Your message dated Tue, 12 Feb 2019 16:05:27 +0000 with message-id <e1gtayp-000iq7...@fasolo.debian.org> and subject line Bug#922050: fixed in runc 1.0.0~rc6+dfsg1-2 has caused the Debian Bug report #922050, regarding runc: CVE-2019-5736 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 922050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922050 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: runc Version: 1.0.0~rc6+dfsg1-1 Severity: grave Tags: security upstream Justification: user security hole Hi, The following vulnerability was published for runc. CVE-2019-5736[0]: runc container breakout If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-5736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 [1] https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b [2] https://www.openwall.com/lists/oss-security/2019/02/11/2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: runc Source-Version: 1.0.0~rc6+dfsg1-2 We believe that the bug you reported is fixed in the latest version of runc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 922...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Shengjing Zhu <z...@debian.org> (supplier of updated runc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 12 Feb 2019 23:45:09 +0800 Source: runc Architecture: source Version: 1.0.0~rc6+dfsg1-2 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team <pkg-go-maintain...@lists.alioth.debian.org> Changed-By: Shengjing Zhu <z...@debian.org> Closes: 922050 Changes: runc (1.0.0~rc6+dfsg1-2) unstable; urgency=medium . * Team upload. * Apply upstream patch addressing CVE-2019-5736 (Closes: #922050) Thanks Noah Meyerhans! Checksums-Sha1: d12bd0a0de956ae1a7ab96c0a1ee9aafd44af09c 2460 runc_1.0.0~rc6+dfsg1-2.dsc b5f68ea4e338f71e7a8f0e05982ec0e3cb5944e8 10308 runc_1.0.0~rc6+dfsg1-2.debian.tar.xz 126bfdb3620363d1c325ad2417c1a6cacd3195df 7886 runc_1.0.0~rc6+dfsg1-2_amd64.buildinfo Checksums-Sha256: 8607734e77432594f427e10bfcc082fd782e38d5afafab4f9d0f9f415a272082 2460 runc_1.0.0~rc6+dfsg1-2.dsc da194164edb66bd865f0472e9b4588c8214ef12371307c1452d0ecf3a6becb00 10308 runc_1.0.0~rc6+dfsg1-2.debian.tar.xz 3b69ecf4a26882639f480e92286146966a27ce19e715fdfc8b5577b26bd668d2 7886 runc_1.0.0~rc6+dfsg1-2_amd64.buildinfo Files: b8de374a7e03ba461239f9d0f79889a1 2460 devel optional runc_1.0.0~rc6+dfsg1-2.dsc 839908f20673d0c7de21f6cab450a7ee 10308 devel optional runc_1.0.0~rc6+dfsg1-2.debian.tar.xz 9db1e3091431d02e118e1c9d08ffadf3 7886 devel optional runc_1.0.0~rc6+dfsg1-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQE+BAEBCgAoFiEE85F2DZP0aJKsSKyHONAPABi+PjUFAlxi6r4KHGlAemhzai5t ZQAKCRA40A8AGL4+NeDmB/4wziwjsq06khXWe7iItTRFfZaOXax/0IcJbzh/rUjv KXYXsZX4ODT2n2QZYuwiIVBgpLcFWhTmlLP/rSYnP8B8OkpGXGessi2U8f948F6o /GMmbOxJEoZ94uhFRXY3IvRxx2heOdCy4SgwcbZSY0TVO1XzXlsbnHYMrlRhqxE2 n0/H3+c4xPB5BWtSnsflPEiafoI8uIcAsIeCnz7E3Gc3VL/ItXtJttvQlLigYVkF rDCIG4DpGbmwTaJk2IW2HBYCsxQZVs6cyTNCd66ZT5kqmqvxL7Dv3rxrD46uW0G8 GC56pJrfqmFBI3tN+lfkKy+147P2QbSyoX/P2lc6lVYy =xKjg -----END PGP SIGNATURE-----
--- End Message ---
