Argh, my bad, I'll upload a new version later today Thanks for spotting
-rt On April 7, 2023 4:41:41 AM EST, "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: >On Thu, 2023-04-06 at 19:46 -0400, Reinhard Tartler wrote: >> This code change picks up code changes in golang-github-containers- >> psgo >> and golang-github-containers-storage to fix CVE-2022-1227. This is >> reported >> as 1020907. This addresses a priviledge escalation issue when using >> 'podman top'. Upstream has more information in this issue in >> https://bugzilla.redhat.com/show_bug.cgi?id=2070368 >> > >I see this has already been uploaded; unfortunately: > >- ,golang-github-containers-psgo-dev >- ,golang-github-containers-storage-dev (>= 1.24.6) >+ ,golang-github-containers-psgo-dev (>= 1.5.2-1+deb11u1) >+ ,golang-github-containers-storage-dev (>= 1.24.6+dfsg1-1+deb11u1) > >The updated golang-github-containers-storage-dev version there isn't >actually sufficient to ensure that the fixed version is picked up - you >want 1.24.*8*+dfsg1-1+deb11u1. > >At this point, either I can reject the current upload, and you can then >re-upload a fixed +deb11u1 or (possibly easier all around) you can >upload +deb11u2 as an incremental change on top of +deb11u1 which >simply fixes the dependency version. > >Regards, > >Adam > > -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
