[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2023-30549

Salvatore Bonaccorso (@carnil) Tue, 01 Aug 2023 08:10:57 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8671af22 by Salvatore Bonaccorso at 2023-08-01T17:10:14+02:00
Update notes for CVE-2023-30549

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12148,8 +12148,14 @@ CVE-2023-30551 (Rekor is an open source software 
supply chain transparency log.
 CVE-2023-30550 (MeterSphere is an open source continuous testing platform, 
covering fu ...)
        NOT-FOR-US: MeterSphere
 CVE-2023-30549 (Apptainer is an open source container platform for Linux. 
There is an  ...)
-       - singularity-container <unfixed> (bug #1035026)
+       - singularity-container <unfixed> (bug #1035026; unimportant)
        NOTE: 
https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg
+       NOTE: Sylabs and Apptainer projects are in disagreement to track this 
issue and
+       NOTE: their handling with respect to unpatches filesystem 
vulnerabilities. Sylanbs
+       NOTE: will add a configuration option to disable all mounts of extfs 
file systems
+       NOTE: as well in a future singularity-container version, as similar 
done by the
+       NOTE: Apptainer project.
+       NOTE: Details in https://sylabs.io/2023/04/response-to-cve-2023-30549/
 CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the gatsby framework which 
exposes ...)
        NOT-FOR-US: gatsby-plugin-sharp
 CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted 
Node's b ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8671af22eda83143c6c33508a7ead2ff3c6aebaa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8671af22eda83143c6c33508a7ead2ff3c6aebaa
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2023-30549

Reply via email to