On 21 July 2017 at 14:35, Moritz Muehlenhoff <j...@debian.org> wrote:
> Please see
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11468

Thanks for the report!  I've started looking into the fix, and will
include my notes here:

https://github.com/docker/distribution/releases/tag/v2.6.2 is the
release which fixes this (and it links to
https://github.com/docker/distribution/commit/29fa466debaabb64f8559116bbffd20a289d523c
as the specific commit which does so).

A plain "dch -v 2.6.2~ds1-1" is _not_ sufficient to get a working
build (needs some dependency updates, I think, since we're currently
on v2.6.0-rc.1 + a few commits and upstream has obviously made some
changes since then).

Given that the package is only in unstable, I'll likely commit my WIP
bump to 2.6.2 to Git once I'm done looking around at how much it's
going to take to update (whether it's building successfully or not).


♥,
- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4

_______________________________________________
Pkg-go-maintainers mailing list
Pkg-go-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-go-maintainers

Reply via email to