Control: tags -1 + confirmed On Tue, 2021-11-23 at 19:27 +0800, Shengjing Zhu wrote: > I'd like to update containerd in bullseye to latest upstream > patch version. Upstream does maintain a stable release branch > 1.4.x with only backporting important bugfix. > > Notably: > 1.4.12~ds1-1~deb11u1 will have: > > + Workaround for "clone3" syscall. So users can run images like > fedora:rawhide, ubuntu:impish, which has enabled clone3 syscall > in glibc. > See also https://bugs.launchpad.net/cloud-images/+bug/1943049 > + Mitigate CVE-2021-41190: Handle ambiguous OCI manifest parsing > + Backport RPi1/RPi0 workaround #998909 >
Please go ahead. Regards, Adam
