<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d56d88cc5c785d969a508f0628331a10384de55d">d56d88cc</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2021-11-20T10:20:37+01:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update notes on CVE-2021-41190

This is bit cumbersome to track. My understanding is that the CVE is

specifically for the specification issue. Several container projects

have mitigated the issue by releasing updates. Such as the mentioned

containerd and golang-github-opencontainers-image-spec.

As such keep it for now as NFU, tough making a note on the mitigations

in software.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d56d88cc5c785d969a508f0628331a10384de55d#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d56d88cc5c785d969a508f0628331a10384de55d">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d56d88cc5c785d969a508f0628331a10384de55d"}}</script>

</p>

</div>

</body>

</html>