DEBIAN-CVE-2021-29499
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2021-29499
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-29499.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-29499
- Upstream
- Published
- 2021-05-07T21:15:07Z
- Modified
- 2025-09-18T04:02:10Z
- Summary
- [none]
- Details
-
SIF is an open source implementation of the Singularity Container Image Format. The
siftool newcommand and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of thegithub.com/satori/go.uuidmodule used as a dependency. A patch is available in version >= v1.2.3 of the module. Users are encouraged to upgrade. As a workaround, users passing CreateInfo struct should ensure theIDfield is generated using a version ofgithub.com/satori/go.uuidthat is not vulnerable to this issue. - References
Affected packages
Debian:11 / golang-github-sylabs-sif
Package
- Name
- golang-github-sylabs-sif
- Purl
- pkg:deb/debian/golang-github-sylabs-sif?arch=source
Debian:12 / golang-github-sylabs-sif
Package
- Name
- golang-github-sylabs-sif
- Purl
- pkg:deb/debian/golang-github-sylabs-sif?arch=source
Debian:13 / golang-github-sylabs-sif
Package
- Name
- golang-github-sylabs-sif
- Purl
- pkg:deb/debian/golang-github-sylabs-sif?arch=source
Debian:14 / golang-github-sylabs-sif
Package
- Name
- golang-github-sylabs-sif
- Purl
- pkg:deb/debian/golang-github-sylabs-sif?arch=source