[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#990201: CVE-2021-33622 (was: Re: Accepted singularity-container 3.9.5+ds1-1 (source) into experimental)

Hi again as well,

On Tue, Feb 22, 2022 at 12:44:49AM +0530, Nilesh Patra wrote:
> Hi again,
> 
> On Mon, 21 Feb 2022 01:03:13 +0530 Nilesh Patra <nilesh@debian.org> wrote:
> > > So where has this issue bin fixed?
> > 
> > But yes, you are right, even at Mitre metadata, I do not find any information
> > about any patch for the bug; i.e. I do not see the "code" that fixes it, and hence
> > I too am skeptical whether or not it is really gone.
> > 
> > For the sake of completeness, I have opened a issue upstream[1]
> 
> Upstream confirmed that this issue no longer surfaces new versions, here[2]
> and here[3].
> So I guess, all good.
>  
> > [1]: https://github.com/sylabs/singularity/issues/586
> [2]: https://github.com/sylabs/singularity/issues/586#issuecomment-1046969527
> [3]: https://groups.google.com/g/singularity-ce/c/OSK5BIHSkbE/m/6dc0DEMiAgAJ

Thanks! Upstream IMHO is still not fully transparent on the
CVE-2021-33622 after reading your references. Thanks a lot for
researching, I have just updated the security-tracker information
about it.

Regards,
Salvatore
Reply to: