[ubuntu/plucky-proposed] docker.io-app 26.1.3-0ubuntu2 (Accepted)

Vyom Yadav vyom.yadav at canonical.com
Mon Dec 16 14:22:17 UTC 2024 

docker.io-app (26.1.3-0ubuntu2) plucky; urgency=medium

  * SECURITY UPDATE: authz plugin bypass causes privilege escalation
    - debian/patches/CVE-2024-41110-1.patch: Authz plugin security fixes
      for 0-length content and path validation
    - debian/patches/CVE-2024-41110-2.patch: If url includes scheme,
      urlPath will drop hostname, which would not match the auth check
    - CVE-2024-41110

Date: Thu, 12 Dec 2024 17:32:57 +0530
Changed-By: Vyom Yadav <vyom.yadav at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/docker.io-app/26.1.3-0ubuntu2
-------------- next part --------------
Format: 1.8
Date: Thu, 12 Dec 2024 17:32:57 +0530
Source: docker.io-app
Built-For-Profiles: noudeb
Architecture: source
Version: 26.1.3-0ubuntu2
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Vyom Yadav <vyom.yadav at canonical.com>
Changes:
 docker.io-app (26.1.3-0ubuntu2) plucky; urgency=medium
 .
   * SECURITY UPDATE: authz plugin bypass causes privilege escalation
     - debian/patches/CVE-2024-41110-1.patch: Authz plugin security fixes
       for 0-length content and path validation
     - debian/patches/CVE-2024-41110-2.patch: If url includes scheme,
       urlPath will drop hostname, which would not match the auth check
     - CVE-2024-41110
Checksums-Sha1:
 e7033d342362c80bcb8a3c3f171328ad4ff7282e 2377 docker.io-app_26.1.3-0ubuntu2.dsc
 002ed1107b1d6144e8c364d43594ac0668c06f47 100420 docker.io-app_26.1.3-0ubuntu2.debian.tar.xz
 6e66ec31cac22730dcad494b906d159e806d7404 8313 docker.io-app_26.1.3-0ubuntu2_source.buildinfo
Checksums-Sha256:
 a57cbc95d13166a8b21912cb8038ee6d537df2f5f26303c60219a6fa95965c5e 2377 docker.io-app_26.1.3-0ubuntu2.dsc
 b8e6de4ccf97d8284feebfe95d7dc4f7d3acf5be80131b6763378be0523b1ecd 100420 docker.io-app_26.1.3-0ubuntu2.debian.tar.xz
 8935e937beffcecae999231b0ffdf53f8fc0a4979887bec4624ee2e159f468c2 8313 docker.io-app_26.1.3-0ubuntu2_source.buildinfo
Files:
 f6e3036100fe4de08420f91f5d92e6ca 2377 admin optional docker.io-app_26.1.3-0ubuntu2.dsc
 cbdbb03b7cca3ceb19c3bc51c2f36d6e 100420 admin optional docker.io-app_26.1.3-0ubuntu2.debian.tar.xz
 02d6c308d502bd5bb7010316431cad28 8313 admin optional docker.io-app_26.1.3-0ubuntu2_source.buildinfo

More information about the plucky-changes mailing list