Comment 30 for bug 1910456

Ian asked me to also pull in: https://github.com/snapcore/snapd/pull/9764 to 2.48.3 to support the other docker CVE fix. With that the new changelog suggestion would be:

``
+snapd (2.48.3) UNRELEASED; urgency=medium
+
+ * SECURITY UPDATE: sandbox escape vulnerability for containers
+ - many: add Delegate=true to generated systemd units for special
+ interfaces
+ - CVE-2020-27352
+ - LP: #1910456
+ * interfaces/builtin/docker-support: allow /run/containerd/s/...
+ - This is a new path that docker 19.03.14 (with a new version of
+ containerd) uses to avoid containerd CVE issues around the unix
+ socket. See also CVE-2020-15257.
+
+ -- Michael Vogt <email address hidden> Mon, 01 Feb 2021 11:55:18 +0100
```

Please let me know if this looks good, if so I will prepare debdiffs/snaps.