Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: contain...@packages.debian.org, publicsuf...@packages.debian.org, z...@debian.org Control: affects -1 + src:containerd src:golang-golang-x-net src:publicsuffix
Please age package containerd [ Reason ] * New upstream version 1.6.18~ds1 + CVE-2023-25153: OCI image importer memory exhaustion + CVE-2023-25173: Supplementary groups are not set up properly * Install cni-bridge-fp to /usr/lib/cni in autopkgtest [ Impact ] Delay of security fix. [ Tests ] This package has integration tests in autopkgtest. Though there are known failures cri-integration (one of the integrations). But it's not regression. 1.6.17~ds1-1 has 5 failed test cases. I've fixed the tests scripts in 1.6.18~ds1-1, and it has only 1 failed test case now. [ Risks ] [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [ ] attach debdiff against the package in testing [ Other info ] To age containerd, the following packages need age as well. + golang-golang-x-net/1:0.7.0+dfsg-1 * New upstream version 0.7.0 + CVE-2022-41723: http2/hpack: avoid quadratic complexity in hpack decoding + publicsuffix/20230209.2326-1 * new upstream version