Control: tags -1 + moreinfo On Wed, 2022-12-28 at 22:40 -0500, Reinhard Tartler wrote: > Backport for CVE-2022-1227, taken from > https://github.com/containers/psgo/pull/92 > > This prevents an exploit when running 'podman top' >
Apologies for the delay in getting back to you regarding this. +golang-github-containers-psgo (1.5.2-2~deb11u1) bullseye; urgency=medium Given that there's never been more than one upload of 1.5.2 so far as I can see, that should be 1.5.2-1+deb11u1. + * CVE-2022-1227: do not join the process user namespace [...] Build-Depends-Indep: golang-any, + golang-github-containers-storage-dev (>= 1.24.8+dfsg1-2~deb11u1), Similarly I'd expect this to be 1.24.8+dfsg1-1+deb11u1, as I can only see one upload of 1.24.8+dfsg1 ever having been made to Debian. Regards, Adam