[Git][security-tracker-team/security-tracker][master] two golang-github-containers-buildah issues fixed in sid

Wed, 16 Oct 2024 20:26:56 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fd4b5864 by Moritz Mühlenhoff at 2024-10-16T15:27:33+02:00
two golang-github-containers-buildah issues fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1442,7 +1442,7 @@ CVE-2024-9680 (An attacker was able to achieve code 
execution in the content pro
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-52/
 CVE-2024-9675 (A vulnerability was found in Buildah. Cache mounts do not 
properly val ...)
-       - golang-github-containers-buildah <unfixed> (bug #1084980)
+       - golang-github-containers-buildah 1.37.4+ds1-1 (bug #1084980)
        [bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
        [bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317458
@@ -3173,9 +3173,11 @@ CVE-2024-20385 (A vulnerability in the SSL/TLS 
implementation of Cisco Nexus Das
 CVE-2024-20365 (A vulnerability in the Redfish API of Cisco UCS B-Series, 
Cisco UCS Ma ...)
        NOT-FOR-US: Cisco
 CVE-2024-9407 (A vulnerability exists in the bind-propagation option of the 
Dockerfil ...)
-       - golang-github-containers-buildah <unfixed> (bug #1084980)
+       - golang-github-containers-buildah 1.37.4+ds1-1 (bug #1084980)
        [bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
        [bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
+       NOTE: https://github.com/advisories/GHSA-fhqq-8f65-5xfc
+       NOTE: 
https://github.com/containers/buildah/commit/e4e2ad5ca2088d7c388109394135ead7aaf1f4f4
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315887
 CVE-2024-9333 (Permissions bypass in M-Files Connector for Copilot before 
version 24. ...)
        NOT-FOR-US: M-Files



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd4b5864cc53464f21358ba731b61babde05eaf2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd4b5864cc53464f21358ba731b61babde05eaf2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to