[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: docker.io update with no CVE



Am Donnerstag, dem 27.02.2025 um 11:49 +0100 schrieb Marc SCHAEFER:
> 
> There is a docker.io upgrade for bullseye:
> 
>    https://security-tracker.debian.org/tracker/TEMP-0000000-7C9547
> 
> However, it was not yet announced, if I am not mistaken.
> 
> Is this because of a responsible disclosure policy?
> 
> $ dpkg -s docker.io|grep Version
> Version: 20.10.5+dfsg1-1+deb11u3
> 
> $ apt-cache show docker.io | grep Version | head
> Version: 20.10.5+dfsg1-1+deb11u4
> 
> Manually downloading, the changelog says:
> 
>    docker.io (20.10.5+dfsg1-1+deb11u4) bullseye-security;
> urgency=medium
> 
>      * LTS Team upload.
>      * Rebuild with golang-glog 0.0~git20160126.23def4e-3+deb11u1.
>      * No source changes.
> 
> Does that mean that it actually would fix a go issue that docker.io
> uses?

I think this relates to DLA-4056-1. According to a recent discussion,
there should probably be separate DLAs for affected and updated
packages like docker.io (there were more). I'll forward this to the LTS
team's list.

Regards, Daniel

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: