Your message dated Sat, 21 Nov 2015 21:47:06 +0000
with message-id <[email protected]>
and subject line Bug#800471: fixed in lxc 1:1.0.6-6+deb8u2
has caused the Debian Bug report #800471,
regarding lxc: CVE-2015-1335
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
800471: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800471
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lxc
Version: 1:1.0.7-10
Severity: important
Tags: security upstream patch fixed-upstream

Hi Daniel,

LXC upstream announced CVE-2015-1335 today [1] and patch for 1.0 branch at [2].

 [1] 
https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html
 [2] https://github.com/lxc/lxc/commit/6bbb8100c4dec4b1c71758c27104985a694a4eac
 [3] https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: lxc
Source-Version: 1:1.0.6-6+deb8u2

We believe that the bug you reported is fixed in the latest version of
lxc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antonio Terceiro <[email protected]> (supplier of updated lxc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 13 Nov 2015 09:53:32 -0200
Source: lxc
Binary: lxc lxc-dbg
Architecture: source amd64
Version: 1:1.0.6-6+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Daniel Baumann <[email protected]>
Changed-By: Antonio Terceiro <[email protected]>
Description:
 lxc        - Linux Containers userspace tools
 lxc-dbg    - Linux Containers userspace tools (debug)
Closes: 800471
Changes:
 lxc (1:1.0.6-6+deb8u2) jessie-security; urgency=high
 .
   * CVE-2015-1335: prevent local containment administrator from escaping
     container via symlink attack. (Closes: #800471). Also include 2 followup
     patches that fixed regressions in the original fix. Patches obtained from
     the Ubuntu package:
     - 0020-CVE-2015-1335.patch
     - 0021-CVE-2015-1335-2.patch
     - 0022-CVE-2015-1335-3.patch
Checksums-Sha1:
 1d721f41e24e528d52d60bb97d67a5846da8545d 2082 lxc_1.0.6-6+deb8u2.dsc
 8051af53c88c44d30acc929b6564bae9c3026a0a 34740 lxc_1.0.6-6+deb8u2.debian.tar.xz
 cc47ed13785d245ed00c917f55b8d0de019188e4 625704 lxc_1.0.6-6+deb8u2_amd64.deb
 e594f323869260cb55beb7e86c77a3a52ddd5c15 772058 
lxc-dbg_1.0.6-6+deb8u2_amd64.deb
Checksums-Sha256:
 4b22c3081ef4c52da7c21d3e2d70f05ccbab8a2807461961b44ab73dd23335f0 2082 
lxc_1.0.6-6+deb8u2.dsc
 54a4641866ebd4afcc1d18607be68cca8c71f4ee9f3230a6741757bdc3695d2d 34740 
lxc_1.0.6-6+deb8u2.debian.tar.xz
 f5641f8490343fc37a304e07e7da3cfd0c766dbb04043625290002794bcfff42 625704 
lxc_1.0.6-6+deb8u2_amd64.deb
 9d9fd20f3f00bd0d90ab0a6f56862af22ca80ff5e4e997ebd08bf105271a26a8 772058 
lxc-dbg_1.0.6-6+deb8u2_amd64.deb
Files:
 343009c9a6a98f1eee3d0168066a4116 2082 admin optional lxc_1.0.6-6+deb8u2.dsc
 88ed64895d0431816f3cac18114cc1ad 34740 admin optional 
lxc_1.0.6-6+deb8u2.debian.tar.xz
 e21945dc53b2635389cade78607ab40b 625704 admin optional 
lxc_1.0.6-6+deb8u2_amd64.deb
 469a7a249c7e4d3021f2a41229d4b5ac 772058 debug extra 
lxc-dbg_1.0.6-6+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWS7XyAAoJEPwNsbvNRgvexqAP+wScJrA60pIcjLKi0DuoJ+UI
8qcXu1FzclsBRHEWsplaYIpS2rJMx2OhR1JG/59S2DK1HCqpd+AH5r07VV+VL3pI
zeDHY9KqnplDKjLobrLLgtEcYow0qrEUTCulp2B5yFE9bIz+crFt4DtaLzH1sCW8
arEVtoKUinFugG4VG5qM5P3H4OkxWCNsEKbjgacfpkln5trWW6QQtsWxtTVZGAZk
YNWumqOXr8jmRus3L8hsp91VYm4TMML2Yza+MsD07qAlEvv0PfPS9vixwQ34gvK6
lJbzhCmxV9Np/5+n5frTRViT0zDfDArAZPEGRhf5DzCGSimgEm8SqIiD5WTaUjfU
WS7FuXjJfcyiog2vJajBA/JijUNhOKcMbMf+Z7v9Izmu73kSkpm0Pg6spix+vJgx
gK/UotDFW2DTlC11gfezr320lGPATBaWcupOUdquiOm3PZXWmplY0FTI3j2pUisi
RdEGNx1NITRAhvmdPb5n1vWJ8h+2pINs5jiSB4IuLeOvV/gwDlIS8wghQA6xd5LQ
HRq0QHjPL5QRX66rJR86NBasSFK79DrZ2tg9hUCJTyr/0rNFuqsxsaeviitC7D00
85bvdbQ49OGJ0ToQbakAYNE+1RNWfc0absTry6YqbrTIyCj8/G1Dww8q2Ha+IVyo
YL3XCpt5bsdWSqgRiDVy
=vCKk
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to