GNU bug report logs - #71125
[PATCH] gnu: buildah: Update to 1.35.4 [security fixes].

Previous Next

Package: guix-patches;

Reported by: Tomas Volf <~@wolfsden.cz>

Date: Wed, 22 May 2024 18:53:01 UTC

Severity: normal

Tags: patch

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 71125 in the body.
You can then email your comments to 71125 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#71125; Package guix-patches. (Wed, 22 May 2024 18:53:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Tomas Volf <~@wolfsden.cz>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Wed, 22 May 2024 18:53:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tomas Volf <~@wolfsden.cz>
To: guix-patches <at> gnu.org
Cc: Tomas Volf <~@wolfsden.cz>
Subject: [PATCH] gnu: buildah: Update to 1.35.4 [security fixes].
Date: Wed, 22 May 2024 20:52:03 +0200

This fixes CVE-2024-3727 and CVE-2024-28180.

* gnu/packages/containers.scm (buildah): Update to 1.35.4.

Change-Id: I5ee2b4591b39ee85d7236aedda7a2508df8e0e48
---
 gnu/packages/containers.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm
index 917d152609..f733bb6b6c 100644
--- a/gnu/packages/containers.scm
+++ b/gnu/packages/containers.scm
@@ -609,7 +609,7 @@ (define-public podman-compose
 (define-public buildah
   (package
     (name "buildah")
-    (version "1.35.3")
+    (version "1.35.4")
     (source
      (origin
        (method git-fetch)
@@ -617,7 +617,7 @@ (define-public buildah
              (url "https://github.com/containers/buildah")
              (commit (string-append "v" version))))
        (sha256
-        (base32 "07hr2cfp4kblnmva02ap97id5nzhbqigdfvx7c8nyrkfzw0340n0"))
+        (base32 "1p21lh8ds688nv0valzgl6s20bwzsyvr1sa15ra2mprj79azvl4r"))
        (file-name (git-file-name name version))))
     (build-system gnu-build-system)
     (arguments
-- 
2.41.0
Reply sent to Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility. (Thu, 30 May 2024 13:30:03 GMT) Full text and rfc822 format available.
Notification sent to Tomas Volf <~@wolfsden.cz>:
bug acknowledged by developer. (Thu, 30 May 2024 13:30:03 GMT) Full text and rfc822 format available.

Message #10 received at 71125-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Tomas Volf <~@wolfsden.cz>
Cc: 71125-done <at> debbugs.gnu.org
Subject: Re: [bug#71125] [PATCH] gnu: buildah: Update to 1.35.4 [security
 fixes].
Date: Thu, 30 May 2024 09:28:03 -0400

Hi,

Tomas Volf <~@wolfsden.cz> writes:

> This fixes CVE-2024-3727 and CVE-2024-28180.
>
> * gnu/packages/containers.scm (buildah): Update to 1.35.4.

I see another patch of yours has landed meanwhile, updating it to
1.36.0.  I trust this is resolved.

-- 
Thanks,
Maxim
Information forwarded to guix-patches <at> gnu.org:
bug#71125; Package guix-patches. (Thu, 30 May 2024 14:09:02 GMT) Full text and rfc822 format available.

Message #13 received at 71125-done <at> debbugs.gnu.org (full text, mbox):

From: Tomas Volf <~@wolfsden.cz>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 71125-done <at> debbugs.gnu.org
Subject: Re: [bug#71125] [PATCH] gnu: buildah: Update to 1.35.4 [security
 fixes].
Date: Thu, 30 May 2024 16:08:22 +0200

[Message part 1 (text/plain, inline)]
On 2024-05-30 09:28:03 -0400, Maxim Cournoyer wrote:
> Hi,
>
> Tomas Volf <~@wolfsden.cz> writes:
>
> > This fixes CVE-2024-3727 and CVE-2024-28180.
> >
> > * gnu/packages/containers.scm (buildah): Update to 1.35.4.
>
> I see another patch of yours has landed meanwhile, updating it to
> 1.36.0.  I trust this is resolved.

Yes, I believe so.  I should have paid more attention and close this (obsolete)
patch.  Sorry about that.

Tomas

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

[signature.asc (application/pgp-signature, inline)]
Information forwarded to guix-patches <at> gnu.org:
bug#71125; Package guix-patches. (Thu, 30 May 2024 20:37:02 GMT) Full text and rfc822 format available.

Message #16 received at 71125-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Tomas Volf <~@wolfsden.cz>
Cc: 71125-done <at> debbugs.gnu.org
Subject: Re: [bug#71125] [PATCH] gnu: buildah: Update to 1.35.4 [security
 fixes].
Date: Thu, 30 May 2024 16:35:36 -0400

Hi Tomas,

Tomas Volf <~@wolfsden.cz> writes:

> On 2024-05-30 09:28:03 -0400, Maxim Cournoyer wrote:
>> Hi,
>>
>> Tomas Volf <~@wolfsden.cz> writes:
>>
>> > This fixes CVE-2024-3727 and CVE-2024-28180.
>> >
>> > * gnu/packages/containers.scm (buildah): Update to 1.35.4.
>>
>> I see another patch of yours has landed meanwhile, updating it to
>> 1.36.0.  I trust this is resolved.
>
> Yes, I believe so.  I should have paid more attention and close this (obsolete)
> patch.  Sorry about that.

No worries!  Thanks for the heads-up.

-- 
Thanks,
Maxim
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 28 Jun 2024 11:24:06 GMT) Full text and rfc822 format available.
This bug report was last modified 357 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.