Your message dated Wed, 08 Jul 2020 21:02:13 +0000
with message-id <[email protected]>
and subject line Bug#962141: fixed in docker.io 18.09.1+dfsg1-7.1+deb10u2
has caused the Debian Bug report #962141,
regarding docker.io: CVE-2020-13401
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
962141: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: docker.io
Version: 19.03.7+dfsg1-3
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for docker.io.
CVE-2020-13401[0]:
| An issue was discovered in Docker Engine before 19.03.11. An attacker
| in a container, with the CAP_NET_RAW capability, can craft IPv6 router
| advertisements, and consequently spoof external IPv6 hosts, obtain
| sensitive information, or cause a denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-13401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1833233
[2]
https://github.com/moby/libnetwork/commit/153d0769a1181bf591a9637fd487a541ec7db1e6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: docker.io
Source-Version: 18.09.1+dfsg1-7.1+deb10u2
Done: Felix Geyer <[email protected]>
We believe that the bug you reported is fixed in the latest version of
docker.io, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Felix Geyer <[email protected]> (supplier of updated docker.io package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 14 Jun 2020 22:12:29 +0200
Source: docker.io
Architecture: source
Version: 18.09.1+dfsg1-7.1+deb10u2
Distribution: buster-security
Urgency: medium
Maintainer: Dmitry Smirnov <[email protected]>
Changed-By: Felix Geyer <[email protected]>
Closes: 962141
Changes:
docker.io (18.09.1+dfsg1-7.1+deb10u2) buster-security; urgency=medium
.
* Add upstream patch for CVE-2020-13401 (Closes: #962141)
Checksums-Sha1:
95d876fc90e45bf25bea6c9c3ffc95d0f218a172 8971
docker.io_18.09.1+dfsg1-7.1+deb10u2.dsc
8f693f1c32512c76952c0a4844bd825e7ac80445 51672
docker.io_18.09.1+dfsg1-7.1+deb10u2.debian.tar.xz
Checksums-Sha256:
09243463ccb3bc8d2bbf61f7ee9dd5a4c4c5fe422ed8afe4600feeac5312f141 8971
docker.io_18.09.1+dfsg1-7.1+deb10u2.dsc
105740b89b9f1d8d3eb50540ef99316b2bbce6343b9cdc388b8ba8006dcfbe56 51672
docker.io_18.09.1+dfsg1-7.1+deb10u2.debian.tar.xz
Files:
a35fc85634e2190ac53069a108d35ba4 8971 admin optional
docker.io_18.09.1+dfsg1-7.1+deb10u2.dsc
d8383b6bc750bd18998fde9234622ec4 51672 admin optional
docker.io_18.09.1+dfsg1-7.1+deb10u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAl7qhVMACgkQ/iLG/YMT
XUXK9g//VV8FaOEb/Udl/sH80iLchgmMySy0oETlxTcwTo2KePoTr8O7PqrJFTBp
rWdbRK/WLeZfkLJfLr3nmcY6njB8RDnRoRXEZdv0dy6UMGMhgv7+LvLMm2L01MhE
y2iNcvjUZ6YpUUMq870C9zJHRV+WteR9Y+VLAzG4Y3HNZU5v7swNJcya8t/INb2m
ERbYNHI1DnVdF+niBHmxaKhb87wJu+pJ/nCMk3b+Nk1cF8BjOywn2/HRjhv2pIqG
s7SWB3OqCSJreQqkvo1QxPzFg6Ua7C1blDW0dpOKSUSJQ/2KVe7h0GHneCwSPtlX
jHVE63NF6szR6gcYMb4R7RPQ6O2L3hVB2ZkjcmrhGXPhTkjRslE2znfZ3HUBZtCV
WpjEJWBhf4AexXvPmyjub7v2VCH7MoGoruioEysGKEYF6vhFHdQyqdh4AC2rZiI2
PW7cNBiNCnY1LEGnilMP1VBDxHaDbV9HQd25p/RE5axuVAY6IOGJXGw1VzwP06au
H/BsV8s2WdX/RnEGgR8i3hRUDVqimholAa5GfCFq9XRD/kTYrB5SSCGM52cjITHT
8nRibRijGli1bUPBJszye6/+f0hAiGY6ILR140m75Bo4cIUuaLT8B8VSiKrwVXdK
lwl4IEpVDB6E6Y4LxQu8LP9rqapoAGmRQKxi0nzuNSyYcHQg9A4=
=KLYj
-----END PGP SIGNATURE-----
--- End Message ---
