Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 923650 - <app-containers/buildah-1.33.5 multiple vulnerabilities
Summary: <app-containers/buildah-1.33.5 multiple vulnerabilities
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Keywords: PullRequest
Depends on: 924456
Blocks: CVE-2024-23651, CVE-2024-23652, CVE-2024-23653
  Show dependency tree
Reported: 2024-02-03 01:49 UTC by Rahil Bhimjiani
Modified: 2024-05-11 08:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-02-03 13:39:22 UTC
We only put fixed versions in the summary (so we update it to the first fixed versions in tree once stuff is merged).

Could you also split this into podman vs buildah (file a new bug for one of them)? Thanks.
Comment 2 Larry the Git Cow gentoo-dev 2024-02-08 03:17:23 UTC
The bug has been referenced in the following commit(s):

commit fe94090c6c36be4cf9ea7f989ee41e908b8019a2
Author:     Rahil Bhimjiani <>
AuthorDate: 2024-02-03 00:57:28 +0000
Commit:     Zac Medico <>
CommitDate: 2024-02-08 03:17:17 +0000

    app-containers/buildah: add 1.33.5
    This release addresses a number of Buildkit vulnerabilities including but not limited to: CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653.
    Signed-off-by: Rahil Bhimjiani <>
    Signed-off-by: Zac Medico <>

 app-containers/buildah/Manifest              |   1 +
 app-containers/buildah/buildah-1.33.5.ebuild | 125 +++++++++++++++++++++++++++
 2 files changed, 126 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2024-03-07 01:08:13 UTC
The bug has been referenced in the following commit(s):

commit bac2d4fb3007aa999ed3ae25c276a79ee19c66f8
Author:     Rahil Bhimjiani <>
AuthorDate: 2024-02-23 07:33:29 +0000
Commit:     Zac Medico <>
CommitDate: 2024-03-07 01:01:26 +0000

    app-containers/buildah: add 1.34.1
    security fixes and some more features
    Signed-off-by: Rahil Bhimjiani <>
    Signed-off-by: Zac Medico <>

 app-containers/buildah/Manifest              |   1 +
 app-containers/buildah/buildah-1.34.1.ebuild | 125 +++++++++++++++++++++++++++
 app-containers/buildah/buildah-9999.ebuild   |   2 +-
 3 files changed, 127 insertions(+), 1 deletion(-)