Comment 92 for bug 1938908

This bug was fixed in the package containerd - 1.5.5-0ubuntu3~20.04.1

---------------
containerd (1.5.5-0ubuntu3~20.04.1) focal; urgency=medium

  * Backport version 1.5.5-0ubuntu3 from Impish (LP: #1938908).
    - d/rules: set GO111MODULE to off, this avoid Internet connection during
      the build.

containerd (1.5.5-0ubuntu3) impish; urgency=medium

  * SECURITY UPDATE: insufficiently restricted directory permissions
    - debian/patches/1.5-reduce-directory-permissions.patch: reduce
      permissions for bundle dir in runtime/v1/linux/bundle.go,
      runtime/v1/linux/bundle_test.go, runtime/v2/bundle.go,
      runtime/v2/bundle_default.go, runtime/v2/bundle_linux.go,
      runtime/v2/bundle_linux_test.go, runtime/v2/bundle_test.go,
      snapshots/btrfs/btrfs.go.
    - CVE-2021-41103

containerd (1.5.5-0ubuntu2) impish; urgency=medium

  * d/p/seccomp-support-clone3-syscall.patch: clone3 is explicitly requested
    to give ENOSYS instead of the default EPERM, when CAP_SYS_ADMIN is unset.
    (LP: #1943049).

 -- Lucas Kanashiro <email address hidden> Fri, 08 Oct 2021 11:45:38 -0300