Your message dated Mon, 15 Apr 2019 07:59:11 +0000
with message-id <[email protected]>
and subject line Bug#922050: fixed in runc 0.1.1+dfsg1-2+deb9u1
has caused the Debian Bug report #922050,
regarding runc: CVE-2019-5736
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
922050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922050
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: runc
Version: 1.0.0~rc6+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerability was published for runc.
CVE-2019-5736[0]:
runc container breakout
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-5736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736
[1]
https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
[2] https://www.openwall.com/lists/oss-security/2019/02/11/2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: runc
Source-Version: 0.1.1+dfsg1-2+deb9u1
We believe that the bug you reported is fixed in the latest version of
runc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Shengjing Zhu <[email protected]> (supplier of updated runc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 19 Mar 2019 00:50:07 +0800
Source: runc
Binary: runc golang-github-opencontainers-runc-dev
Architecture: source
Version: 0.1.1+dfsg1-2+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Go Packaging Team
<[email protected]>
Changed-By: Shengjing Zhu <[email protected]>
Description:
golang-github-opencontainers-runc-dev - Open Container Project - develpoment
files
runc - Open Container Project - runtime
Closes: 922050
Changes:
runc (0.1.1+dfsg1-2+deb9u1) stretch; urgency=medium
.
* Team upload.
* Add patch to address CVE-2019-5736 (Closes: #922050)
Checksums-Sha1:
111197aadeec1841611882ce2534b698d1e8886a 2276 runc_0.1.1+dfsg1-2+deb9u1.dsc
3d83d5e1531af9a1e6b80efa214b9f59059a21c0 11380
runc_0.1.1+dfsg1-2+deb9u1.debian.tar.xz
bcab03775a5aeed93a101f767f80024d7ed19dfc 8274
runc_0.1.1+dfsg1-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
408033402b78140618842f52bb921228946823bfa9a17daf63908ea44a77bc33 2276
runc_0.1.1+dfsg1-2+deb9u1.dsc
07d7e810466b25196a3a0c1bf4d4c7661dc95eb225d251646873440dc70118fe 11380
runc_0.1.1+dfsg1-2+deb9u1.debian.tar.xz
0bb0ca1944b887d37c21b1f8852564ca211510f56635f867e19afe72031cb6a1 8274
runc_0.1.1+dfsg1-2+deb9u1_amd64.buildinfo
Files:
51c59877e0a45a9e1e9a74e7eb50f2a3 2276 devel extra runc_0.1.1+dfsg1-2+deb9u1.dsc
39085bd827deb73cc1f3fef6ded47e65 11380 devel extra
runc_0.1.1+dfsg1-2+deb9u1.debian.tar.xz
00a8a765a6122edffdb953a50a98934b 8274 devel extra
runc_0.1.1+dfsg1-2+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFEBAEBCgAuFiEE85F2DZP0aJKsSKyHONAPABi+PjUFAlyy84YQHHpoc2pAZGVi
aWFuLm9yZwAKCRA40A8AGL4+NQX5B/0btthlL6Ba+uKq+2HG4l/55R1AEaekrl8T
1bAd8eu3hzu3hE5KV+2I7O1krUwVlR5BOt1rDgn3m7F5yEZHKyuYF9JWbKrYS1PK
BcHUgcSEF5kh9jUtW0RY5XN1ipENgrcA6AmiiFRn9w66WQdPyyAERVqOKgcJnHq1
YMFCWx/myTmLtyYv+kHa+YBO0OFk+7zs7UbsaNyji09rj/ioQOmAm7HlDsg5pc8P
cSF5Avab4VmVHQqRAtw5gB5zvhG7XzTJJ4L1lhAvMgZSHV/q8oUcQIZ2L/FqJqti
S1+seF0pg4M9FNB0/xwzKKBHOaeaC5T1NcsBrg5xrdCuqjdMTozT
=QX4f
-----END PGP SIGNATURE-----
--- End Message ---
