Source: docker.io Version: 20.10.8+dfsg1-2 Severity: normal Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for docker.io. CVE-2021-41092[0]: | Docker CLI is the command line interface for the docker container | runtime. A bug was found in the Docker CLI where running `docker login | my-private-registry.example.com` with a misconfigured configuration | file (typically `~/.docker/config.json`) listing a `credsStore` or | `credHelpers` that could not be executed would result in any provided | credentials being sent to `registry-1.docker.io` rather than the | intended private registry. This bug has been fixed in Docker CLI | 20.10.9. Users should update to this version as soon as possible. For | users unable to update ensure that any configured credsStore or | credHelpers entries in the configuration file reference an installed | credential helper that is executable and on the PATH. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-41092 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092 [1] https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v [2] https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b Please adjust the affected versions in the BTS as needed. Regards, Salvatore
