fix CVE-2024-3727 and rebuild to fix CVE-2024-24791

(cherry picked from commit 97ec1b7b0e13c1ee9b68c1f3f1c9a3715d833cba)
2024-12-26 15:42:29 +08:00 · 2024-12-26 15:42:29 +08:00 · 9652104e64
commit 9652104e64
parent 039e925f9a
2 changed files with 1234 additions and 1 deletions
--- a/0004-fix-CVE-2024-3727.patch
+++ b/0004-fix-CVE-2024-3727.patch
--- a/buildah.spec
+++ b/buildah.spec
@ -22,7 +22,7 @@

 Name:           buildah
 Version:        1.34.1
-Release:        4
+Release:        5
 Summary:        A command line tool used for creating OCI Images
 License:        Apache-2.0 and BSD-2-Clause and BSD-3-Clause and ISC and MIT and MPL-2.0
 URL:            https://%{name}.io
@ -32,6 +32,7 @@ Source1:        https://github.com/cpuguy83/go-md2man/archive/refs/tags/v2.0.2.t
 Patch0001:      0001-fix-CVE-2024-24786.patch
 Patch0002:      0002-fix-CVE-2024-1753.patch
 Patch0003:      0003-fix-CVE-2024-28180.patch
+Patch0004:      0004-fix-CVE-2024-3727.patch

 BuildRequires:  device-mapper-devel
 BuildRequires:  git-core
@ -147,6 +148,11 @@ rm %{buildroot}%{_datadir}/%{name}/test/system/tools/build/*
 %{_datadir}/%{name}/test

 %changelog
+* Thu Dec 26 2024 jianmin <jianmin@iscas.ac.cn> - 1.34.1-5
+- Type:cve
+- CVE:CVE-2024-3727 CVE-2024-24791
+- SUG:NA
+- DESC: fix CVE-2024-3727 and Rebuild to fix CVE-2024-24791
 * Tue Apr 23 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.34.1-4
 - Type:bugfix
 - CVE:NA