[pkg-go] Bug#869242: Bug#869242: CVE-2017-11468
Tianon Gravi
tianon at debian.org
Fri Jul 21 22:17:30 UTC 2017
On 21 July 2017 at 14:35, Moritz Muehlenhoff <jmm at debian.org> wrote:
> Please see
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11468
Thanks for the report! I've started looking into the fix, and will
include my notes here:
https://github.com/docker/distribution/releases/tag/v2.6.2 is the
release which fixes this (and it links to
https://github.com/docker/distribution/commit/29fa466debaabb64f8559116bbffd20a289d523c
as the specific commit which does so).
A plain "dch -v 2.6.2~ds1-1" is _not_ sufficient to get a working
build (needs some dependency updates, I think, since we're currently
on v2.6.0-rc.1 + a few commits and upstream has obviously made some
changes since then).
Given that the package is only in unstable, I'll likely commit my WIP
bump to 2.6.2 to Git once I'm done looking around at how much it's
going to take to update (whether it's building successfully or not).
♥,
- Tianon
4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4
More information about the Pkg-go-maintainers
mailing list