Overview

Request 1008781 accepted

- Udpated to 1.1.2 which fixed CVE-2022-39237
* CVE-2022-39237: The sif dependency included in Apptainer before this
release does not verify that the hash algorithm(s) used are
cryptographically secure when verifying digital signatures. This release
updates to sif v2.8.1 which corrects this issue. See the linked advisory
for references and a workaround. (forwarded request 1008777 from mslacken)

Request History
Christian Goll's avatar

mslacken created request

- Udpated to 1.1.2 which fixed CVE-2022-39237
* CVE-2022-39237: The sif dependency included in Apptainer before this
release does not verify that the hash algorithm(s) used are
cryptographically secure when verifying digital signatures. This release
updates to sif v2.8.1 which corrects this issue. See the linked advisory
for references and a workaround. (forwarded request 1008777 from mslacken)

Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Fabian Vogt's avatar

favogt_factory added as a reviewer

Being evaluated by staging project "openSUSE:Factory:Staging:adi:82"

Fabian Vogt's avatar

favogt_factory accepted review

Picked "openSUSE:Factory:Staging:adi:82"

Saul Goodman's avatar

licensedigger accepted review

The legal review is accepted preliminary. The package may require actions later on.

Richard Brown's avatar

RBrownSUSE accepted review

Richard Brown's avatar

RBrownFactory accepted review

Staging Project openSUSE:Factory:Staging:adi:82 got accepted.

Richard Brown's avatar

RBrownFactory approved review

Staging Project openSUSE:Factory:Staging:adi:82 got accepted.

Richard Brown's avatar

RBrownFactory accepted request

Staging Project openSUSE:Factory:Staging:adi:82 got accepted.

openSUSE Build Service is sponsored by
Places