Bug#1001115: bullseye-pu: package docker.io/20.10.5+dfsg1-1+deb11u1
Control: tags -1 + confirmed
On Sun, 2021-12-05 at 00:01 +0800, Shengjing Zhu wrote:
> Backport 3 CVE patches.
>
> + CVE-2021-41089: Create parent directories inside a chroot during
> docker
> cp to prevent a specially crafted container from changing
> permissions of
> existing files in the host’s filesystem.
> + CVE-2021-41091: Lock down file permissions to prevent unprivileged
> users
> from discovering and executing programs in /var/lib/docker.
> + CVE-2021-41092: Ensure default auth config has address field set,
> to
> prevent credentials being sent to the default registry. (Closes:
> #998292)
>
> And backport 1 patch to run container which
> uses "clone3" syscall (for example glibc 2.34)
>
Please go ahead.
Regards,
Adam
Reply to: