particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

go.mod: update osbuild/images to v0.69.0

Browse source
This commit is contained in:
Achilleas Koutsou 2024-07-02 14:42:15 +02:00
parent 1cc90c6a0b
commit 8ac80e8abc
611 changed files with 28281 additions and 32629 deletions
Download patch file Download diff file Expand all files Collapse all files

11
vendor/github.com/ulikunitz/xz/README.md generated vendored
View file

@ -75,3 +75,14 @@ To decompress it use the following command.
$ gxz -d bigfile.xz
## Security & Vulnerabilities
The security policy is documented in [SECURITY.md](SECURITY.md).
The software is not affected by the supply chain attack on the original xz
implementation, [CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094).
This implementation doesn't share any files with the original xz implementation
and no patches or pull requests are accepted without a review.
All security advisories for this project are published under
[github.com/ulikunitz/xz/security/advisories](https://github.com/ulikunitz/xz/security/advisories?state=published).

13
vendor/github.com/ulikunitz/xz/SECURITY.md generated vendored
View file

@ -6,5 +6,14 @@ Currently the last minor version v0.5.x is supported.
## Reporting a Vulnerability
Report a vulnerability by creating a Github issue at
<https://github.com/ulikunitz/xz/issues>. Expect a response in a week.
You can privately report a vulnerability following this
[procedure](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
Alternatively you can create a Github issue at
<https://github.com/ulikunitz/xz/issues>.
In both cases expect a response in at least 7 days.
## Security Advisories
All security advisories for this project are published under
[github.com/ulikunitz/xz/security/advisories](https://github.com/ulikunitz/xz/security/advisories?state=published).

7
vendor/github.com/ulikunitz/xz/TODO.md generated vendored
View file

@ -86,6 +86,11 @@
## Log
### 2024-04-03
Release v0.5.12 updates README.md and SECURITY.md to address the supply chain
attack on the original xz implementation.
### 2022-12-12
Matt Dantay (@bodgit) reported an issue with the LZMA reader. The implementation
@ -99,7 +104,7 @@ it.
Mituo Heijo has fuzzed xz and found a bug in the function readIndexBody. The
function allocated a slice of records immediately after reading the value
without further checks. Sincex the number has been too large the make function
without further checks. Since the number has been too large the make function
did panic. The fix is to check the number against the expected number of records
before allocating the records.