On Wednesday, 19 June 2019 1:10:03 AM AEST Moritz Muehlenhoff wrote:
> On Tue, Jun 18, 2019 at 05:35:55PM +1000, Dmitry Smirnov wrote:
> > I would reclassify those vulnerabilities with lesser severity to avoid
> > removal from Buster.
>
> That's certainly possible, but there's still the bigger
Hi
On Tue, 18 Jun 2019 17:10:03 +0200 Moritz Muehlenhoff
wrote:
> On Tue, Jun 18, 2019 at 05:35:55PM +1000, Dmitry Smirnov wrote:
> > I would reclassify those vulnerabilities with lesser severity to avoid
> > removal from Buster.
>
> That's certainly possible, but there's still the bigger
On Tue, Jun 18, 2019 at 05:35:55PM +1000, Dmitry Smirnov wrote:
> I would reclassify those vulnerabilities with lesser severity to avoid
> removal from Buster.
That's certainly possible, but there's still the bigger issue that the
projects seems unmaintained. None of the developers even
On Monday, 17 June 2019 6:02:50 AM AEST Shengjing Zhu wrote:
> On Sun, Jun 16, 2019 at 11:47 PM Shengjing Zhu wrote:
> > So I would suggest we remove rkt from buster.
Personally I wouldn't do that but rules are rules so whatever...
It is reasonable to assume that application containers are not
On Sun, Jun 16, 2019 at 11:47 PM Shengjing Zhu wrote:
> So I would suggest we remove rkt from buster.
>
Which means the acbuild and nomad(build-rdepends) will also be removed.
For acbuild, it is also discontinued by upstream[1].
For nomad, you can disable the rkt driver, by patching
Hi,
On Sun, Jun 16, 2019 at 11:47:16PM +0800, Shengjing Zhu wrote:
> Hi Dmitry,
>
> Upstream doesn't have any update for these 3 CVE for more than 2
> weeks(after the CVE published).
>
> So I'm afraid that rkt is longer maintained, with 2 other concerns:
>
> 1. Most commits since 2019 are
Sorry, typo...
On Sun, Jun 16, 2019 at 11:47 PM Shengjing Zhu wrote:
>
> Hi Dmitry,
>
> Upstream doesn't have any update for these 3 CVE for more than 2
> weeks(after the CVE published).
>
> So I'm afraid that rkt is longer maintained, with 2 other concerns:
s/is longer/is no longer/g
>
> 1.
Hi Dmitry,
Upstream doesn't have any update for these 3 CVE for more than 2
weeks(after the CVE published).
So I'm afraid that rkt is longer maintained, with 2 other concerns:
1. Most commits since 2019 are about typo/documents.
2. Coreos(the company who creates rkt) has been acquired by
On Sun, Jun 02, 2019 at 08:12:50AM +1000, Dmitry Smirnov wrote:
> On Friday, 31 May 2019 4:46:08 PM AEST Salvatore Bonaccorso wrote:
> > The following vulnerabilities were published for rkt.
> >
> > CVE-2019-10144[0]:
> > rkt: processes run with `rkt enter` are given all capabilities during stage
On Friday, 31 May 2019 4:46:08 PM AEST Salvatore Bonaccorso wrote:
> The following vulnerabilities were published for rkt.
>
> CVE-2019-10144[0]:
> rkt: processes run with `rkt enter` are given all capabilities during stage
> 2
>
> CVE-2019-10145[1]:
> processes run with rkt enter do not have
Source: rkt
Version: 1.30.0+dfsg-7
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/rkt/rkt/issues/3998
Hi,
The following vulnerabilities were published for rkt.
CVE-2019-10144[0]:
rkt: processes run with `rkt enter` are given all
11 matches
Mail list logo
