Bug#1027257: bullseye-pu: package golang-github-containers-storage/1.24.8+dfsg1-2~deb11u1
On Sat, 2023-04-01 at 19:04 -0400, Reinhard Tartler wrote:
>
> On 4/1/23 3:51 PM, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> >
> > Apologies for the delay in getting back to you on this.
> >
> > On Wed, 2022-12-28 at 22:26 -0500, Reinhard Tartler wrote:
> > > In order to fix CVE-2022-1227, an update to golang-github-
> > > containers-
> > > psgo
> > > is needed, more specifically,
> > > https://github.com/containers/psgo/pull/92
> > >
> > > That patch introduces a dependency on golang-github-containers-
> > > storage, and uses
> > > the helper functions RawTo{Container,Host} which are introduced
> > > with
> > > this patch.
> > >
> > [...]
> > > The code changes adds a helper function that isn't used otherwise
> > > yet.
> >
> > Looking at the diff, it appears that what it actually does is
> > rename
> > two existing helper functions, with no functional change to either.
> > Am
> > I missing something?
>
> You are correct. The patch renames the helper functions to an
> Uppercase spelling.
> This exposes the function to other packages, which is being used in
> the patch
> to fix CVE-2022-1227.
>
Indeed. I write little enough Go these days that I forget about its
visibility rules.
Regards,
Adam
Reply to: