Bug 923751

Summary:	<app-containers/podman-4.9.2 multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Rahil Bhimjiani <me>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	csfore, me
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=923650 https://github.com/gentoo/gentoo/pull/35159
Whiteboard:	B3 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	924288

Description Rahil Bhimjiani 2024-02-04 02:26:41 UTC

CVE-2024-23651 https://github.com/advisories/GHSA-m3r6-h7wv-7xxv, CVE-2024-23652 https://github.com/advisories/GHSA-4v98-7qmw-rqr8, and CVE-2024-23653 https://github.com/advisories/GHSA-wr6v-9f75-vh2g 

https://github.com/containers/podman/releases/tag/v4.9.2

Comment 1 Larry the Git Cow gentoo-dev

2024-02-08 03:17:24 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17fae8ae6b2f316d1fc277d298adc179535090b6

commit 17fae8ae6b2f316d1fc277d298adc179535090b6
Author:     Rahil Bhimjiani <me@rahil.rocks>
AuthorDate: 2024-02-03 01:02:03 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2024-02-08 03:17:17 +0000

    app-containers/podman: add 4.9.2
    
    This release addresses a number of Buildkit vulnerabilities including but not limited to: CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653.
    
    Bug: https://bugs.gentoo.org/923751
    Signed-off-by: Rahil Bhimjiani <me@rahil.rocks>
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-containers/podman/Manifest            |   1 +
 app-containers/podman/podman-4.9.2.ebuild | 136 ++++++++++++++++++++++++++++++
 2 files changed, 137 insertions(+)

Comment 2 Christopher Fore 2024-04-28 19:59:50 UTC

Bumping up to glsa? since the lowest version in tree is 4.9.4.

Comment 3 Larry the Git Cow gentoo-dev

2024-07-05 07:06:09 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3671dbb8919b2952a3de8b9a51e7573f2b16d234

commit 3671dbb8919b2952a3de8b9a51e7573f2b16d234
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-07-05 07:05:25 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-07-05 07:06:00 +0000

    [ GLSA 202407-12 ] podman: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/829896
    Bug: https://bugs.gentoo.org/870931
    Bug: https://bugs.gentoo.org/896372
    Bug: https://bugs.gentoo.org/921290
    Bug: https://bugs.gentoo.org/923751
    Bug: https://bugs.gentoo.org/927500
    Bug: https://bugs.gentoo.org/927501
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202407-12.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)