Skip to content

Commit 7ef4fc4

Browse files
tatianabtatianab
committed
data/reports: review GO-2024-3169
 - data/reports/GO-2024-3169.yaml Fixes #3169 Change-Id: I70b782a8d783db91bc154f1c60274bc4242da425 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/635416 Reviewed-by: Zvonimir Pavlinovic <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
1 parent 90e042d commit 7ef4fc4

File tree

2 files changed

+20
-19
lines changed

2 files changed

+20
-19
lines changed

data/osv/GO-2024-3169.json

+10-8
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,9 @@
2121
"events": [
2222
{
2323
"introduced": "0"
24+
},
25+
{
26+
"fixed": "1.37.4"
2427
}
2528
]
2629
}
@@ -106,6 +109,9 @@
106109
"events": [
107110
{
108111
"introduced": "0"
112+
},
113+
{
114+
"fixed": "5.2.4"
109115
}
110116
]
111117
}
@@ -119,20 +125,16 @@
119125
"url": "https://github.com/advisories/GHSA-fhqq-8f65-5xfc"
120126
},
121127
{
122-
"type": "ADVISORY",
123-
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9407"
124-
},
125-
{
126-
"type": "WEB",
127-
"url": "https://access.redhat.com/security/cve/CVE-2024-9407"
128+
"type": "FIX",
129+
"url": "https://github.com/containers/buildah/commit/e4e2ad5ca2088d7c388109394135ead7aaf1f4f4"
128130
},
129131
{
130132
"type": "WEB",
131-
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315887"
133+
"url": "https://github.com/containers/podman/releases/tag/v5.2.4"
132134
}
133135
],
134136
"database_specific": {
135137
"url": "https://pkg.go.dev/vuln/GO-2024-3169",
136-
"review_status": "UNREVIEWED"
138+
"review_status": "REVIEWED"
137139
}
138140
}

data/reports/GO-2024-3169.yaml

+10-11
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
id: GO-2024-3169
22
modules:
33
- module: github.com/containers/buildah
4-
unsupported_versions:
5-
- last_affected: 1.37.3
6-
vulnerable_at: 1.37.4
4+
versions:
5+
- fixed: 1.37.4
6+
vulnerable_at: 1.37.3
77
- module: github.com/containers/podman
88
vulnerable_at: 1.9.3
99
- module: github.com/containers/podman/v2
@@ -13,20 +13,19 @@ modules:
1313
- module: github.com/containers/podman/v4
1414
vulnerable_at: 4.9.5
1515
- module: github.com/containers/podman/v5
16-
unsupported_versions:
17-
- last_affected: 5.2.3
18-
vulnerable_at: 5.2.4
16+
versions:
17+
- fixed: 5.2.4
18+
vulnerable_at: 5.2.3
1919
summary: Improper Input Validation in Buildah and Podman in github.com/containers/buildah
2020
cves:
2121
- CVE-2024-9407
2222
ghsas:
2323
- GHSA-fhqq-8f65-5xfc
2424
references:
2525
- advisory: https://github.com/advisories/GHSA-fhqq-8f65-5xfc
26-
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-9407
27-
- web: https://access.redhat.com/security/cve/CVE-2024-9407
28-
- web: https://bugzilla.redhat.com/show_bug.cgi?id=2315887
26+
- fix: https://github.com/containers/buildah/commit/e4e2ad5ca2088d7c388109394135ead7aaf1f4f4
27+
- web: https://github.com/containers/podman/releases/tag/v5.2.4
2928
source:
3029
id: GHSA-fhqq-8f65-5xfc
31-
created: 2024-10-08T10:57:52.867555-04:00
32-
review_status: UNREVIEWED
30+
created: 2024-12-11T15:38:28.529084-05:00
31+
review_status: REVIEWED

0 commit comments

Comments
 (0)