Your message dated Sat, 16 Feb 2019 15:34:46 +0000
with message-id <[email protected]>
and subject line Bug#922169: fixed in lxc 1:3.1.0+really3.0.3-4
has caused the Debian Bug report #922169,
regarding lxc: rexec callers as memfd
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
922169: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922169
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lxc
Version: 1:3.1.0+really3.0.3-2
Severity: important
Tags: patch security upstream
Hi
LXC is similarly impacted as runC for the CVE-2019-5736 issue. Though,
as explained in the commit message of the upstream commit[1], "LXC is
also impacted in a similar manner by this vulnerability, however as
the LXC project considers privileged containers to be unsafe no CVE
has been assigned for this issue for LXC."
Ideally still to be adressed in time for buster.
Regards,
Salvatore
[1] https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
--- End Message ---
--- Begin Message ---
Source: lxc
Source-Version: 1:3.1.0+really3.0.3-4
We believe that the bug you reported is fixed in the latest version of
lxc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre-Elliott Bécue <[email protected]> (supplier of updated lxc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 16 Feb 2019 16:21:41 +0100
Source: lxc
Architecture: source
Version: 1:3.1.0+really3.0.3-4
Distribution: unstable
Urgency: medium
Maintainer: pkg-lxc <[email protected]>
Changed-By: Pierre-Elliott Bécue <[email protected]>
Closes: 919221 920543 920916 922169
Changes:
lxc (1:3.1.0+really3.0.3-4) unstable; urgency=medium
.
[ Lev Lamberov ]
* d/po/ru.po: Add russian translation for debconf templates (Closes: #920916)
.
[ Américo Monteiro ]
* d/po/pt.po: Add portuguese translation for debconf templates (Closes:
#919221)
.
[ Adriano Rafael Gomes ]
* d/po/pr_BR.po: Add brazilian portuguese translation for debconf templates
(Closes: #920543)
.
[ Pierre-Elliott Bécue ]
* d/patches/0004: Import the fix for CVE-2019-5736. (Closes: #922169)
Checksums-Sha1:
03f7ff55ea8878aa4893754eef121b40460d8d17 2886 lxc_3.1.0+really3.0.3-4.dsc
6bb48f74f39627e4f785703b2dcdfb077c42cb6d 56432
lxc_3.1.0+really3.0.3-4.debian.tar.xz
f736a8a5da52e67d680b45a425bd089043622ab4 11895
lxc_3.1.0+really3.0.3-4_amd64.buildinfo
Checksums-Sha256:
e4340ef51ea6a1d3a9e6e3b10f134da5ecf6c5a064f346d7512d96497865232d 2886
lxc_3.1.0+really3.0.3-4.dsc
b838f8cc1a6dd8d0c55d0e24fe375a68bea37348564bae1ced85db4ce5d02624 56432
lxc_3.1.0+really3.0.3-4.debian.tar.xz
b680819c60d089ec10ad9f5d32ea74368efee3bd9b1f55072b9d87ca4c2c4f72 11895
lxc_3.1.0+really3.0.3-4_amd64.buildinfo
Files:
60932814c86db60fcafcc46d0ac4fb3f 2886 admin optional
lxc_3.1.0+really3.0.3-4.dsc
8f1d6440db036aa7c1c386e50ec2456d 56432 admin optional
lxc_3.1.0+really3.0.3-4.debian.tar.xz
f22fa3bb1c98d3892ad00c8d55a3bcb4 11895 admin optional
lxc_3.1.0+really3.0.3-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEESYqTBWsFJgT6y8ijKb+g0HkpCsoFAlxoKucACgkQKb+g0Hkp
Csq+iA/8DD3V79fELiqvNDsecagCmEa92lgAkvKNYQU8noD/tePlAupwQ8fW7/So
0fMPYCrBmKDzsmFRvO0rB3/J87ddx2/KWrbOHDp/fzvpUjWhAcS3TApUkKH1qxnY
7Wy+D1DnJHYWuTKghAg1YAwkWzsaaslYb3jCWMSTboLCLg+s3HIPguJcdWow9NSq
FESMOkgBLisClyRJYsKBorG+0idp0JfUFtvgLirhJh8v/95Ix3JrAHtTIsOut2q7
UXbfd9hmrRcPmexKMaXJkr/iP4u3GPJp07TZNx3Ez3o7ZyJxKAaIHgCigFHRpwVi
cQp0+cxg72w6a4TEw4Naf8tnPh9qK4rqQKJ3MnB0u9ja0BjcxkT7tngPqB3D1Y+l
OvGWhMgIfpj2MJxPiC7lQhfS5aUr6HPxBkwKascdDoPU/FpXzXS0KmPZVmEL18IE
KpBYYR5x8or3gh2GbDn5NJvsk75ofZzn6DQIRoc/JGutE4dJeXQZFNcU/sI8hqyW
p9+ogWZEPJ7jUlOQsAjANlgji0mlCUdEH01w+UmSUC0tH6QD/ADOOhYwQCGTVHId
oj23kGevrBxnNorjjnwgls8mliG5N/gMMsY6VTNiT5cUt8ByPGC+aPo9Kr1Lj50+
AGRnv57hg0/rK1hgwoGz0uTaXZxfdePfdBYukYJEMsUvU1sEMZM=
=fgwW
-----END PGP SIGNATURE-----
--- End Message ---
