[Secure-testing-commits] r48574 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jan 30 20:38:46 UTC 2017
Author: carnil
Date: 2017-01-30 20:38:46 +0000 (Mon, 30 Jan 2017)
New Revision: 48574
Modified:
data/CVE/list
Log:
Update as well the doker.io entry, but needs double check
Note for reviewers: This seem correct and was confirmed by Tianon Gravi
<tianon at debian.org> to not affect runc (and thus docker.io as well). But
I'm not too familiar with runc to determine in full if the analysis and
thus this update is correct.
If there is any doubt, please revert this and the previous commit.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-30 20:32:45 UTC (rev 48573)
+++ data/CVE/list 2017-01-30 20:38:46 UTC (rev 48574)
@@ -15772,7 +15772,7 @@
CVE-2016-8868
RESERVED
CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with misconfigured ...)
- - docker.io <unfixed>
+ - docker.io <not-affected> (Not built from/with a runc with "ambient capabilities")
- runc <not-affected> ("ambient capabilities" introduced later, cf bug #853240)
NOTE: https://github.com/docker/docker/issues/27590
NOTE: docker: https://github.com/docker/docker/pull/27610/commits/d60a3418d0268745dff38947bc8c929fbd24f837 (1.12.3)
@@ -15780,6 +15780,8 @@
NOTE: docker.io not directly affected but will need to be updated to include new runc version
NOTE: runc: "ambient capabilities" functionality added upstream with https://github.com/opencontainers/runc/pull/1086
NOTE: and later changes.
+ NOTE: The acctual fix seem to be to revert the commit witch introduced ambient capabilities
+ NOTE: in runc.
CVE-2016-8865
RESERVED
CVE-2016-8864 (named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and ...)
More information about the Secure-testing-commits
mailing list