Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a050e62e by Abhijith PA at 2021-08-02T03:27:40+05:30
Mark CVE-2021-30465 as no-dsa for stretch
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -17283,6 +17283,7 @@ CVE-2021-30466
RESERVED
CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout
via Dire ...)
- runc 1.0.0~rc93+ds1-5 (bug #988768)
+ [stretch] - runc <no-dsa> (Intrusive to backport fix)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2
NOTE:
https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
NOTE: Initial patch in -4, but revised patch was applied only in -5
=====================================
data/dla-needed.txt
=====================================
@@ -87,10 +87,6 @@ ruby-kaminari
NOTE: 20210719: I believe the fix is just adding and extending the blacklist
for ruby-kaminari.
NOTE: 20210719: Will discuss this with Utkarsh (maintainer) shortly.
--
-runc (Abhijith PA)
- NOTE: 20210612: Not sure if applies to this version. (lamby)
- NOTE: 20210721: Requires more investigation. Even Ubuntu ESM, LTS uploaded
fixed upstream version.
---
salt
NOTE: 20210329: WIP (utkarsh)
NOTE: 20210510: patches ready; reviewing and testing with donfede, damien,
and bdrung. (utkarsh)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a050e62e4ba61baeef795b40e7a77898f89733f8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a050e62e4ba61baeef795b40e7a77898f89733f8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
