Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2021-06-01 10:35:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "singularity" Tue Jun 1 10:35:24 2021 rev:25 rq:895298 version:3.7.3 Changes: -------- --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2021-03-12 13:33:55.186376333 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new.1898/singularity.changes 2021-06-01 10:35:58.272660786 +0200 @@ -1,0 +2,9 @@ +Wed May 19 18:52:51 UTC 2021 - Ferdinand Thiessen <r...@fthiessen.de> + +- Update to version 3.7.3 + Fix for CVE-2021-29136: + A dependency used to extract docker/OCI image layers can be + tricked into modifying host files by creating a malicious layer + that has a symlink with the name "." (or "/"), when running as root. + +------------------------------------------------------------------- Old: ---- singularity-3.7.2.tar.gz New: ---- singularity-3.7.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ singularity.spec ++++++ --- /var/tmp/diff_new_pack.SW8gvy/_old 2021-06-01 10:35:58.728661564 +0200 +++ /var/tmp/diff_new_pack.SW8gvy/_new 2021-06-01 10:35:58.732661570 +0200 @@ -23,7 +23,7 @@ License: BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version: 3.7.2 +Version: 3.7.3 Release: 0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL: https://github.com/hpcng/singularity ++++++ singularity-3.7.2.tar.gz -> singularity-3.7.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/singularity/singularity-3.7.2.tar.gz /work/SRC/openSUSE:Factory/.singularity.new.1898/singularity-3.7.3.tar.gz differ: char 12, line 1
