Bug#1001115: bullseye-pu: package docker.io/20.10.5+dfsg1-1+deb11u1

To: Shengjing Zhu <zhsj@debian.org>, 1001115@bugs.debian.org
Subject: Bug#1001115: bullseye-pu: package docker.io/20.10.5+dfsg1-1+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 11 Dec 2021 17:47:44 +0000
Message-id: <[🔎] aa86e00b621be3b890db30a077a29829d24cbce5.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1001115@bugs.debian.org
In-reply-to: <[🔎] YauQ3z0rNq3MRASD@local.zhsj.me>
References: <[🔎] YauQ3z0rNq3MRASD@local.zhsj.me> <[🔎] YauQ3z0rNq3MRASD@local.zhsj.me>

Control: tags -1 + confirmed

On Sun, 2021-12-05 at 00:01 +0800, Shengjing Zhu wrote:
> Backport 3 CVE patches.
> 
> + CVE-2021-41089: Create parent directories inside a chroot during
> docker
>   cp to prevent a specially crafted container from changing
> permissions of
>   existing files in the host’s filesystem.
> + CVE-2021-41091: Lock down file permissions to prevent unprivileged
> users
>   from discovering and executing programs in /var/lib/docker.
> + CVE-2021-41092: Ensure default auth config has address field set,
> to
>   prevent credentials being sent to the default registry. (Closes:
> #998292)
> 
> And backport 1 patch to run container which
> uses "clone3" syscall (for example glibc 2.34)
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#1001115: bullseye-pu: package docker.io/20.10.5+dfsg1-1+deb11u1
  - From: Shengjing Zhu <zhsj@debian.org>

Prev by Date: Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2
Next by Date: Processed: Re: Bug#1001115: bullseye-pu: package docker.io/20.10.5+dfsg1-1+deb11u1
Previous by thread: Bug#1001115: bullseye-pu: package docker.io/20.10.5+dfsg1-1+deb11u1
Next by thread: Processed: Re: Bug#1001115: bullseye-pu: package docker.io/20.10.5+dfsg1-1+deb11u1
Index(es):
- Date
- Thread