Update status for CVE-2021-4024/libpod

author: Salvatore Bonaccorso <carnil@debian.org> 2021-11-29 22:21:36 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-11-29 22:21:36 +0100
commit: 08d5b38c3d1079279f7dc01121b90eeaf91d1ef5 (patch)
tree: 0239d0b3d69de5dc9dfb5d68471584ac9bed6055
parent: 2ff2d198deff56b0e2ccf7a416ed7a5e8e165536 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 5567a597f4..34a81461b9 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -269,8 +269,12 @@ CVE-2021-44228
 CVE-2021-4024 [podman: podman machine spawns gvproxy with port binded to all IPs]
 	RESERVED
 	- libpod <unfixed>
+	[bullseye] - libpod <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2026675
 	NOTE: https://twitter.com/discordianfish/status/1463462371675066371
+	NOTE: https://github.com/containers/podman/pull/12283
+	NOTE: Introduced by: https://github.com/containers/podman/commit/7ef3981abe2412727840a2886489a08c03a05299 (v3.3.0-rc1)
+	NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48
 CVE-2021-44227
 	RESERVED
 CVE-2021-44226
author	Salvatore Bonaccorso <carnil@debian.org>	2021-11-29 22:21:36 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-11-29 22:21:36 +0100
commit	08d5b38c3d1079279f7dc01121b90eeaf91d1ef5 (patch)
tree	0239d0b3d69de5dc9dfb5d68471584ac9bed6055
parent	2ff2d198deff56b0e2ccf7a416ed7a5e8e165536 (diff)