From 09afcf2d145829620dbf964bfba926f1098986cd Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Mon, 23 Sep 2024 13:36:50 -0700
Subject: [PATCH] OpenInRoot: add CVE link to godoc

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 open_linux.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/open_linux.go b/open_linux.go
index 46287c9..230be73 100644
--- a/open_linux.go
+++ b/open_linux.go
@@ -59,7 +59,9 @@ func OpenInRoot(root, unsafePath string) (*os.File, error) {
 // maliciously-configured /proc mount. While this attack scenario is not
 // common, in container runtimes it is possible for higher-level runtimes to be
 // tricked into configuring an unsafe /proc that can be used to attack file
-// operations. See CVE-2019-19921 for more details.
+// operations. See [CVE-2019-19921] for more details.
+//
+// [CVE-2019-19921]: https://github.com/advisories/GHSA-fh74-hm69-rqjw
 func Reopen(handle *os.File, flags int) (*os.File, error) {
 	procRoot, err := getProcRoot()
 	if err != nil {