Hi again as well, On Tue, Feb 22, 2022 at 12:44:49AM +0530, Nilesh Patra wrote: > Hi again, > > On Mon, 21 Feb 2022 01:03:13 +0530 Nilesh Patra <nil...@debian.org> wrote: > > > So where has this issue bin fixed? > > > > But yes, you are right, even at Mitre metadata, I do not find any > > information > > about any patch for the bug; i.e. I do not see the "code" that fixes it, > > and hence > > I too am skeptical whether or not it is really gone. > > > > For the sake of completeness, I have opened a issue upstream[1] > > Upstream confirmed that this issue no longer surfaces new versions, here[2] > and here[3]. > So I guess, all good. > > > [1]: https://github.com/sylabs/singularity/issues/586 > [2]: https://github.com/sylabs/singularity/issues/586#issuecomment-1046969527 > [3]: https://groups.google.com/g/singularity-ce/c/OSK5BIHSkbE/m/6dc0DEMiAgAJ
Thanks! Upstream IMHO is still not fully transparent on the CVE-2021-33622 after reading your references. Thanks a lot for researching, I have just updated the security-tracker information about it. Regards, Salvatore
