[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#990201: CVE-2021-33622 (was: Re: Accepted singularity-container 3.9.5+ds1-1 (source) into experimental)

Hi Nilesh, hi Andreas,

On Sun, Feb 20, 2022 at 02:37:12PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Format: 1.8
> Date: Sun, 20 Feb 2022 19:27:46 +0530
> Source: singularity-container
> Architecture: source
> Version: 3.9.5+ds1-1
> Distribution: experimental
> Urgency: medium
> Maintainer: Debian HPC Team <debian-hpc@lists.debian.org>
> Changed-By: Nilesh Patra <nilesh@debian.org>
> Closes: 990201
> Changes:
>  singularity-container (3.9.5+ds1-1) experimental; urgency=medium
>  .
>    [ Andreas Tille ]
>    * Team upload.
>    * Version > 3.6.x are closing CVE-2021-33622
>      Closes: #990201

Can you help isolate on that?
https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
refers the 3.6.x as beeing affected and so there is the statement that
the issue is not going to be patched in those version:

> This issue affects open-source Singularity 3.5.x and 3.6.x. These
> versions are no longer supported and will not be patched.

https://bugs.debian.org/990201#10 is as well relevant in the context.

So where has this issue bin fixed?

Regards,
Salvatore
Reply to: