On 21/03/2025 18:05, Nicolas Peugnet wrote:
I pushed commit [b16d18a] to a branch as it is my first time fixing a
CVE, I am not sure exactly what else I need to do.
From what I understand of the release notes [1], this commit should be
enough to fix the CVE.
See also the diff for this release: https://github.com/docker/buildx/
compare/v0.21.2...v0.21.3
[b16d18a]: https://salsa.debian.org/go-team/packages/docker-buildx/-/
commit/b16d18af52c18d0a2d3499c7d0839d9da3a76f5b
[1]: https://github.com/docker/buildx/releases/tag/v0.21.3
After taking a look at "Fixing CVEs on Debian: Everything you probably
know already - DebConf24" [1], I made a few changes to my commit and
created a draft pull request:
https://salsa.debian.org/go-team/packages/docker-buildx/-/merge_requests/1
[1]: https://www.youtube.com/watch?v=XzNVVILVyUM
--
Nicolas Peugnet
