Bug#1027258: bullseye-pu: package golang-github-containers-psgo/1.5.2-2~deb11u1
Control: tags -1 + moreinfo
On Wed, 2022-12-28 at 22:40 -0500, Reinhard Tartler wrote:
> Backport for CVE-2022-1227, taken from
> https://github.com/containers/psgo/pull/92
>
> This prevents an exploit when running 'podman top'
>
Apologies for the delay in getting back to you regarding this.
+golang-github-containers-psgo (1.5.2-2~deb11u1) bullseye; urgency=medium
Given that there's never been more than one upload of 1.5.2 so far as I
can see, that should be 1.5.2-1+deb11u1.
+ * CVE-2022-1227: do not join the process user namespace
[...]
Build-Depends-Indep:
golang-any,
+ golang-github-containers-storage-dev (>= 1.24.8+dfsg1-2~deb11u1),
Similarly I'd expect this to be 1.24.8+dfsg1-1+deb11u1, as I can only
see one upload of 1.24.8+dfsg1 ever having been made to Debian.
Regards,
Adam
Reply to: