x/vulndb: potential Go vuln in github.com/containers/buildah: GHSA-pmf3-c36m-g5cf

[GoVulnBot]

In GitHub Security Advisory GHSA-pmf3-c36m-g5cf, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/containers/buildah	1.35.1	< 1.35.1

Cross references:

• Module github.com/containers/buildah appears in issue x/vulndb: potential Go vuln in github.com/containers/buildah/imagebuildah: GHSA-fx8w-mjvm-hvpc #828 NOT_IMPORTABLE
• Module github.com/containers/buildah appears in issue x/vulndb: potential Go vuln in github.com/containers/buildah: CVE-2021-3602 #345
• Module github.com/containers/buildah appears in issue x/vulndb: potential Go vuln in github.com/containers/buildah: CVE-2022-27651 #417
• Module github.com/containers/buildah appears in issue x/vulndb: potential Go vuln in github.com/containers/buildah: CVE-2022-2990, GHSA-fjm8-m7m6-2fjp #1008

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/containers/buildah
      versions:
        - fixed: 1.35.1
      vulnerable_at: 1.35.0
      packages:
        - package: github.com/containers/buildah
summary: Container escape at build time
ghsas:
    - GHSA-pmf3-c36m-g5cf
references:
    - advisory: https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf
    - fix: https://github.com/containers/buildah/commit/9de9c20ff368beb84b84fe660773d352519dc1c5
    - advisory: https://github.com/advisories/GHSA-pmf3-c36m-g5cf

[gopherbot]

Change https://go.dev/cl/572935 mentions this issue: data/reports: add GO-2024-2658.yaml