Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
The upload of docker.io (1.3.0~dfsg1-1) that was accepted today includes a fix for the now public CVE-2014-5282 [1]. Paul mentioned that I ought to send an unblock to see if we can decrease the transition age. :) For a little detail of the vuln, it specifically affects people who use "docker load" and then pull images from a registry, and can result in the wrong images (especially potentially malicious images) being pulled and thus run. I'm happy to provide any other information, of course. :) ♥, - Tianon -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
