Overview

File _patchinfo of Package patchinfo.25888

<patchinfo incident="25888">
  <issue tracker="cve" id="2022-1996"/>
  <issue tracker="bnc" id="1200528">VUL-0: CVE-2022-1996: go-restful: CORS bypass</issue>
  <packager>vulyanov</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer</summary>
  <description>This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:

Update to version 1.43.2

- Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.43.2

Security issues fixed:

- CVE-2022-1996: Fixed CORS bypass in go-restful vendored dependency (bsc#1200528)

Other fixes:
- Include additional tools used by cdi-importer:
  cdi-containerimage-server
  cdi-source-update-poller
- Pack only cdi-{cr,operator}.yaml into the manifests RPM
- Install tar package (used for cloning filesystem PVCs)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places