Package: lxc Version: 1:3.1.0+really3.0.3-4 Severity: important Dear Maintainer,
1:3.1.0+really3.0.3-4 backports an incomplete patch for CVE-2019-5736. It causes liblxc unconditionally to rexecute. For example, any program linking against liblxc, will have a wrong /proc/self/exe -> "/memfd:liblxc (deleted)" For more detail: https://github.com/lxc/lxc/pull/2846 And https://github.com/anbox/anbox/issues/1057#issuecomment-470491485 This was first reported at anbox #923403, and I upload a quick workaround for anbox before the freeze. Now the lxc author comments on anbox issue, saying it's lxc bad, and fixed in lxc upstream. -- Shengjing Zhu
