Your message dated Sat, 18 Oct 2014 12:54:47 +0200 with message-id <20141018105447.GS3591@betterave.cristau.org> and subject line Re: Bug#765735: unblock: docker.io/1.3.0~dfsg1-1 has caused the Debian Bug report #765735, regarding unblock: docker.io/1.3.0~dfsg1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 765735: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765735 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: unblock: docker.io/1.3.0~dfsg1-1
- From: Tianon Gravi <admwiggin@gmail.com>
- Date: Fri, 17 Oct 2014 16:28:54 +0000
- Message-id: <[🔎] 20141017162854.GA1@gmail.com>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock The upload of docker.io (1.3.0~dfsg1-1) that was accepted today includes a fix for the now public CVE-2014-5282 [1]. Paul mentioned that I ought to send an unblock to see if we can decrease the transition age. :) For a little detail of the vuln, it specifically affects people who use "docker load" and then pull images from a registry, and can result in the wrong images (especially potentially malicious images) being pulled and thus run. I'm happy to provide any other information, of course. :) ♥, - Tianon
--- End Message ---
--- Begin Message ---
- To: Tianon Gravi <admwiggin@gmail.com>, 765735-done@bugs.debian.org
- Subject: Re: Bug#765735: unblock: docker.io/1.3.0~dfsg1-1
- From: Julien Cristau <jcristau@debian.org>
- Date: Sat, 18 Oct 2014 12:54:47 +0200
- Message-id: <20141018105447.GS3591@betterave.cristau.org>
- In-reply-to: <[🔎] 20141017162854.GA1@gmail.com>
- References: <[🔎] 20141017162854.GA1@gmail.com>
On Fri, Oct 17, 2014 at 16:28:54 +0000, Tianon Gravi wrote: > Package: release.debian.org > Severity: normal > User: release.debian.org@packages.debian.org > Usertags: unblock > > The upload of docker.io (1.3.0~dfsg1-1) that was accepted today includes > a fix for the now public CVE-2014-5282 [1]. Paul mentioned that I ought > to send an unblock to see if we can decrease the transition age. :) > > For a little detail of the vuln, it specifically affects people who use > "docker load" and then pull images from a registry, and can result in > the wrong images (especially potentially malicious images) being pulled > and thus run. > Set to 5 days. Cheers, JulienAttachment: signature.asc
Description: Digital signature
--- End Message ---