-
|
Hi all, I'm looking at my bootc image and seeing that But I can't seem to spot if they have been fixed in any releases as there aren't doesn't seem to be many CVEs listed in changelogs in general. I did spot one PR to bump the version but to me that seemed like it was for RHEL only? It also didn't include podman-remote from what I could tell |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
podman-remote and podman are build from the same sources so they use the same dependencies. How do you install podman-remote generally the distro trackers keep track of which CVE was fixed in what versions. Looking in 5.4 branch the go-jose CVE's are fixed in 5.4.1, and CVE-2025-22866 is a golang CVE so it depends on the version you build with and not our upstream dependencies. |
Beta Was this translation helpful? Give feedback.
podman-remote and podman are build from the same sources so they use the same dependencies.
How do you install podman-remote generally the distro trackers keep track of which CVE was fixed in what versions.
For upstream we patch the deps if we are aware of the CVEs of course. But most releases don't actively list all the CVE's unless they are directly for podman.
Looking in 5.4 branch the go-jose CVE's are fixed in 5.4.1, and CVE-2025-22866 is a golang CVE so it depends on the version you build with and not our upstream dependencies.