https://github.com/containers/podman/releases/tag/v4.8.3
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b4ac5adf3edb686d0b225dccb76de376835ad29 commit 6b4ac5adf3edb686d0b225dccb76de376835ad29 Author: Rahil Bhimjiani <me@rahil.rocks> AuthorDate: 2024-01-03 14:28:50 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-01-03 18:19:41 +0000 app-containers/podman: drop 4.5.x Signed-off-by: Rahil Bhimjiani <me@rahil.rocks> Bug: https://bugs.gentoo.org/921290 Closes: https://github.com/gentoo/gentoo/pull/34617 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/podman/Manifest | 1 - app-containers/podman/podman-4.5.0-r1.ebuild | 149 ----------------------- app-containers/podman/podman-4.5.0.ebuild | 172 --------------------------- 3 files changed, 322 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dbfe243252380a5c8cf873578f543042d0ef6ae4 commit dbfe243252380a5c8cf873578f543042d0ef6ae4 Author: Rahil Bhimjiani <me@rahil.rocks> AuthorDate: 2024-01-03 14:20:39 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-01-03 18:19:40 +0000 app-containers/podman: add 4.8.3 Security * Fixed GHSA-45x7-px36-x8w8 (https://github.com/advisories/GHSA-45x7-px36-x8w8) : CVE-2023-48795 by vendoring golang.org/x/crypto v0.17.0. Signed-off-by: Rahil Bhimjiani <me@rahil.rocks> Bug: https://bugs.gentoo.org/921290 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/podman/Manifest | 1 + app-containers/podman/podman-4.8.3.ebuild | 136 ++++++++++++++++++++++++++++++ 2 files changed, 137 insertions(+)
oops. Apologies from my side. I did Resolved->Fixed and then read the note ""Note: Please do not mark this bug as resolved after bumping or stabilizing. The Security Team will take care of that. Thanks." Hope it's all fine.
(In reply to Rahil Bhimjiani from comment #2) > oops. Apologies from my side. I did Resolved->Fixed and then read the note > ""Note: Please do not mark this bug as resolved after bumping or > stabilizing. The Security Team will take care of that. Thanks." I've reopened the bug. There is still more work for the maintainers as they need to clean up vulnerable versions. We also need to consider issuing a GLSA. Updated the whiteboard accordingly.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cb46c43c3629b8b167c311e860cbc9c607d7e23 commit 0cb46c43c3629b8b167c311e860cbc9c607d7e23 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2024-01-08 08:12:57 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-01-08 08:13:46 +0000 app-containers/podman: drop 4.7.2, 4.8.1, 4.8.2 Bug: https://bugs.gentoo.org/921290 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/podman/Manifest | 3 - app-containers/podman/podman-4.7.2.ebuild | 135 ----------------------------- app-containers/podman/podman-4.8.1.ebuild | 136 ------------------------------ app-containers/podman/podman-4.8.2.ebuild | 136 ------------------------------ 4 files changed, 410 deletions(-)
Thank you for reporting!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3671dbb8919b2952a3de8b9a51e7573f2b16d234 commit 3671dbb8919b2952a3de8b9a51e7573f2b16d234 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-05 07:05:25 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-05 07:06:00 +0000 [ GLSA 202407-12 ] podman: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/829896 Bug: https://bugs.gentoo.org/870931 Bug: https://bugs.gentoo.org/896372 Bug: https://bugs.gentoo.org/921290 Bug: https://bugs.gentoo.org/923751 Bug: https://bugs.gentoo.org/927500 Bug: https://bugs.gentoo.org/927501 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-12.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+)