vcswatch reports that
there is an error with this package's VCS, or the debian/changelog file inside
it. Please check the error shown below and try to fix it. You might have
to update the VCS URL in the debian/control file to point to the correct
repository.
fatal: unable to access 'https://salsa.debian.org/go-team/packages/golang-github-containers-storage.git/': The requested URL returned error: 503
1 issue left for the package maintainer to handle:
CVE-2024-9676:
(needs triaging)
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
Among the 4 debian patches
available in version 1.62.0-3 of the package,
we noticed the following issues:
4 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.7.4 instead of
4.7.3).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/g/golang-github-containers-storage.png){kind=link}