Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package conftest for openSUSE:Factory checked in at 2026-04-01 19:51:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/conftest (Old) and /work/SRC/openSUSE:Factory/.conftest.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "conftest" Wed Apr 1 19:51:40 2026 rev:36 rq:1343961 version:0.67.1 Changes: -------- --- /work/SRC/openSUSE:Factory/conftest/conftest.changes 2026-03-24 18:50:47.643222070 +0100 +++ /work/SRC/openSUSE:Factory/.conftest.new.21863/conftest.changes 2026-04-01 19:52:52.390724446 +0200 @@ -1,0 +2,6 @@ +Tue Mar 31 10:40:14 UTC 2026 - Robert Munteanu <[email protected]> + +- CVE-2026-33747: Malicious frontend can cause file escape outside of storage root + use github.com/moby/buildkit 0.28.1 for vendor.tar.gz (boo#1260970) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _service ++++++ --- /var/tmp/diff_new_pack.IS6D9j/_old 2026-04-01 19:52:53.450768476 +0200 +++ /var/tmp/diff_new_pack.IS6D9j/_new 2026-04-01 19:52:53.462768975 +0200 @@ -14,6 +14,9 @@ <param name="file">conftest-*.tar</param> <param name="compression">gz</param> </service> - <service name="go_modules" mode="manual"/> + <service name="go_modules" mode="manual"> + <!-- CVE-2026-33747, remove once https://github.com/open-policy-agent/conftest/pull/1300 is merged --> + <param name="replace">github.com/moby/buildkit=github.com/moby/[email protected]</param> + </service> </services> ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/conftest/vendor.tar.gz /work/SRC/openSUSE:Factory/.conftest.new.21863/vendor.tar.gz differ: char 13, line 1
