-
containerd (1.5.9-0ubuntu1~21.10.3) impish-security; urgency=medium
* SECURITY UPDATE: Insecure handling of image volumes
- debian/patches/CVE-2022-23648.patch: Use fs.RootPath when mounting
volumes. (LP: #1973054)
- CVE-2022-23648
-- Paulo Flabiano Smorigo <email address hidden> Thu, 12 May 2022 13:41:37 +0000
-
containerd (1.5.9-0ubuntu1~21.10.1) impish; urgency=medium
* Backport version 1.5.9-0ubuntu1 from Jammy (LP: #1955413, #1960449).
-- Lucas Kanashiro <email address hidden> Wed, 09 Feb 2022 17:15:51 -0300
-
containerd (1.5.5-0ubuntu3.1) impish-security; urgency=medium
* SECURITY UPDATE: Insecure handling of image volumes
- debian/patches/CVE-2022-23648.patch: Use fs.RootPath when mounting
volumes.
- CVE-2022-23648
-- Paulo Flabiano Smorigo <email address hidden> Thu, 24 Feb 2022 16:59:05 +0000
-
containerd (1.5.5-0ubuntu3) impish; urgency=medium
* SECURITY UPDATE: insufficiently restricted directory permissions
- debian/patches/1.5-reduce-directory-permissions.patch: reduce
permissions for bundle dir in runtime/v1/linux/bundle.go,
runtime/v1/linux/bundle_test.go, runtime/v2/bundle.go,
runtime/v2/bundle_default.go, runtime/v2/bundle_linux.go,
runtime/v2/bundle_linux_test.go, runtime/v2/bundle_test.go,
snapshots/btrfs/btrfs.go.
- CVE-2021-41103
-- Marc Deslauriers <email address hidden> Wed, 06 Oct 2021 09:13:26 -0400
-
containerd (1.5.5-0ubuntu2) impish; urgency=medium
* d/p/seccomp-support-clone3-syscall.patch: clone3 is explicitly requested
to give ENOSYS instead of the default EPERM, when CAP_SYS_ADMIN is unset.
(LP: #1943049).
-- Lucas Kanashiro <email address hidden> Tue, 14 Sep 2021 11:45:36 -0300
-
containerd (1.5.5-0ubuntu1) impish; urgency=medium
* New upstream release.
* Bump debhelper compatibility level to 11.
- d/rules: remove the unneeded --with=systemd from the dh call.
- d/rules: override dh_installsystemd instead of dh_installinit.
-- Lucas Kanashiro <email address hidden> Wed, 04 Aug 2021 17:37:16 -0300
-
containerd (1.5.2-0ubuntu2) impish; urgency=medium
* SECURITY UPDATE: unexpected host file permission changes
- debian/patches/1.5-Cleanup-lchmod-logic-in-archive.patch: cleanup
lchmod logic in archive in archive/tar.go, archive/tar_freebsd.go,
archive/tar_mostunix.go, archive/tar_test.go, archive/tar_unix.go,
archive/tar_windows.go.
- CVE-2021-32760
-- Marc Deslauriers <email address hidden> Tue, 20 Jul 2021 07:18:08 -0400
-
containerd (1.5.2-0ubuntu1) impish; urgency=medium
* New upstream release.
* d/p/skip-tests-with-privilege.patch: add a patch to skip tests which
require a certain level of privilege not achievable in the build
environment.
-- Lucas Kanashiro <email address hidden> Thu, 20 May 2021 15:55:04 -0300
-
containerd (1.4.4-0ubuntu1) hirsute; urgency=medium
* New upstream release.
- It contains a fix for CVE-2021-21334 along with various other minor
issues.
* Refresh preserve-debug-info.patch
* d/rules: set GO111MODULE to auto. In Go 1.16, which is the default in
Hirsute now, the packages are built in module-aware mode. Since containerd
does not have a go.mod file in its source tree it FTBFS. Setting GO111MODULE
to auto we can have the previous behavior which is enable module-aware mode
only if the go.mod file exists.
-- Lucas Kanashiro <email address hidden> Tue, 10 Mar 2021 11:45:18 -0300