Bug#765735: unblock: docker.io/1.3.0~dfsg1-1

To: submit@bugs.debian.org
Subject: Bug#765735: unblock: docker.io/1.3.0~dfsg1-1
From: Tianon Gravi <admwiggin@gmail.com>
Date: Fri, 17 Oct 2014 16:28:54 +0000
Message-id: <[🔎] 20141017162854.GA1@gmail.com>
Reply-to: Tianon Gravi <admwiggin@gmail.com>, 765735@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

The upload of docker.io (1.3.0~dfsg1-1) that was accepted today includes
a fix for the now public CVE-2014-5282 [1].  Paul mentioned that I ought
to send an unblock to see if we can decrease the transition age. :)

For a little detail of the vuln, it specifically affects people who use
"docker load" and then pull images from a registry, and can result in
the wrong images (especially potentially malicious images) being pulled
and thus run.

I'm happy to provide any other information, of course. :)

♥,
- Tianon

Reply to:

Follow-Ups:
- Bug#765735: marked as done (unblock: docker.io/1.3.0~dfsg1-1)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Re-Proposal - preserve freedom of choice of init systems
Next by Date: Bug#765737: unblock: cinder/2014.1.3-4 CVE-2014-7230 & CVE-2014-7231 (urgency=high)
Previous by thread: Bug#765733: marked as done (unblock: nova/2014.1.3-5 CVE-2014-7230 & CVE-2014-7231 (urgency=high))
Next by thread: Bug#765735: marked as done (unblock: docker.io/1.3.0~dfsg1-1)
Index(es):
- Date
- Thread