Bug#1027257: bullseye-pu: package golang-github-containers-storage/1.24.8+dfsg1-2~deb11u1

[Reinhard Tartler <siretart@debian.org>]

On 4/1/23 3:51 PM, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> Apologies for the delay in getting back to you on this.
>
> On Wed, 2022-12-28 at 22:26 -0500, Reinhard Tartler wrote:
> > In order to fix CVE-2022-1227, an update to golang-github-containers-
> > psgo
> > is needed, more specifically,
> > https://github.com/containers/psgo/pull/92
> >
> > That patch introduces a dependency on golang-github-containers-
> > storage, and uses
> > the helper functions RawTo{Container,Host} which are introduced with
> > this patch.
> [...]
> > The code changes adds a helper function that isn't used otherwise
> > yet.
>
> Looking at the diff, it appears that what it actually does is rename
> two existing helper functions, with no functional change to either. Am
> I missing something?

You are correct. The patch renames the helper functions to an Uppercase spelling.
This exposes the function to other packages, which is being used in the patch
to fix CVE-2022-1227.

I would recommend approving this code change.

> > +golang-github-containers-storage (1.24.8+dfsg1-2~deb11u1) bullseye;
> > urgency=medium
> Given what I can see of the package's upload history, the version
> should rather be 1.24.8+dfsg1-1+deb11u1.

Will do!
-rt