x/vulndb: potential Go vuln in github.com/containers/podman/v4: GHSA-qwqv-rqgf-8qh8

[GoVulnBot]

In GitHub Security Advisory GHSA-qwqv-rqgf-8qh8, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/containers/podman/v4	4.4.2	< 4.4.2

Cross references:

• Module github.com/containers/podman/v4 appears in issue x/vulndb: potential Go vuln in github.com/containers/podman/v4: GHSA-rprg-4v7q-87v7 #1159

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/containers/podman/v4
    versions:
      - fixed: 4.4.2
    packages:
      - package: github.com/containers/podman/v4
summary: Podman Time-of-check Time-of-use (TOCTOU) Race Condition
description: A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue
    may allow a malicious user to replace a normal file in a volume with a symlink
    while exporting the volume, allowing for access to arbitrary files on the host
    file system.
cves:
  - CVE-2023-0778
ghsas:
  - GHSA-qwqv-rqgf-8qh8
references:
  - web: https://nvd.nist.gov/vuln/detail/CVE-2023-0778
  - web: https://bugzilla.redhat.com/show_bug.cgi?id=2168256
  - fix: https://github.com/containers/podman/pull/17528
  - fix: https://github.com/containers/podman/pull/17532
  - fix: https://github.com/containers/podman/commit/6ca857feb07a5fdc96fd947afef03916291673d8
  - web: https://access.redhat.com/security/cve/CVE-2023-0778
  - advisory: https://github.com/advisories/GHSA-qwqv-rqgf-8qh8

[gopherbot]

Change https://go.dev/cl/480715 mentions this issue: data/reports: add GO-2023-1681.yaml