From: Peter Marko <[email protected]> NVD shows only redhat links and does not mention fixed-in release se these CVEs will show-up in reports indefinitely. They are already fixed in current version, so ignore them.
CVE-2022-2989 * https://github.com/advisories/GHSA-4wjj-jwc9-2x96 * https://github.com/containers/podman/pull/15618 * commit d82a41687e614d9ac8b2d169dee47fe226835e4c Add container GID to additional groups CVE-2023-0778 * https://github.com/advisories/GHSA-qwqv-rqgf-8qh8 * https://github.com/containers/podman/pull/17528 * commit 6ca857feb07a5fdc96fd947afef03916291673d8 volume,container: chroot to source before exporting content Signed-off-by: Peter Marko <[email protected]> --- recipes-containers/podman/podman_git.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb index 145b46f..9060e85 100644 --- a/recipes-containers/podman/podman_git.bb +++ b/recipes-containers/podman/podman_git.bb @@ -34,6 +34,9 @@ S = "${WORKDIR}/git" PV = "4.6.0-rc1+git${SRCPV}" +CVE_STATUS[CVE-2022-2989] = "fixed-version: fixed since v4.3.0" +CVE_STATUS[CVE-2023-0778] = "fixed-version: fixed since v4.5.0" + PACKAGES =+ "${PN}-contrib" PODMAN_PKG = "github.com/containers/libpod" -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8150): https://lists.yoctoproject.org/g/meta-virtualization/message/8150 Mute This Topic: https://lists.yoctoproject.org/mt/100434748/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
