From 9a899da16080df0354e65decfc06dddeefa7920d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Mar 2021 07:05:38 +0000
Subject: Bump github.com/containers/storage from 1.28.0 to 1.28.1

Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.28.0 to 1.28.1.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.28.0...v1.28.1)

Signed-off-by: dependabot[bot] <support@github.com>
---
 vendor/github.com/ulikunitz/xz/TODO.md | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'vendor/github.com/ulikunitz/xz/TODO.md')

diff --git a/vendor/github.com/ulikunitz/xz/TODO.md b/vendor/github.com/ulikunitz/xz/TODO.md
index 88c7341c8..594e0c7fe 100644
--- a/vendor/github.com/ulikunitz/xz/TODO.md
+++ b/vendor/github.com/ulikunitz/xz/TODO.md
@@ -86,6 +86,14 @@
 
 ## Log
 
+### 2021-02-02
+
+Mituo Heijo has fuzzed xz and found a bug in the function readIndexBody. The
+function allocated a slice of records immediately after reading the value
+without further checks. Since the number has been too large the make function
+did panic. The fix is to check the number against the expected number of records
+before allocating the records.
+
 ### 2020-12-17
 
 Release v0.5.9 fixes warnings, a typo and adds SECURITY.md.
-- 
cgit v1.2.3-54-g00ecf