[pkg-go] Bug#869242: Bug#869242: CVE-2017-11468

Tianon Gravi tianon at debian.org
Fri Jul 21 22:19:50 UTC 2017


On 21 July 2017 at 15:17, Tianon Gravi <tianon at debian.org> wrote:
> https://github.com/docker/distribution/releases/tag/v2.6.2 is the
> release which fixes this (and it links to
> https://github.com/docker/distribution/commit/29fa466debaabb64f8559116bbffd20a289d523c
> as the specific commit which does so).

The also updated the 2.5 branch in
https://github.com/docker/distribution/releases/tag/v2.5.2, so if we
end up cherry-picking the CVE fixing patch instead of bumping,
https://github.com/docker/distribution/commit/58d239d723efbc2b2935ddc8816b51d355525989
might apply easier (haven't looked at applying either, just noting it
for completeness).

♥,
- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4



More information about the Pkg-go-maintainers mailing list