Bug#1012723: bullseye-pu: package runc/runc_1.0.0~rc93+ds1-5+deb11u1

[Reinhard Tartler <siretart@gmail.com>]

On Sun, Jun 12, 2022 at 10:57 PM Shengjing Zhu <zhsj@debian.org> wrote:

X-Dbackport: do not set inheritable capabilities, Fixes: CVE-2022-29162ebbugs-CC: siretart@debian.org, team@security.debian.org

Hi,

On Sun, Jun 12, 2022 at 05:33:48PM -0400, Reinhard Tartler wrote:
> diff -Nru runc-1.0.0~rc93+ds1/debian/changelog runc-1.0.0~rc93+ds1/debian/changelog
> --- runc-1.0.0~rc93+ds1/debian/changelog      2022-06-12 14:49:36.000000000 -0400
> +++ runc-1.0.0~rc93+ds1/debian/changelog      2021-05-19 14:46:14.000000000 -0400
> @@ -1,10 +1,3 @@
> -runc (1.0.0~rc93+ds1-5+deb11u1) bullseye; urgency=medium
> -
> -  * Team upload.
> -  * backport upstream patch: Honor seccomp defaultErrnoRet, Closes: #1012030
> -
> - -- Reinhard Tartler <siretart@tauware.de>  Sun, 12 Jun 2022 14:49:36 -0400
> -

Could you include the patch for CVE-2022-29162?

https://security-tracker.debian.org/tracker/CVE-2022-29162

If you don't have time, I can work on this later in this week.

backported as https://salsa.debian.org/go-team/packages/runc/-/commit/05b0597cb4db36f70c3bf737c87466a740a9eadf -- builds fine (and thus passes unit tests), still need to test it on a real machine. Thanks for pointing me to it!

-rt

--

regards,
    Reinhard