Bug 923751

Summary:	<app-containers/podman-4.9.2 multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Rahil Bhimjiani <me>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	UNCONFIRMED ---
Severity:	normal	CC:	csfore, me
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=923650 https://github.com/gentoo/gentoo/pull/35159
Whiteboard:	B3 [glsa?]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	924288

Description Rahil Bhimjiani 2024-02-04 02:26:41 UTC

CVE-2024-23651 https://github.com/advisories/GHSA-m3r6-h7wv-7xxv, CVE-2024-23652 https://github.com/advisories/GHSA-4v98-7qmw-rqr8, and CVE-2024-23653 https://github.com/advisories/GHSA-wr6v-9f75-vh2g 

https://github.com/containers/podman/releases/tag/v4.9.2

Comment 1 Larry the Git Cow gentoo-dev

2024-02-08 03:17:24 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17fae8ae6b2f316d1fc277d298adc179535090b6

commit 17fae8ae6b2f316d1fc277d298adc179535090b6
Author:     Rahil Bhimjiani <me@rahil.rocks>
AuthorDate: 2024-02-03 01:02:03 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2024-02-08 03:17:17 +0000

    app-containers/podman: add 4.9.2
    
    This release addresses a number of Buildkit vulnerabilities including but not limited to: CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653.
    
    Bug: https://bugs.gentoo.org/923751
    Signed-off-by: Rahil Bhimjiani <me@rahil.rocks>
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-containers/podman/Manifest            |   1 +
 app-containers/podman/podman-4.9.2.ebuild | 136 ++++++++++++++++++++++++++++++
 2 files changed, 137 insertions(+)

Comment 2 Christopher Fore 2024-04-28 19:59:50 UTC

Bumping up to glsa? since the lowest version in tree is 4.9.4.