[ Sergio Durigan Junior ]
* d/t/docker-in-lxd:
Improve dep8 test. Make it run a more complex test against an
ubuntu:devel docker container, especially because glibc updates might
break docker.io. Improve test reliability when running autopkgtest
locally.
[ Steve Beattie ]
* SECURITY UPDATE: insufficiently restricted directory permissions
- d/p/CVE-2021-41091.patch: Lock down docker root dir perms.
- CVE-2021-41091
* SECURITY UPDATE: permissions modifications outside of install directory
- d/p/CVE-2021-41089.patch: chrootarchive: don't create parent dirs
outside of chroot.
- CVE-2021-41089
* d/p/seccomp-add-support-for-clone3-syscall-in-default-policy.patch: Fix
failure with new glibc clone3 syscall adding it to the default seccomp
policy (LP: #1943049).
-- Lucas Kanashiro <email address hidden> Wed, 06 Oct 2021 10:53:57 -0300
This bug was fixed in the package docker.io - 20.10.7- 0ubuntu5~ 20.04.1
--------------- 7-0ubuntu5~ 20.04.1) focal; urgency=medium
docker.io (20.10.
* Backport version 20.10.7-0ubuntu5 from Impish (LP: #1938908).
docker.io (20.10.7-0ubuntu5) impish; urgency=medium
[ Sergio Durigan Junior ]
* d/t/docker-in-lxd:
Improve dep8 test. Make it run a more complex test against an
ubuntu:devel docker container, especially because glibc updates might
break docker.io. Improve test reliability when running autopkgtest
locally.
[ Steve Beattie ] 2021-41091. patch: Lock down docker root dir perms. 2021-41089. patch: chrootarchive: don't create parent dirs
* SECURITY UPDATE: insufficiently restricted directory permissions
- d/p/CVE-
- CVE-2021-41091
* SECURITY UPDATE: permissions modifications outside of install directory
- d/p/CVE-
outside of chroot.
- CVE-2021-41089
docker.io (20.10.7-0ubuntu4) impish; urgency=medium
* d/p/seccomp- add-support- for-clone3- syscall- in-default- policy. patch: Fix
failure with new glibc clone3 syscall adding it to the default seccomp
policy (LP: #1943049).
-- Lucas Kanashiro <email address hidden> Wed, 06 Oct 2021 10:53:57 -0300