On Sat, Dec 4, 2021 at 12:11 AM Adam D. Barratt <[email protected]> wrote: > > Control: tags -1 + confirmed > > On Tue, 2021-11-23 at 19:27 +0800, Shengjing Zhu wrote: > > I'd like to update containerd in bullseye to latest upstream > > patch version. Upstream does maintain a stable release branch > > 1.4.x with only backporting important bugfix. > > > > Notably: > > 1.4.12~ds1-1~deb11u1 will have: > > > > + Workaround for "clone3" syscall. So users can run images like > > fedora:rawhide, ubuntu:impish, which has enabled clone3 syscall > > in glibc. > > See also https://bugs.launchpad.net/cloud-images/+bug/1943049 > > + Mitigate CVE-2021-41190: Handle ambiguous OCI manifest parsing > > + Backport RPi1/RPi0 workaround #998909 > > > > Please go ahead. >
Uploaded. -- Shengjing Zhu
