This bug was fixed in the package docker.io-app -
27.5.1-0ubuntu3~24.10.1
---------------
docker.io-app (27.5.1-0ubuntu3~24.10.1) oracular; urgency=medium
* Backport from plucky to oracular (LP: #2085187)
* d/control: build with golang 1.22 for consistency across the supported
release
* d/rules: add golang 1.22 to PATH
docker.io-app (27.5.1-0ubuntu3) plucky; urgency=medium
* d/control: set a version for the docker-cli Provides
docker.io-app (27.5.1-0ubuntu2) plucky; urgency=medium
* d/control: provides docker-cli (LP: #2099941)
docker.io-app (27.5.1-0ubuntu1) plucky; urgency=medium
* New upstream version 27.5.1 (LP: #2085187)
* d/control: build with golang 1.24 (LP: #2098661)
* d/rules: add golang 1.24 to PATH
* d/patches: drop patches for CVE-2024-41110. Fixed upstream
* d/helpers/build-manpages.sh: build manpages with Go 1.24
* d/manpages/*: update manpages for version 27.5.1
* d/docker.io.docs: update NOTICE files
docker.io-app (26.1.3-0ubuntu2) plucky; urgency=medium
* SECURITY UPDATE: authz plugin bypass causes privilege escalation
- debian/patches/CVE-2024-41110-1.patch: Authz plugin security fixes
for 0-length content and path validation
- debian/patches/CVE-2024-41110-2.patch: If url includes scheme,
urlPath will drop hostname, which would not match the auth check
- CVE-2024-41110
-- Athos Ribeiro <[email protected]> Tue, 01 Apr 2025
11:07:21 -0300
** Changed in: docker.io-app (Ubuntu Oracular)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-41110
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2099941
Title:
[FFe] docker.io Provides docker-cli
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/docker.io-app/+bug/2099941/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
