commit podman for openSUSE:Factory

Wed, 12 Oct 2022 09:25:31 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package podman for openSUSE:Factory checked 
in at 2022-10-12 18:24:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/podman (Old)
 and      /work/SRC/openSUSE:Factory/.podman.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "podman"

Wed Oct 12 18:24:01 2022 rev:100 rq:1009351 version:4.2.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/podman/podman.changes    2022-10-01 
17:42:55.349644601 +0200
+++ /work/SRC/openSUSE:Factory/.podman.new.2275/podman.changes  2022-10-12 
18:25:21.701764933 +0200
@@ -193 +193 @@
-    - Updated Buildah to v1.27.0
+    - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)
@@ -195 +195 @@
-    - Updated the containers/storage library to v1.42.0
+    - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)
@@ -236,0 +237 @@
+  * Fix CVE-2022-27191 / bsc#1197284
@@ -468 +469 @@
-  * vendor c/psgo@v1.7.2
+  * vendor c/psgo@v1.7.2 (fixes CVE-2022-1227 / bsc#1182428)
@@ -1214,2 +1215,2 @@
-    - This release addresses CVE-2021-4024, where the podman machine command 
opened the gvproxy API (used to forward ports to podman machine VMs) to the 
public internet on port 7777.
-    - This release addresses CVE-2021-41190, where incomplete specification of 
behavior regarding image manifests could lead to inconsistent decoding on 
different clients.
+    - This release addresses CVE-2021-4024 / bsc#1193166, where the podman 
machine command opened the gvproxy API (used to forward ports to podman machine 
VMs) to the public internet on port 7777.
+    - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete 
specification of behavior regarding image manifests could lead to inconsistent 
decoding on different clients.
@@ -2131 +2132 @@
-    - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 
used 127.0.0.1 as the source address for all traffic forwarded into rootless 
containers by a forwarded port; this has been changed to address the issue.
+    - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between 
v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic 
forwarded into rootless containers by a forwarded port; this has been changed 
to address the issue.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------

Reply via email to