Bug#929042: closed by Afif Elghraoui <firstname.lastname@example.org> (Re: Bug#929042: singularity-container: CVE-2019-11328)
على ١٠/٩/١٤٤٠ هـ ٥:١٣ م، كتب Salvatore Bonaccorso:
> Hi Afif,
> On Wed, May 15, 2019 at 10:57:49PM +0200, Salvatore Bonaccorso wrote:
>> Then there is nothing further to be done.
> Oh, actually there is an open point: Is it confirmed that 3.0.3 is not
> affected by the CVE? Did you got any information why this is only
> introduced in 3.1.0?
The release notes say >=3.1.0. The bulk of the patches are in sources
having to do with the oci runtime, which was introduced in 3.1.0. That
would explain the cutoff described by upstream.
In any case, this will hopefully be moot if we can unblock the version
now in Unstable.
Afif Elghraoui | عفيف الغراوي