On 4/1/23 3:51 PM, Adam D. Barratt wrote:
Control: tags -1 + moreinfo
Apologies for the delay in getting back to you on this.
On Wed, 2022-12-28 at 22:26 -0500, Reinhard Tartler wrote:
In order to fix CVE-2022-1227, an update to golang-github-containers-
psgo
is needed, more specifically,
https://github.com/containers/psgo/pull/92
That patch introduces a dependency on golang-github-containers-
storage, and uses
the helper functions RawTo{Container,Host} which are introduced with
this patch.
[...]
The code changes adds a helper function that isn't used otherwise
yet.
Looking at the diff, it appears that what it actually does is rename
two existing helper functions, with no functional change to either. Am
I missing something?
You are correct. The patch renames the helper functions to an Uppercase
spelling.
This exposes the function to other packages, which is being used in the patch
to fix CVE-2022-1227.
I would recommend approving this code change.
+golang-github-containers-storage (1.24.8+dfsg1-2~deb11u1) bullseye;
urgency=medium
Given what I can see of the package's upload history, the version
should rather be 1.24.8+dfsg1-1+deb11u1.
Will do!
-rt
