Your message dated Wed, 19 May 2021 18:18:35 +0000 with message-id <e1ljqmb-0008va...@fasolo.debian.org> and subject line Bug#988768: fixed in runc 1.0.0~rc93+ds1-4 has caused the Debian Bug report #988768, regarding runc: CVE-2021-30465 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 988768: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988768 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: runc Version: 1.0.0~rc93+ds1-3 Severity: serious Tags: security help X-Debbugs-Cc: z...@debian.org, t...@security.debian.org CVE-2021-30465 is published for runc https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r I have checked the patch, it doesn't apply straightly on current version in testing. So I'd like to use some help.
--- End Message ---
--- Begin Message ---Source: runc Source-Version: 1.0.0~rc93+ds1-4 Done: Shengjing Zhu <z...@debian.org> We believe that the bug you reported is fixed in the latest version of runc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Shengjing Zhu <z...@debian.org> (supplier of updated runc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 20 May 2021 02:13:01 +0800 Source: runc Architecture: source Version: 1.0.0~rc93+ds1-4 Distribution: unstable Urgency: high Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org> Changed-By: Shengjing Zhu <z...@debian.org> Closes: 988768 Changes: runc (1.0.0~rc93+ds1-4) unstable; urgency=high . * Team upload. * Backport patches for CVE-2021-30465 (Closes: #988768) To apply CVE-2021-30465 patch clearly, following PR are backported as well: + https://github.com/opencontainers/runc/pull/2798 + https://github.com/opencontainers/runc/pull/2818 Checksums-Sha1: ad9abef70153114a508d7002d1909c8af4d11b9f 2603 runc_1.0.0~rc93+ds1-4.dsc 4233ff26ddd4ca2f3da9555c608914f01faec8cc 39120 runc_1.0.0~rc93+ds1-4.debian.tar.xz dee12207f84e2fc736d55c6e5dd9b5fbc4fdf119 7620 runc_1.0.0~rc93+ds1-4_amd64.buildinfo Checksums-Sha256: b645d9200dce8b5699ec13a9b2ca5ca33481544c4f5ec4857a8b7ee0d5273cc6 2603 runc_1.0.0~rc93+ds1-4.dsc d5ebd5e4f37cb3ce6e8b80f26cb29f02e169bf807bf4b4770c467dd68dc47ad5 39120 runc_1.0.0~rc93+ds1-4.debian.tar.xz e1508f4b310954e1ddd25dc75498f388d24531da51cff6f9ecfecb21ad420c98 7620 runc_1.0.0~rc93+ds1-4_amd64.buildinfo Files: 49fb238aa0ee96113cc66b87e1f37ddf 2603 admin optional runc_1.0.0~rc93+ds1-4.dsc 05aa04390ae03af7eb0235a80844c679 39120 admin optional runc_1.0.0~rc93+ds1-4.debian.tar.xz 21c03dd9b333f938c8beec76928f4a55 7620 admin optional runc_1.0.0~rc93+ds1-4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iIYEARYIAC4WIQSRhdT1d2eu7mxV1B5/RPol6lUUywUCYKVVhhAcemhzakBkZWJp YW4ub3JnAAoJEH9E+iXqVRTLtroBAMZeKQSJ4FHi/ZPJ46W2lwF9b37lhrex4al3 LwVUOoBkAQDQER5UJfcW+VlWvvYMzi12z6rwHys15z8ZnRjkR5T3Dg== =Pawe -----END PGP SIGNATURE-----
--- End Message ---
