Bug 1227023 (CVE-2023-0475)

Summary: VUL-0: CVE-2023-0475: TRACKERBUG: hashicorp/go-getter: denial of service via malicious compressed archive
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: carlos.lopez
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/357463/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Carlos López 2024-06-26 09:00:16 UTC 
Nothing to do:
 - openSUSE:Factory/conftest github.com/hashicorp/go-getter (v1.7.3)
 - openSUSE:Factory/grype github.com/hashicorp/go-getter (v1.7.3)
 - openSUSE:Factory/helmfile github.com/hashicorp/go-getter (v1.7.3)
 - openSUSE:Factory/k9s github.com/hashicorp/go-getter (v1.7.3)
 - openSUSE:Factory/kubescape github.com/hashicorp/go-getter (v1.7.3)
 - openSUSE:Factory/minikube github.com/hashicorp/go-getter (v1.7.3)
 - openSUSE:Factory/okteto github.com/hashicorp/go-getter (v1.7.3)
 - openSUSE:Factory/opentofu github.com/hashicorp/go-getter (v1.7.3)
 - openSUSE:Factory/talosctl github.com/hashicorp/go-getter/v2 (v2.2.1)
 - openSUSE:Factory/terragrunt github.com/hashicorp/go-getter (v1.7.1)
 - openSUSE:Factory/terragrunt github.com/hashicorp/go-getter/v2 (v2.2.1)
 - openSUSE:Factory/trivy github.com/hashicorp/go-getter (v1.7.3)