commit 7c34c6b63b5b5aadbd5cebe5b339eeefd49f7392
author Damien Neil <dneil@google.com> Tue Jun 28 10:09:37 2022 -0700
committer Damien Neil <dneil@google.com> Fri Jul 01 20:08:10 2022 +0000
tree 74f1559c8c4e608d643728f47bfabe35e64883d5
parent 9e02de05cb6e73975a18c05c1b85502b1fe59284

x/vulndb: add reports/GO-2022-0417.yaml for CVE-2022-27651

Fixes golang/vulndb#0417

Change-Id: Idebf8034f775559b1502a9d2dcec0dfdea4bc218
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414815
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>

reports/GO-2022-0417.yaml

diff --git a/reports/GO-2022-0417.yaml b/reports/GO-2022-0417.yaml
new file mode 100644
index 0000000..7e2a4be
--- /dev/null
+++ b/reports/GO-2022-0417.yaml
@@ -0,0 +1,31 @@
+packages:
+  - module: github.com/containers/buildah
+    symbols:
+      - setupCapAdd
+      - setupCapDrop
+    versions:
+      - fixed: 1.25.0
+    vulnerable_at: 1.24.0
+  - module: github.com/containers/buildah
+    package: github.com/containers/buildah/chroot
+    symbols:
+      - setCapabilities
+    versions:
+      - fixed: 1.25.0
+    vulnerable_at: 1.24.0
+description: |
+    Containers are created with non-empty inheritable Linux process
+    capabilities, permitting programs with inheritable file capabilities
+    to elevate those capabilities to the permitted set during execve(2).
+
+    This bug does not affect the container security sandbox, as the
+    inheritable set never contains more capabilities than are included
+    in the container's bounding set.
+cves:
+  - CVE-2022-27651
+ghsas:
+  - GHSA-c3g4-w6cv-6v7h
+links:
+    commit: https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b
+    context:
+      - https://bugzilla.redhat.com/show_bug.cgi?id=2066840