Your message dated Mon, 27 Dec 2021 17:03:54 +0000 with message-id <e1n1tpe-0009hb...@fasolo.debian.org> and subject line Bug#1000844: fixed in libpod 3.4.4+ds1-1 has caused the Debian Bug report #1000844, regarding libpod: CVE-2021-4024: podman machine spawns gvproxy with port binded to all IPs to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1000844: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000844 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libpod Version: 3.4.2+ds1-1 Severity: important Tags: security upstream Forwarded: https://github.com/containers/podman/pull/12283 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 3.4.1+ds1-2 Hi, The following vulnerability was published for libpod. CVE-2021-4024[0]: | podman machine spawns gvproxy with port binded to all IPs If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-4024 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4024 [1] https://github.com/containers/podman/pull/12283 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libpod Source-Version: 3.4.4+ds1-1 Done: Reinhard Tartler <siret...@tauware.de> We believe that the bug you reported is fixed in the latest version of libpod, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1000...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <siret...@tauware.de> (supplier of updated libpod package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 25 Dec 2021 19:48:14 -0500 Source: libpod Architecture: source Version: 3.4.4+ds1-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team <pkg-go-maintain...@lists.alioth.debian.org> Changed-By: Reinhard Tartler <siret...@tauware.de> Closes: 1000844 Changes: libpod (3.4.4+ds1-1) unstable; urgency=medium . * New upstream release Confirming that CVE-2021-4024 is fixed in 3.4.3, Closes: #1000844 Checksums-Sha1: 4609a81f525ed40a73e9f413579ef6c03b13e661 5157 libpod_3.4.4+ds1-1.dsc 241a480bdada64b2428ff84e5e29f9ebc30a82b2 1965884 libpod_3.4.4+ds1.orig.tar.xz e3803a0427b2b1dc54f7bfee3c9a512cd6c6d0e4 15480 libpod_3.4.4+ds1-1.debian.tar.xz Checksums-Sha256: 4f35d7e2d6929f59b9baf1b3c0509f28b49408dc86a80a74f7dc100076276c99 5157 libpod_3.4.4+ds1-1.dsc 66c4f9e4ffc8c63319e8b5f69eca33b13eee5af7b89124cf23659eb91e4f388e 1965884 libpod_3.4.4+ds1.orig.tar.xz 7d1c1c262ca9ddd789058d36cf4520e7e8300163ac2359f42012392eb97e49ba 15480 libpod_3.4.4+ds1-1.debian.tar.xz Files: 327d7d563a53ac7e8758e11db4a502f6 5157 admin optional libpod_3.4.4+ds1-1.dsc 617e006a7f3ef0909d2b4eacd7ec8278 1965884 admin optional libpod_3.4.4+ds1.orig.tar.xz 78e4b7fc95ec9987ceaa6a4d6f92d09e 15480 admin optional libpod_3.4.4+ds1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmHJ72AUHHNpcmV0YXJ0 QHRhdXdhcmUuZGUACgkQSadpd5QoJsvH7hAAvSb/LrCyMnC362BotcIjOCQhrSZa aECQvEXyZ2NDU27NwMujvBVSViv2Cm+dXz6j8O/XA3Yh/o+N+PJjTjzXnutoZ00c ynogXLQqZcpVJR3tp7WWbOU1i1QLLPLwMLYzDhVgj0z0kNYH7RLgFYvcJZi/EEY+ T2ADxwUCNYvfrsGGJfeqJ2+mQhbHTJxnvQeGpvonNUNeRW2joDYzpzmXYhzPFtBx CujC+IHIYyIrOaX0sK4StIQwIfrifCZjBzSD5kiLlrWU9fx5z/ySiXGBY93/qzmD FsPKbrFqrmuQrXpmo1pBJNjnSiUtx5hpDYc/qbOiGEcOvJUn6CxfHo9o44ojkuEK ATyhhahC/AFLNsyMyHWxL5+oHei8KtHSXeeeqUFgOzkqiR3nboYtBs46i6/SyjhV wqcTkY1QXXjBa1YEyo6AweMtgAZ+xm4jdenM9MAot6zg9w+JTKsK8Humf7oDOgjC tj3x6s7fckgibVh2x1q9l387WGodyCIgA2gwNENLFUFATr9P5omsdpW3JGFNZ8ti AppXzfjwdTsilGpnaQvgBhaYR+5Tdr8LTA/Hal1G+RZ94yCOg57IEoeQ6Av5zqoc NZK1+OFQlGW7Fk/eGdp3e89q6bqP/JfidUA9F1KuQbm2uOk0OOne17vW8FWcjzgI 8m4Qidx+ahCmVvk= =2D/a -----END PGP SIGNATURE-----
--- End Message ---
