Bug#990201: marked as done (singularity-container: CVE-2021-33622)
Your message dated Sun, 20 Feb 2022 14:37:12 +0000
with message-id <E1nLnKq-0007vB-Oe@fasolo.debian.org>
and subject line Bug#990201: fixed in singularity-container 3.9.5+ds1-1
has caused the Debian Bug report #990201,
regarding singularity-container: CVE-2021-33622
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
990201: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990201
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: singularity-container: CVE-2021-33622
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 22 Jun 2021 19:27:31 +0200
- Message-id: <162438285127.2542698.9089117666708982053.reportbug@eldamar.lan>
Source: singularity-container
Version: 3.5.2+ds1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for singularity-container.
CVE-2021-33622[0]:
| Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8,
| has an Incorrect Check of a Function's Return Value.
Note that this differs from CVE-2021-32635.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-33622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33622
[1] https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: singularity-container
Source-Version: 3.9.5+ds1-1
Done: Nilesh Patra <nilesh@debian.org>
We believe that the bug you reported is fixed in the latest version of
singularity-container, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 990201@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nilesh Patra <nilesh@debian.org> (supplier of updated singularity-container package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 20 Feb 2022 19:27:46 +0530
Source: singularity-container
Architecture: source
Version: 3.9.5+ds1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian HPC Team <debian-hpc@lists.debian.org>
Changed-By: Nilesh Patra <nilesh@debian.org>
Closes: 990201
Changes:
singularity-container (3.9.5+ds1-1) experimental; urgency=medium
.
[ Andreas Tille ]
* Team upload.
* Version > 3.6.x are closing CVE-2021-33622
Closes: #990201
* Add debian/README.source with my findings about issues when trying
to replace vendored code copies
* Remove superfluous file patterns from d/copyright
* Remove unneeded patches
* Cleanup list of Files-Excluded
* Drop Afif Elghraoui from Uploaders (thank you for your work Afif)
.
[ Nilesh Patra ]
* d/copyright: Exclude more vendor copies
* New upstream version 3.9.5+ds1
* d/control: Add/update B-D for dropped vendor copies
* Adapt patch to newer release
* Drop d/README.source
Checksums-Sha1:
7b1323b6a5f76a4cee1d5f26d88c7e509d55c266 4343 singularity-container_3.9.5+ds1-1.dsc
7cc7e465d90446cbd7cbe8eb32961253cb5b3fce 5717004 singularity-container_3.9.5+ds1.orig.tar.xz
fee90611e5b3d788276215e39290fe41f45faf8e 19512 singularity-container_3.9.5+ds1-1.debian.tar.xz
5ee0961e14ab231ea3ccaa44dd244010efae327f 24362 singularity-container_3.9.5+ds1-1_amd64.buildinfo
Checksums-Sha256:
1390c2126df9008620037d6e0fd567ff828646a0dfdce6531e09a29ba78e9f20 4343 singularity-container_3.9.5+ds1-1.dsc
929e38200b3d26d8f46200b9b8f57e91409fd07e26cb81ce5c27a41c4383e137 5717004 singularity-container_3.9.5+ds1.orig.tar.xz
d7cb55a4effed3ce0d97248e32b52b42d48435d58932d77ac2d325c27018893a 19512 singularity-container_3.9.5+ds1-1.debian.tar.xz
7a821cc16e161c6d94d0fe21e1a8b62434f525e86057d6ace27f8a15d5f48904 24362 singularity-container_3.9.5+ds1-1_amd64.buildinfo
Files:
ee4cb7986eb99b4242e4c64a5bcfc710 4343 admin optional singularity-container_3.9.5+ds1-1.dsc
cd85c34e85a373d373db8b2242cd4847 5717004 admin optional singularity-container_3.9.5+ds1.orig.tar.xz
471aa86b62b83e74df4539c2c6436f9d 19512 admin optional singularity-container_3.9.5+ds1-1.debian.tar.xz
34f742a59371fb287d4834cc6ecc8f00 24362 admin optional singularity-container_3.9.5+ds1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEPpmlJvXcwMu/HO6mALrnSzQzafEFAmISSzkSHG5pbGVzaEBk
ZWJpYW4ub3JnAAoJEAC650s0M2nxU1sQAKQdRD+FKfOe2GWNipI8KygUEGmPRWeR
rSW9s6N5GZTEUaj3GX0lzmSOTZH1AKCTkZ3RzVn4QcHAwUbX2feFDnEJOSFy4ip4
qrk7XBrc7//KeVHXEj082sDps59lZ3I2y4EoIbPUM+R4pc8xGKiJ02KWufhF9YuZ
fZ7WqPLieJyrXOzisFpbB5kUdTU8XHYXGruhNJEOLd5kBVfk4I23424Q5Axfy+YC
tqtsk7oILk7H+OzQBtTyayL5yPDdDOvr37T5sxV/zaQkzfu12wxtBhQqxIb97CHp
hZR8mmu35GnglJKUGcquF1sM7O/or+dwwj5IqiOgmvQwducsxsYtX03K4FnYJEk6
F/6xO1lgPKG+nrnypgcoIX+DxovyFJ8K51oZwpaGedVrn3IRVvecm6nbnfsiNEbb
LU4wBtBSXzwu2wSyk65aBIvfqcN1YcHyDtT6Y+ttpBdnXjoe8WVhvp2cDwnEDrVK
36U/5s82sKvhBPV39Po8n/LFSbDKUCU8Is6qmu0Tm/dhUhWfJGCHgtiqVfnmIrac
f8bv2/7HY30JntsIFCGQukA+L1ZF8w3BZBZXxAsR+oLMz27VBAavdMMKPfrkIgxZ
g3FtYshLShgToKc1UjLf3yGl53IVE8N4msOOoM4tXm81Qeu1hkXJCWRkR+5SuVgZ
l5qd9LK6VoBI
=wdLX
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: