On Thu, 2023-04-06 at 19:46 -0400, Reinhard Tartler wrote: > This code change picks up code changes in golang-github-containers- > psgo > and golang-github-containers-storage to fix CVE-2022-1227. This is > reported > as 1020907. This addresses a priviledge escalation issue when using > 'podman top'. Upstream has more information in this issue in > https://bugzilla.redhat.com/show_bug.cgi?id=2070368 >
I see this has already been uploaded; unfortunately: - ,golang-github-containers-psgo-dev - ,golang-github-containers-storage-dev (>= 1.24.6) + ,golang-github-containers-psgo-dev (>= 1.5.2-1+deb11u1) + ,golang-github-containers-storage-dev (>= 1.24.6+dfsg1-1+deb11u1) The updated golang-github-containers-storage-dev version there isn't actually sufficient to ensure that the fixed version is picked up - you want 1.24.*8*+dfsg1-1+deb11u1. At this point, either I can reject the current upload, and you can then re-upload a fixed +deb11u1 or (possibly easier all around) you can upload +deb11u2 as an incremental change on top of +deb11u1 which simply fixes the dependency version. Regards, Adam
