[Secure-testing-commits] r48573 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jan 30 20:32:46 UTC 2017
Author: carnil
Date: 2017-01-30 20:32:45 +0000 (Mon, 30 Jan 2017)
New Revision: 48573
Modified:
data/CVE/list
Log:
Update information for CVE-2016-8867 according to Tianon Gravi <tianon at debian.org>
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-30 20:27:58 UTC (rev 48572)
+++ data/CVE/list 2017-01-30 20:32:45 UTC (rev 48573)
@@ -15773,11 +15773,13 @@
RESERVED
CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with misconfigured ...)
- docker.io <unfixed>
- - runc <unfixed> (bug #853240)
+ - runc <not-affected> ("ambient capabilities" introduced later, cf bug #853240)
NOTE: https://github.com/docker/docker/issues/27590
NOTE: docker: https://github.com/docker/docker/pull/27610/commits/d60a3418d0268745dff38947bc8c929fbd24f837 (1.12.3)
NOTE: runc: https://github.com/opencontainers/runc/commit/a83f5bac28554fa0fd49bc1559a3c79f5907348f
NOTE: docker.io not directly affected but will need to be updated to include new runc version
+ NOTE: runc: "ambient capabilities" functionality added upstream with https://github.com/opencontainers/runc/pull/1086
+ NOTE: and later changes.
CVE-2016-8865
RESERVED
CVE-2016-8864 (named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and ...)
More information about the Secure-testing-commits
mailing list