Bug#800471: lxc: CVE-2015-1335

Control: severity -1 serious Hi Antonio Rationale for the RC severity bump (please let me know if you disagree though): Since the fix is in the Jessie release now, the fix should as well be included for stretch. Salvatore

Bug#800471: lxc: CVE-2015-1335

On Sat, Nov 14, 2015 at 02:07:13PM +0100, Salvatore Bonaccorso wrote: > Hey Antonio, > > On Sat, Nov 14, 2015 at 10:18:20AM -0200, Antonio Terceiro wrote: > > On Sat, Nov 14, 2015 at 09:51:23AM -0200, Antonio Terceiro wrote: > > > On Fri, Nov 13, 2015 at 06:12:26PM +0100, Salvatore Bonaccorso

Bug#800471: lxc: CVE-2015-1335

On Sat, Nov 14, 2015 at 09:51:23AM -0200, Antonio Terceiro wrote: > On Fri, Nov 13, 2015 at 06:12:26PM +0100, Salvatore Bonaccorso wrote: > > Hi Antonio, > > > > On Fri, Nov 13, 2015 at 01:48:29PM +0100, Florian Weimer wrote: > > > * Antonio Terceiro: > > > > > > > On Tue, Sep 29, 2015 at

Bug#800471: lxc: CVE-2015-1335

On Fri, Nov 13, 2015 at 06:12:26PM +0100, Salvatore Bonaccorso wrote: > Hi Antonio, > > On Fri, Nov 13, 2015 at 01:48:29PM +0100, Florian Weimer wrote: > > * Antonio Terceiro: > > > > > On Tue, Sep 29, 2015 at 10:33:27PM +0200, Salvatore Bonaccorso wrote: > > >> Source: lxc > > >> Version:

Bug#800471: lxc: CVE-2015-1335

Hey Antonio, On Sat, Nov 14, 2015 at 10:18:20AM -0200, Antonio Terceiro wrote: > On Sat, Nov 14, 2015 at 09:51:23AM -0200, Antonio Terceiro wrote: > > On Fri, Nov 13, 2015 at 06:12:26PM +0100, Salvatore Bonaccorso wrote: > > > Hi Antonio, > > > > > > On Fri, Nov 13, 2015 at 01:48:29PM +0100,

Bug#800471: lxc: CVE-2015-1335

On Sat, Nov 14, 2015 at 10:18:20AM -0200, Antonio Terceiro wrote: > On Sat, Nov 14, 2015 at 09:51:23AM -0200, Antonio Terceiro wrote: > > On Fri, Nov 13, 2015 at 06:12:26PM +0100, Salvatore Bonaccorso wrote: > > > Hi Antonio, > > > > > > On Fri, Nov 13, 2015 at 01:48:29PM +0100, Florian Weimer

Bug#800471: lxc: CVE-2015-1335

Hi Antonio, On Fri, Nov 13, 2015 at 01:48:29PM +0100, Florian Weimer wrote: > * Antonio Terceiro: > > > On Tue, Sep 29, 2015 at 10:33:27PM +0200, Salvatore Bonaccorso wrote: > >> Source: lxc > >> Version: 1:1.0.7-10 > >> Severity: important > >> Tags: security upstream patch fixed-upstream > > >

Bug#800471: lxc: CVE-2015-1335

On Tue, Sep 29, 2015 at 10:33:27PM +0200, Salvatore Bonaccorso wrote: > Source: lxc > Version: 1:1.0.7-10 > Severity: important > Tags: security upstream patch fixed-upstream I intend to upload the attached diff to jessie-security. I am uploading the same fix for unstable shortly. -- Antonio

Bug#800471: lxc: CVE-2015-1335

* Antonio Terceiro: > On Tue, Sep 29, 2015 at 10:33:27PM +0200, Salvatore Bonaccorso wrote: >> Source: lxc >> Version: 1:1.0.7-10 >> Severity: important >> Tags: security upstream patch fixed-upstream > > I intend to upload the attached diff to jessie-security. I am uploading > the same fix for

Bug#800471: lxc: CVE-2015-1335

Hi Daniel, On Thu, Oct 01, 2015 at 09:48:38AM +0200, Salvatore Bonaccorso wrote: > Hi Daniel, > > On Thu, Oct 01, 2015 at 09:35:19AM +0200, Daniel Baumann wrote: > > On 10/01/2015 08:51 AM, Salvatore Bonaccorso wrote: > > > FTR, Ubuntu issued a follow-up update USN-2753-2, fixed a regression > >

Bug#800471: lxc: CVE-2015-1335

Hi Daniel, On Thu, Oct 01, 2015 at 09:35:19AM +0200, Daniel Baumann wrote: > On 10/01/2015 08:51 AM, Salvatore Bonaccorso wrote: > > FTR, Ubuntu issued a follow-up update USN-2753-2, fixed a regression > > introduced by the original commit. > > i'm aware of that, which is why i've waited a bit

Bug#800471: lxc: CVE-2015-1335

Hi, FTR, Ubuntu issued a follow-up update USN-2753-2, fixed a regression introduced by the original commit. [1] http://www.ubuntu.com/usn/usn-2753-2/ Regards, Salvatore

Bug#800471: lxc: CVE-2015-1335

Source: lxc Version: 1:1.0.7-10 Severity: important Tags: security upstream patch fixed-upstream Hi Daniel, LXC upstream announced CVE-2015-1335 today [1] and patch for 1.0 branch at [2]. [1] https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html [2]