Hi Salvatore, On Thu, 27 Apr 2023 22:06:36 +0200 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: singularity-container > Version: 3.11.0+ds1-1 > Severity: important > Tags: security upstream > The following vulnerability was published for singularity-container. > The issue originally reference for apptainer is affecting in same way > singularity. > > CVE-2023-30549[0]: > ...
I asked this upstream[1] and upstream thinks that this is actually an issue with the kernel filesystem itself, and this is not a singularity issue per se. They even have a blogpost about the same giving more details on the CVE. I suppose there's nothing I can do as a package maintainer to act upon the bug. I've also CC'ed David (upstream) to this mail, to keep them in the loop as well. What do you think? Note: If I do not hear from you in a week, I'll close this bug report. [1]: https://github.com/sylabs/singularity/discussions/1969 [2]: https://sylabs.io/2023/04/response-to-cve-2023-30549/ Best, Nilesh
signature.asc
Description: PGP signature
