Hi Nilesh, hi Andreas, On Sun, Feb 20, 2022 at 02:37:12PM +0000, Debian FTP Masters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Format: 1.8 > Date: Sun, 20 Feb 2022 19:27:46 +0530 > Source: singularity-container > Architecture: source > Version: 3.9.5+ds1-1 > Distribution: experimental > Urgency: medium > Maintainer: Debian HPC Team <debian-...@lists.debian.org> > Changed-By: Nilesh Patra <nil...@debian.org> > Closes: 990201 > Changes: > singularity-container (3.9.5+ds1-1) experimental; urgency=medium > . > [ Andreas Tille ] > * Team upload. > * Version > 3.6.x are closing CVE-2021-33622 > Closes: #990201
Can you help isolate on that? https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622- refers the 3.6.x as beeing affected and so there is the statement that the issue is not going to be patched in those version: > This issue affects open-source Singularity 3.5.x and 3.6.x. These > versions are no longer supported and will not be patched. https://bugs.debian.org/990201#10 is as well relevant in the context. So where has this issue bin fixed? Regards, Salvatore
