Your message dated Fri, 05 Feb 2021 05:48:55 +0000 with message-id <e1l7tzd-000coo...@fasolo.debian.org> and subject line Bug#981889: fixed in nomad 0.12.10+dfsg1-1 has caused the Debian Bug report #981889, regarding nomad: CVE-2021-3283 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 981889: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981889 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nomad Version: 0.12.9+dfsg1-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for nomad. CVE-2021-3283[0]: | HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task | drivers can access processes associated with other tasks on the same | node. Fixed in 0.12.10, and 1.0.3. Some details are in [1] and said to be fixed in 0.12.10 for nomad. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3283 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3283 [1] https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nomad Source-Version: 0.12.10+dfsg1-1 Done: Dmitry Smirnov <only...@debian.org> We believe that the bug you reported is fixed in the latest version of nomad, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 981...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Smirnov <only...@debian.org> (supplier of updated nomad package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 05 Feb 2021 16:14:14 +1100 Source: nomad Architecture: source Version: 0.12.10+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Dmitry Smirnov <only...@debian.org> Changed-By: Dmitry Smirnov <only...@debian.org> Closes: 981889 Changes: nomad (0.12.10+dfsg1-1) unstable; urgency=medium . * New upstream release. + CVE-2021-3283: exec-based drivers to run tasks in private PID/IPC namespaces (Closes: #981889). Checksums-Sha1: 7aa24488f91e36811ccd787092e771b593bff335 7712 nomad_0.12.10+dfsg1-1.dsc dcbf39a7f15c68a3d74b26170f385ee22f68d9f9 25456156 nomad_0.12.10+dfsg1.orig.tar.xz d09244f0bcbbeade921b517b9f54cc0fde790149 25328 nomad_0.12.10+dfsg1-1.debian.tar.xz 356cf1c7586ea1b0fdb28792c87c1bea48677330 23781 nomad_0.12.10+dfsg1-1_amd64.buildinfo Checksums-Sha256: 0698d8833277fcde5cfa635cd7b1465d496607d26a755b75f6929ab4ad6cbc05 7712 nomad_0.12.10+dfsg1-1.dsc 9805476e6d8296f507a51cf9d0f6dc761811838f95ea2e792a14ac1be28cf4a1 25456156 nomad_0.12.10+dfsg1.orig.tar.xz ae485acf6ca79d8c80a24da4ee0d049cab3067eb48bf5dc2fbc77d89ffb6b584 25328 nomad_0.12.10+dfsg1-1.debian.tar.xz 43393a5962b1b69c907b223c3fa9ca383994fb75e7707910d167eca68f55aeae 23781 nomad_0.12.10+dfsg1-1_amd64.buildinfo Files: c2f13b60e5d2355647d01bab632989a7 7712 admin optional nomad_0.12.10+dfsg1-1.dsc 77a0cc8d8b27908f24d716cf0225cca0 25456156 admin optional nomad_0.12.10+dfsg1.orig.tar.xz fc356a3b7a10252c4624cbd564688b69 25328 admin optional nomad_0.12.10+dfsg1-1.debian.tar.xz a6d573d95f370b074eca178187db629a 23781 admin optional nomad_0.12.10+dfsg1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEULx8+TnSDCcqawZWUra72VOWjRsFAmAc2cQACgkQUra72VOW jRtgfhAAwAFvwfS/0/2kkk6cS93MoiV4veAxK/AbFtdwulBFhEVR9fbi/Q/53wiP t9LzmK2RPCLDsIgBo8hfaGp0MQ7mUcB1kqwxRlYujYVfeptV06ZRwMxNHozP6L98 NBrqP5W4YpwPvlU4U4yC1Aefng71qoJE83yEM8FZhwvHH/CIrkl+ZlUHIlQbatv1 b1yOQ9khw0HWaYfIHErEbtBluXn/saj8BEKej1XC6M1RctfVDbtCGq4/LieDZGQX 15QOlbqtNd56trI7hwQkLrTxouiPtd8nmVX8ovJLYQxJmE6oo16M5JE5NSwYLFig afKZG9zRiPifk2ZNXNCWFhiSU8apABZqxCxMrKm98jIsTqPnuAYUbkDIQdo5sPaZ W7BmJvFgQOy8lSTp150oYKLxQ+NgJoWn9jhVRdBE5wPehh4k2SjlOWfORXbw4P5M udjms10gLYqQYZBjZpmmQlw9zd2+Tvb2h/4NIlPUrJ92/twEk49qQTtsFiBwwURM kjY2FO8BSNAKde8Njmr8fKeLB/xBWbsYZNZ1eL9iTchrt/nmD/JeXoVNJP3/pVml r+RwgAvW0ir6HsqULLjgkPNzdeTS0Ww2KHpCPRPFPUKnwO2Y2fLbJNFEDBVm8HGJ OdVeNyqORyaHXWuRIkRwxl9Z34qcKqswH2+wda8TBJLjQ4pq/EU= =OR3A -----END PGP SIGNATURE-----
--- End Message ---
