Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8671af22 by Salvatore Bonaccorso at 2023-08-01T17:10:14+02:00 Update notes for CVE-2023-30549 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -12148,8 +12148,14 @@ CVE-2023-30551 (Rekor is an open source software supply chain transparency log. CVE-2023-30550 (MeterSphere is an open source continuous testing platform, covering fu ...) NOT-FOR-US: MeterSphere CVE-2023-30549 (Apptainer is an open source container platform for Linux. There is an ...) - - singularity-container <unfixed> (bug #1035026) + - singularity-container <unfixed> (bug #1035026; unimportant) NOTE: https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg + NOTE: Sylabs and Apptainer projects are in disagreement to track this issue and + NOTE: their handling with respect to unpatches filesystem vulnerabilities. Sylanbs + NOTE: will add a configuration option to disable all mounts of extfs file systems + NOTE: as well in a future singularity-container version, as similar done by the + NOTE: Apptainer project. + NOTE: Details in https://sylabs.io/2023/04/response-to-cve-2023-30549/ CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the gatsby framework which exposes ...) NOT-FOR-US: gatsby-plugin-sharp CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8671af22eda83143c6c33508a7ead2ff3c6aebaa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8671af22eda83143c6c33508a7ead2ff3c6aebaa You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits