Your message dated Sat, 09 Mar 2019 15:21:53 +0000
with message-id <[email protected]>
and subject line Bug#923932: fixed in lxc 1:3.1.0+really3.0.3-6
has caused the Debian Bug report #923932,
regarding lxc: Patch for CVE-2019-5736 breaks program using liblxc
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
923932: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923932
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: lxc
Version: 1:3.1.0+really3.0.3-4
Severity: important
Dear Maintainer,
1:3.1.0+really3.0.3-4 backports an incomplete patch for CVE-2019-5736.
It causes liblxc unconditionally to rexecute.
For example, any program linking against liblxc, will have a wrong
/proc/self/exe -> "/memfd:liblxc (deleted)"
For more detail:
https://github.com/lxc/lxc/pull/2846
And https://github.com/anbox/anbox/issues/1057#issuecomment-470491485
This was first reported at anbox #923403, and I upload a quick
workaround for anbox before the freeze. Now the lxc author comments
on anbox issue, saying it's lxc bad, and fixed in lxc upstream.
--
Shengjing Zhu
--- End Message ---
--- Begin Message ---
Source: lxc
Source-Version: 1:3.1.0+really3.0.3-6
We believe that the bug you reported is fixed in the latest version of
lxc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre-Elliott Bécue <[email protected]> (supplier of updated lxc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 09 Mar 2019 15:49:21 +0100
Source: lxc
Architecture: source
Version: 1:3.1.0+really3.0.3-6
Distribution: unstable
Urgency: medium
Maintainer: pkg-lxc <[email protected]>
Changed-By: Pierre-Elliott Bécue <[email protected]>
Closes: 923932
Changes:
lxc (1:3.1.0+really3.0.3-6) unstable; urgency=medium
.
* d/patches/0005: Tweaks the 0004 patch for CVE-2019-5736 (Closes: #923932)
* d/NEWS: summary of the important changes since LXC2.
Checksums-Sha1:
b06a6654f1ca56d3c9d4459db672447f331cf658 2886 lxc_3.1.0+really3.0.3-6.dsc
303851f1a65ea5d676ee958ffdf62c889625db7c 58316
lxc_3.1.0+really3.0.3-6.debian.tar.xz
1c14f38e957e4111ade100850ac25b8dcfd06bc5 11880
lxc_3.1.0+really3.0.3-6_amd64.buildinfo
Checksums-Sha256:
2dc4de1e5ef5c82688413c95ae2e0fc84a4cbdcc17da8e89d86ca355e55b6308 2886
lxc_3.1.0+really3.0.3-6.dsc
db31beb76f6ce7d4a549ab494689ebd8597854874f1b4d2d8b918515d237ac0b 58316
lxc_3.1.0+really3.0.3-6.debian.tar.xz
54f3d0cf1c054aaf2c4f790fef174c48701b117881efd55ecd2d777e90d45803 11880
lxc_3.1.0+really3.0.3-6_amd64.buildinfo
Files:
b8ec7e29ba918cb8ea9036e89be92136 2886 admin optional
lxc_3.1.0+really3.0.3-6.dsc
cf6b88fab9593d8d965d2013fee3e982 58316 admin optional
lxc_3.1.0+really3.0.3-6.debian.tar.xz
b2a43fa364d10667a2c0cfc03f901152 11880 admin optional
lxc_3.1.0+really3.0.3-6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEESYqTBWsFJgT6y8ijKb+g0HkpCsoFAlyD0y8ACgkQKb+g0Hkp
CsqwyA//W7LMF34v3oH3usO5kdAqPbh97b6MjQAOs141pKkQZNn39mnnoPisQykJ
AcBD0Yal9HGxamzNRl7yGv/NMAukqky3KhqSOv0993I8HXJZCcrGHTPDGoMir+nu
YzmCKp1wEyC3DEA2tsR9DIudwt9bo0E01uf6fFmK58/EW5bi8h3eS2tIgp4JabWo
z6F0pRyQmvgE8CFuj8TNIVawaaD7fy/qYDk94NYGWfs26lfifGJc0kwjl8CyASni
ffduRTCtgnUDBSQ31s7a4IrOKhBRVgc0XbEIVMIZ24KNVnd8c3Uy9KVDCE7IwpmJ
ZY7wqxHBpnwCIYtgPAbMiX/qkjSrIzDBUuLDdVVYsdF5rQYhpH5ko+Xln5xOgkFn
/MBA2jiT0UP/Nnmzc+n4z9asfqheWDeTRz+SanX+W4PgJUX5cVJe4YXPjHTSRFDp
/atN8YslhVERQTKHxzZwmxiq/4/4psbOGLbtPYDE34cKnvGstgfOX9TKCKCYVPr9
4lMJRee0Mu+DIg9a04140WHMWipL5S21B4bag1qy9ZnEuQtQ+NtdUJwcFxjY6Xg9
Rag0Xw6umhbY976laoZIDRTvZ5tZ3QWXoV++oBi6DRYEeENDu1Jxq0oBKnIzbdka
y58cN2hPH1pwcBogEI7UXRKVcN0RcHEjkBBxmGFqzlB60dZtdPU=
=eAfR
-----END PGP SIGNATURE-----
--- End Message ---