Your message dated Tue, 08 Jul 2025 07:52:06 +0000
with message-id <[email protected]>
and subject line Bug#1108473: fixed in podman 5.4.2+ds1-2
has caused the Debian Bug report #1108473,
regarding podman: CVE-2025-6032
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1108473: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108473
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: podman
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for podman.
CVE-2025-6032[0]:
| A flaw was found in Podman. The podman machine init command fails to
| verify the TLS certificate when downloading the VM images from an
| OCI registry. This issue results in a Man In The Middle attack.
https://github.com/advisories/GHSA-65gg-3w2w-hr4h
https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-6032
https://www.cve.org/CVERecord?id=CVE-2025-6032
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: podman
Source-Version: 5.4.2+ds1-2
Done: Mathias Gibbens <[email protected]>
We believe that the bug you reported is fixed in the latest version of
podman, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathias Gibbens <[email protected]> (supplier of updated podman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 08 Jul 2025 07:15:12 +0000
Source: podman
Architecture: source
Version: 5.4.2+ds1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team
<[email protected]>
Changed-By: Mathias Gibbens <[email protected]>
Closes: 1108473
Changes:
podman (5.4.2+ds1-2) unstable; urgency=medium
.
* Team upload
* Apply fix for CVE-2025-6032 (Closes: #1108473)
Checksums-Sha1:
1920c328e907b11d360c4305aba8836a53b13e7a 4645 podman_5.4.2+ds1-2.dsc
5ec8f484e755e3036511e848191776070e780c88 2964924 podman_5.4.2+ds1.orig.tar.xz
e1061ee1f6ed1c438fd067580d8b53db2c7967a3 28632 podman_5.4.2+ds1-2.debian.tar.xz
969992fc098534c550a602da05be9f1b528df531 40802
podman_5.4.2+ds1-2_amd64.buildinfo
Checksums-Sha256:
9effc8ff418f80e8c9f397b90104c4fd98254cf9cda9fb3eddd3bb9cdcd49d04 4645
podman_5.4.2+ds1-2.dsc
c0ea13984109bee230723361ace7f8954d3c1db350c0280bf0798ab55d69e46a 2964924
podman_5.4.2+ds1.orig.tar.xz
5e19d4f7a5f58f5ce4ab8e48b7c66640b0978d2b02ee37ecc45851dec961bae8 28632
podman_5.4.2+ds1-2.debian.tar.xz
5e5528787e40c7e66a891aa46c3209560fff2437854dda4109b9fa159c6acd32 40802
podman_5.4.2+ds1-2_amd64.buildinfo
Files:
33d490e873dbed9b9c702a8b3acaf610 4645 admin optional podman_5.4.2+ds1-2.dsc
5ab678c685ce9748a92052bf29797476 2964924 admin optional
podman_5.4.2+ds1.orig.tar.xz
8804ff513f36f84047b4b916d7f0dfb9 28632 admin optional
podman_5.4.2+ds1-2.debian.tar.xz
584a865089f80f7ee0c2afd347da6fde 40802 admin optional
podman_5.4.2+ds1-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEE1Bp60H32xfynSJ8cKe7i1uz0QvkFAmhsyOUSHGdpYm1hdEBk
ZWJpYW4ub3JnAAoJECnu4tbs9EL5BacP/R0r8WtQoSLX2eXNez6jVVuhxtqJp6iU
moxP4KokTHkBUb4mVF4xIF0T305cAhm90XTt2AjynVeDoiviKJOUwAcjl0AOCIin
Ldavulfxk77oG8mEaqnMDsuEdA7g7M9T1rwGFmA7NHPrhCbFRxjBOzxvZRNcZAsW
V+LuY0PPI8GaLi520eLGAHXbc9YjWxv0RgEBeoZeYOzbO6dZRA/vGvGVem+Po95p
XirRH3ZilQTjXxKAK3i4d6b56StsJymjWn0PliHCtTw/LE/udH2nrhjcT3RP+Mf0
yrqhqCWKhGrPTNK/oLprDW2+PvzTILUmd1xdoYvIXmZ7yTSKwWyBpBSE4BhCIojJ
LCUCCcrUqwnam9SQEzFsix1SrZaSMVdVkgQchaRRQ5qCXDlb7/EBFGVBF8nYFcIV
5KkQbc4C9ibNPI4Rd4rv5t9BvyheN73a5steVvYTd61GRTnkMfPcMJxB4Z2v1+27
emmgluFUMIyJO4GeqYhlp7DxWIjjniC8ueuTb6gpBY1oMy3cd3IyuiyS1t9IJdmS
8WAzHql3gFUVw3Hul/to3YotHcQKo5+XG4/8bzryVIhNR+xewV9JL5IhkDYjDf0p
YWR7nLOV3ojq1GjgueYbA4HV0BeEwS+wvbOMp8dzs2MOqJRrGiRaoYFu9L19gLE9
qThELNoS/r01
=GbUJ
-----END PGP SIGNATURE-----
pgpqrHd6WHyLk.pgp
Description: PGP signature
--- End Message ---
