[GHSA-g5p6-327m-3fxx] Talos Linux ships runc vulnerable to the escape to the host attack#7823
[GHSA-g5p6-327m-3fxx] Talos Linux ships runc vulnerable to the escape to the host attack#7823frezbo wants to merge 1 commit into
Conversation
|
Hi there @smira! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Trivial timestamp bump in a single GitHub-reviewed advisory file.
Changes:
- Increments the
modifiedtimestamp by one second.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
github-actions
Bot
changed the base branch from
main
to
frezbo/advisory-improvement-7823
|
The ecosystem selection field doesn't have an other so, I cannot submit changes to those |
Updates
Comments
Hi, I'm a maintainer for siderolabs/talos, for advisories we publish GHSA wrongly identifies the package as Go with
github.com/siderolabs/taloswhereas it should have the cpecpe:2.3:o:siderolabs:talos_linux:*:*:*:*:*:*:*:*since Talos is an operating system andgithub.com/siderolabs/talosis not used as a go module. The same issues affects for other GHSA's listed below"