Bug#1034039: bullseye-pu: package libpod/3.0.1+dfsg1-3+deb11u1

[Reinhard Tartler <siretart@tauware.de>]

Argh, my bad, I'll upload a new version later today

Thanks for spotting

-rt

On April 7, 2023 4:41:41 AM EST, "Adam D. Barratt" <adam@adam-barratt.org.uk> wrote:
>On Thu, 2023-04-06 at 19:46 -0400, Reinhard Tartler wrote:
>> This code change picks up code changes in golang-github-containers-
>> psgo
>> and golang-github-containers-storage to fix CVE-2022-1227. This is
>> reported
>> as 1020907. This addresses a priviledge escalation issue when using
>> 'podman top'. Upstream has more information in this issue in
>> https://bugzilla.redhat.com/show_bug.cgi?id=2070368
>> 
>
>I see this has already been uploaded; unfortunately:
>
>-    ,golang-github-containers-psgo-dev
>-    ,golang-github-containers-storage-dev (>= 1.24.6)
>+    ,golang-github-containers-psgo-dev (>= 1.5.2-1+deb11u1)
>+    ,golang-github-containers-storage-dev (>= 1.24.6+dfsg1-1+deb11u1)
>
>The updated golang-github-containers-storage-dev version there isn't
>actually sufficient to ensure that the fixed version is picked up - you
>want 1.24.*8*+dfsg1-1+deb11u1.
>
>At this point, either I can reject the current upload, and you can then
>re-upload a fixed +deb11u1 or (possibly easier all around) you can
>upload +deb11u2 as an incremental change on top of +deb11u1 which
>simply fixes the dependency version.
>
>Regards,
>
>Adam
>
>

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.