Bug#990201: CVE-2021-33622 (was: Re: Accepted singularity-container 3.9.5+ds1-1 (source) into experimental)
Hi Nilesh, hi Andreas,
On Sun, Feb 20, 2022 at 02:37:12PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Sun, 20 Feb 2022 19:27:46 +0530
> Source: singularity-container
> Architecture: source
> Version: 3.9.5+ds1-1
> Distribution: experimental
> Urgency: medium
> Maintainer: Debian HPC Team <debian-hpc@lists.debian.org>
> Changed-By: Nilesh Patra <nilesh@debian.org>
> Closes: 990201
> Changes:
> singularity-container (3.9.5+ds1-1) experimental; urgency=medium
> .
> [ Andreas Tille ]
> * Team upload.
> * Version > 3.6.x are closing CVE-2021-33622
> Closes: #990201
Can you help isolate on that?
https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
refers the 3.6.x as beeing affected and so there is the statement that
the issue is not going to be patched in those version:
> This issue affects open-source Singularity 3.5.x and 3.6.x. These
> versions are no longer supported and will not be patched.
https://bugs.debian.org/990201#10 is as well relevant in the context.
So where has this issue bin fixed?
Regards,
Salvatore
Reply to: