x/vulndb: potential Go vuln in github.com/siderolabs/talos: GHSA-g5p6-327m-3fxx

[GoVulnBot]

In GitHub Security Advisory GHSA-g5p6-327m-3fxx, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/siderolabs/talos	1.5.6	< 1.5.6

Cross references:

• Module github.com/siderolabs/talos appears in issue x/vulndb: potential Go vuln in github.com/siderolabs/talos: CVE-2022-36103, GHSA-7hgc-php5-77qq #995 EFFECTIVELY_PRIVATE
• Module github.com/siderolabs/talos appears in issue x/vulndb: potential Go vuln in github.com/siderolabs/talos: GHSA-jr8j-2jhp-m67v, CVE-2022-39190 #1005 NOT_GO_CODE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/siderolabs/talos
      versions:
        - fixed: 1.5.6
      vulnerable_at: 1.5.5
      packages:
        - package: github.com/siderolabs/talos
    - module: github.com/siderolabs/talos
      versions:
        - introduced: 1.6.0
          fixed: 1.6.4
      vulnerable_at: 1.6.3
      packages:
        - package: github.com/siderolabs/talos
summary: Talos Linux ships runc vulnerable to the escape to the host attack
ghsas:
    - GHSA-g5p6-327m-3fxx
references:
    - advisory: https://github.com/siderolabs/talos/security/advisories/GHSA-g5p6-327m-3fxx
    - advisory: https://github.com/advisories/GHSA-g5p6-327m-3fxx

[neild]

Dependent vulnerability of GHSA-xr7r-f8xq-vfvv.

Also, Talos appears to be a Linux distribution, not a Go package.

[gopherbot]

Change https://go.dev/cl/567817 mentions this issue: data/excluded: batch add 15 excluded reports