[Bug 1971034] Re: Several security issues in libpod 3.4.x
The usual approach in Ubuntu is to fix specific bugs in packages rather than perform wholesale version updates: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions You can see that a 4.x version is currently in Debian experimental: https://packages.qa.debian.org/libp/libpod.html When the maintainers are happy with it, it'll be moved to Debian unstable, at which point it will be ingested to Ubuntu's development release. I can't give you a precise date. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971034 Title: Several security issues in libpod 3.4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971034] Re: Several security issues in libpod 3.4.x
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: libpod (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971034 Title: Several security issues in libpod 3.4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971034] Re: Several security issues in libpod 3.4.x
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: libpod (Ubuntu Jammy) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971034 Title: Several security issues in libpod 3.4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971034] Re: Several security issues in libpod 3.4.x
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: libpod (Ubuntu Impish) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971034 Title: Several security issues in libpod 3.4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971034] Re: Several security issues in libpod 3.4.x
Is it possible to know if we will have a 4.x version available anytime soon?? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971034 Title: Several security issues in libpod 3.4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971034] Re: Several security issues in libpod 3.4.x
Hi, This is not the scope of this bug, but will podman be upgraded and follow upstream releases regularly in Ubuntu 22.04, or it will stay at version 3.4.x during the whole lifetime of jammy ? Indeed this kind of package is still in fast pace mode, and even Red Hat is upgrading it its stable RHEL distos (RHEL 8/9 just moved to 4.0.2 in the last few weeks, and 4.1.x exists already upstream). Cheers, Romain -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971034 Title: Several security issues in libpod 3.4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971034] Re: Several security issues in libpod 3.4.x
Which "latest binaries from github" ? Upstream only releases source code. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971034 Title: Several security issues in libpod 3.4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971034] Re: Several security issues in libpod 3.4.x
I wonder if it really makes sense to keep podman in the Ubuntu repositories, at least if it's going to stay in universe? It's the sort of software that people who use it are going rely on being secure and up-to-date, and so far at least it has been quite a fast-moving target. I'm not normally a big fan of static binaries, but in this instance an 'installer' package which just grabs the latest binaries from github and keeps them up-to-date might make more sense. Alternatively, I wonder whether a snap could be generated? I'm not a fan of the format myself, but I manage to use podman nested with a systemd- nspawn container here, so it seems conceivable that it might also be made to work in a privileged snap (with the assumption that podman itself will protect the host system from the containers it runs.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971034 Title: Several security issues in libpod 3.4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971034] Re: Several security issues in libpod 3.4.x
@mdeslaur the issue is not addressed with a simple debdiff, several packages need to be updated in the right order. I've done all this work in debian testing, and all those packages could be synced over. I'm asking for help with coordinating these uploads. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971034 Title: Several security issues in libpod 3.4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971034] Re: Several security issues in libpod 3.4.x
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1227 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-27191 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-27649 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971034 Title: Several security issues in libpod 3.4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
