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-03-07 01:01:26 +0000 app-containers/buildah: add 1.34.1 security fixes and some more features https://github.com/containers/buildah/releases/tag/v1.34.1 Bug: https://bugs.gentoo.org/923650 Signed-off-by: Rahil Bhimjiani <me@rahil.rocks> Closes: https://github.com/gentoo/gentoo/pull/35502 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/buildah/Manifest | 1 + app-containers/buildah/buildah-1.34.1.ebuild | 125 +++++++++++++++++++++++++++ app-containers/buildah/buildah-9999.ebuild | 2 +- 3 files changed, 127 insertions(+), 1 deletion(-) |