Update status for CVE-2021-4024/libpod

author: Salvatore Bonaccorso <carnil@debian.org> 2021-11-29 22:21:36 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-11-29 22:21:36 +0100
commit: f56271d2b6d9f0cd14f9cabd1cf88ed6fc90b936 (patch)
tree: a8c8e4b2be6f50f10bb1f6e1a1ed41121c48a4b3
parent: 2a3a6c9e198fba34f37a0468e2585be66ac10ddc (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 5567a597f4..34a81461b9 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -269,8 +269,12 @@ CVE-2021-44228
 CVE-2021-4024 [podman: podman machine spawns gvproxy with port binded to all IPs]
 	RESERVED
 	- libpod <unfixed>
+	[bullseye] - libpod <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2026675
 	NOTE: https://twitter.com/discordianfish/status/1463462371675066371
+	NOTE: https://github.com/containers/podman/pull/12283
+	NOTE: Introduced by: https://github.com/containers/podman/commit/7ef3981abe2412727840a2886489a08c03a05299 (v3.3.0-rc1)
+	NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48
 CVE-2021-44227
 	RESERVED
 CVE-2021-44226
author	Salvatore Bonaccorso <carnil@debian.org>	2021-11-29 22:21:36 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-11-29 22:21:36 +0100
commit	f56271d2b6d9f0cd14f9cabd1cf88ed6fc90b936 (patch)
tree	a8c8e4b2be6f50f10bb1f6e1a1ed41121c48a4b3
parent	2a3a6c9e198fba34f37a0468e2585be66ac10ddc (diff)