Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package runc for openSUSE:Factory checked in at 2025-11-05 16:17:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/runc (Old) and /work/SRC/openSUSE:Factory/.runc.new.1980 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "runc" Wed Nov 5 16:17:41 2025 rev:76 rq:1315710 version:1.3.3 Changes: -------- --- /work/SRC/openSUSE:Factory/runc/runc.changes 2025-10-16 17:38:49.552606461 +0200 +++ /work/SRC/openSUSE:Factory/.runc.new.1980/runc.changes 2025-11-05 16:19:28.873044821 +0100 @@ -1,0 +2,37 @@ +Wed Nov 5 10:05:32 UTC 2025 - Aleksa Sarai <[email protected]> + +- Update to runc v1.3.3. Upstream changelog is available from + <https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232 + * CVE-2025-31133 + * CVE-2025-52565 + * CVE-2025-52881 +- Remove upstreamed patches for bsc#1252232: + - 2025-11-05-CVEs.patch + +------------------------------------------------------------------- +Mon Nov 3 10:25:08 UTC 2025 - Aleksa Sarai <[email protected]> + +[ This update was only released for SLE 12 and 15. ] + +- Update to runc v1.2.8. Upstream changelog is available from + <https://github.com/opencontainers/runc/releases/tag/v1.2.8>. bsc#1252232 + * CVE-2025-31133 + * CVE-2025-52565 + * CVE-2025-52881 +- Remove upstreamed patches for bsc#1252232: + - 2025-11-05-CVEs.patch + +------------------------------------------------------------------- +Thu Oct 16 02:16:12 UTC 2025 - Aleksa Sarai <[email protected]> + +[ This update was only released for SLE 12 and 15. ] + +- Backport patches for three CVEs. All three vulnerabilities ultimately allow + (through different methods) for full container breakouts by bypassing runc's + restrictions for writing to arbitrary /proc files. bsc#1252232 + * CVE-2025-31133 + * CVE-2025-52565 + * CVE-2025-52881 + + 2025-11-05-CVEs.patch + +------------------------------------------------------------------- Old: ---- runc-1.3.2.tar.xz runc-1.3.2.tar.xz.asc New: ---- runc-1.3.3.tar.xz runc-1.3.3.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ runc.spec ++++++ --- /var/tmp/diff_new_pack.MLUs4s/_old 2025-11-05 16:19:29.809084247 +0100 +++ /var/tmp/diff_new_pack.MLUs4s/_new 2025-11-05 16:19:29.809084247 +0100 @@ -18,13 +18,13 @@ # MANUAL: Make sure you update this each time you update runc. -%define git_version aeabe4e711d903ef0ea86a4155da0f9e00eabd29 -%define git_short aeabe4e711d9 +%define git_version d842d7719497cc3b774fd71620278ac9e17710e0 +%define git_short d842d7719497 %define project github.com/opencontainers/runc Name: runc -Version: 1.3.2 +Version: 1.3.3 %define upstream_version %{version} Release: 0 Summary: Tool for spawning and running OCI containers ++++++ runc-1.3.2.tar.xz -> runc-1.3.3.tar.xz ++++++ ++++ 14628 lines of diff (skipped)
