[ubuntu/jammy-security] containerd 1.6.12-0ubuntu1~22.04.3 (Accepted)
David Fernandez Gonzalez
david.fernandezgonzalez at canonical.com
Wed Jul 5 07:02:50 UTC 2023
containerd (1.6.12-0ubuntu1~22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of service through image processing
- debian/patches/CVE-2023-25153.patch: limit the amount of
bytes read to 20Mb in images/archive/importer.go.
- CVE-2023-25153
* SECURITY UPDATE: Incorrect supplementary group access control
- debian/patches/CVE-2023-25173.patch: ensure that primary GID
is included in the list of additionals GIDs in oci/spec_opts.go.
- CVE-2023-25173
* d/p/skip-test-setting-OOM-score-to-negative-number-in-unprivileged-mode.patch:
fix a FTBFS in Ubuntu builders only.
containerd (1.6.12-0ubuntu1~22.04.1) jammy; urgency=medium
* Backport version 1.6.12-0ubuntu1 from Lunar (LP: #1996909, #1996534).
containerd (1.6.12-0ubuntu1) lunar; urgency=medium
* New upstream release.
- Fixes CVE-2022-23471.
containerd (1.6.10-0ubuntu1) lunar; urgency=medium
* New upstream release (LP: #1993392).
containerd (1.6.4-0ubuntu1) kinetic; urgency=medium
* New upstream release.
* Remove patches applied by upstream:
- d/p/build-with-go1.18.patch
- d/p/CVE-2022-23648.patch
* d/p/build-gen-manpages-instead-of-go-run.patch: add upstream patch to
avoid calling go run to build manpages.
* d/rules: fix DESTDIR and PREFIX variables.
Date: 2023-07-04 11:42:07.219449+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/containerd/1.6.12-0ubuntu1~22.04.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list