Bug#942027: marked as done (golang-github-opencontainers-selinux-dev: CVE-2019-16884)

[Debian Bug Tracking System]

Your message dated Wed, 09 Oct 2019 18:20:04 +0000
with message-id <e1iigza-000d46...@fasolo.debian.org>
and subject line Bug#942027: fixed in golang-github-opencontainers-selinux 
1.3.0-2
has caused the Debian Bug report #942027,
regarding golang-github-opencontainers-selinux-dev: CVE-2019-16884
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
942027: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942027
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: runc
Severity: grave
Tags: security upstream
Justification: user security hole
Control: affects -1 docker.io
Control: clone -1 -2
Control: retitle -2 golang-github-opencontainers-selinux-dev: CVE-2019-16884

https://github.com/opencontainers/runc/issues/2128
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other
products, allows AppArmor restriction bypass because
libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus
a malicious Docker image can mount over a /proc directory.

This looks should be fixed by following commits

https://github.com/opencontainers/runc/commit/d463f6485b809b5ea738f84e05ff5b456058a184
https://github.com/opencontainers/runc/commit/331692baa7afdf6c186f8667cb0e6362ea0802b3

https://github.com/opencontainers/selinux/commit/03b517dc4fd57245b1cf506e8ba7b817b6d309da

So we need first fix golang-github-opencontainers-selinux-dev, then
runc. Finnally rebuild all reverse build depends(Mostly docker.io)

--- End Message ---

--- Begin Message ---

Source: golang-github-opencontainers-selinux
Source-Version: 1.3.0-2

We believe that the bug you reported is fixed in the latest version of
golang-github-opencontainers-selinux, which is due to be installed in the 
Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 942...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Shengjing Zhu <z...@debian.org> (supplier of updated 
golang-github-opencontainers-selinux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 10 Oct 2019 02:01:26 +0800
Source: golang-github-opencontainers-selinux
Architecture: source
Version: 1.3.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Shengjing Zhu <z...@debian.org>
Closes: 942027
Changes:
 golang-github-opencontainers-selinux (1.3.0-2) unstable; urgency=medium
 .
   * Team upload.
   * Backport upstream commit for CVE-2019-16884 (Closes: #942027).
   * Remove unused lintian override.
Checksums-Sha1:
 356d7ac9e25ce2c51eedd5ce6620a57bbc56d545 2005 
golang-github-opencontainers-selinux_1.3.0-2.dsc
 4a7c4ffef673c223556cf149450a24c87c1e69d2 3652 
golang-github-opencontainers-selinux_1.3.0-2.debian.tar.xz
 95d0d891ff115429727d14306edfcc36722aef4f 5450 
golang-github-opencontainers-selinux_1.3.0-2_amd64.buildinfo
Checksums-Sha256:
 f815a8b69688654eabb86d7471ef66f2b6163e488e44b42bb3f1e93966e328fd 2005 
golang-github-opencontainers-selinux_1.3.0-2.dsc
 2187b91a698a3dd042809b5893bf6c4a1019767677b26dfba8d17039915d1cc7 3652 
golang-github-opencontainers-selinux_1.3.0-2.debian.tar.xz
 28993c296c69abd061888611f104028479cb87a6dc047b036cbe5fde2a39fbfb 5450 
golang-github-opencontainers-selinux_1.3.0-2_amd64.buildinfo
Files:
 01304e7476b83b1ab984c0458179b28e 2005 devel optional 
golang-github-opencontainers-selinux_1.3.0-2.dsc
 4085eec638f62e22cebac6b1252f28ef 3652 devel optional 
golang-github-opencontainers-selinux_1.3.0-2.debian.tar.xz
 cf396d667a28a7724ded4b953e1be429 5450 devel optional 
golang-github-opencontainers-selinux_1.3.0-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFEBAEBCgAuFiEE85F2DZP0aJKsSKyHONAPABi+PjUFAl2eIggQHHpoc2pAZGVi
aWFuLm9yZwAKCRA40A8AGL4+NR2XB/92PqU8Od/Xn8e5gy5KGrUrpw4ob1VgqYcG
m/vUdxrFnTOhUiuYjWcf+NAYHv1k/koPyJ4zxArQA/Kruwa+hqCTRmFs9L0jqHro
zg84rrc8JS0WeHq2J9MezpnX+2ITkhroBSL9pWQUPwhjWqJAf4UBYb1Iv+qLwqhV
Ty+LfqCcew3QaPAmRRQqwg57u8BpRYrK8xajXJy6C4p+VjFxDfqGyY/pIiuv3A7y
dvtWTjFL6n/n/OXQ5JTmYX820y4mRjWGB2WDAdtrEC0kCunJhhmchEQYsLzZWE75
gMd8i6nYPz2rVghaPCZRQD08yWn4WHqCnlnQzufcxG/zzSf8nn7+
=ITgo
-----END PGP SIGNATURE-----

--- End Message ---