!23 [sync] PR-18: fix CVE-2024-3727 and rebuild to fix CVE-2024-24791

From: @openeuler-sync-bot Reviewed-by: @jianminw Signed-off-by: @jianminw
2025-01-14 04:22:08 +00:00 · 2025-01-14 04:22:08 +00:00 · 2726356278
commit 2726356278
parent 039e925f9a 9652104e64
2 changed files with 1234 additions and 1 deletions
--- a/0004-fix-CVE-2024-3727.patch
+++ b/0004-fix-CVE-2024-3727.patch
--- a/buildah.spec
+++ b/buildah.spec
@ -22,7 +22,7 @@
 Name:           buildah
 Version:        1.34.1
-Release:        4
+Release:        5
 Summary:        A command line tool used for creating OCI Images
 License:        Apache-2.0 and BSD-2-Clause and BSD-3-Clause and ISC and MIT and MPL-2.0
 URL:            https://%{name}.io
@ -32,6 +32,7 @@ Source1:        https://github.com/cpuguy83/go-md2man/archive/refs/tags/v2.0.2.t
 Patch0001:      0001-fix-CVE-2024-24786.patch
 Patch0002:      0002-fix-CVE-2024-1753.patch
 Patch0003:      0003-fix-CVE-2024-28180.patch
 Patch0004:      0004-fix-CVE-2024-3727.patch
 BuildRequires:  device-mapper-devel
 BuildRequires:  git-core
@ -147,6 +148,11 @@ rm %{buildroot}%{_datadir}/%{name}/test/system/tools/build/*
 %{_datadir}/%{name}/test
 %changelog
 * Thu Dec 26 2024 jianmin <jianmin@iscas.ac.cn> - 1.34.1-5
 - Type:cve
 - CVE:CVE-2024-3727 CVE-2024-24791
 - SUG:NA
 - DESC: fix CVE-2024-3727 and Rebuild to fix CVE-2024-24791
 * Tue Apr 23 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.34.1-4
 - Type:bugfix
 - CVE:NA