[Secure-testing-commits] r48573 - data/CVE

Salvatore Bonaccorso Mon, 30 Jan 2017 12:33:12 -0800

Author: carnil
Date: 2017-01-30 20:32:45 +0000 (Mon, 30 Jan 2017)
New Revision: 48573


Modified:
   data/CVE/list
Log:
Update information for CVE-2016-8867 according to Tianon Gravi 
<tia...@debian.org>

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-01-30 20:27:58 UTC (rev 48572)
+++ data/CVE/list       2017-01-30 20:32:45 UTC (rev 48573)
@@ -15773,11 +15773,13 @@
        RESERVED
 CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with 
misconfigured ...)
        - docker.io <unfixed>
-       - runc <unfixed> (bug #853240)
+       - runc <not-affected> ("ambient capabilities" introduced later, cf bug 
#853240)
        NOTE: https://github.com/docker/docker/issues/27590
        NOTE: docker: 
https://github.com/docker/docker/pull/27610/commits/d60a3418d0268745dff38947bc8c929fbd24f837
 (1.12.3)
        NOTE: runc: 
https://github.com/opencontainers/runc/commit/a83f5bac28554fa0fd49bc1559a3c79f5907348f
        NOTE: docker.io not directly affected but will need to be updated to 
include new runc version
+       NOTE: runc: "ambient capabilities" functionality added upstream with 
https://github.com/opencontainers/runc/pull/1086
+       NOTE: and later changes.
 CVE-2016-8865
        RESERVED
 CVE-2016-8864 (named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, 
and ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48573 - data/CVE

Reply via email to