-
containerd (1.6.12-0ubuntu1~22.10.3) kinetic; urgency=medium
* Do not provided the containerd binary package anymore (LP: #2022390).
The containerd binary package is now provided by src:containerd-app.
- d/control: remove the containerd binary package paragraph.
- d/containerd.*: remove all files related to the containerd binary
package.
- d/docs: remove application documentation.
- d/rules: remove override_dh_installsystemd.
-- Lucas Kanashiro <email address hidden> Fri, 14 Jul 2023 16:07:50 -0300
-
containerd (1.6.12-0ubuntu1~22.10.2) kinetic-security; urgency=medium
* SECURITY UPDATE: Denial of service through image processing
- debian/patches/CVE-2023-25153.patch: limit the amount of
bytes read to 20Mb in images/archive/importer.go.
- CVE-2023-25153
* SECURITY UPDATE: Incorrect supplementary group access control
- debian/patches/CVE-2023-25173.patch: ensure that primary GID
is included in the list of additionals GIDs in oci/spec_opts.go.
- CVE-2023-25173
* d/p/skip-test-setting-OOM-score-to-negative-number-in-unprivileged-mode.patch:
fix a FTBFS in Ubuntu builders only.
-- David Fernandez Gonzalez <email address hidden> Wed, 05 Jul 2023 09:04:25 +0200
-
containerd (1.6.12-0ubuntu1~22.10.1) kinetic; urgency=medium
* Backport version 1.6.12-0ubuntu1 from Lunar (LP: #1996909).
-- Lucas Kanashiro <email address hidden> Tue, 03 Jan 2023 17:55:47 -0300
-
containerd (1.6.4-0ubuntu1.1) kinetic-security; urgency=medium
* SECURITY UPDATE: Memory exhaustion through Exec
- debian/patches/CVE-2022-23471.patch: Prevent goroutine leak in Exec
in pkg/cri/streaming/remotecommand/httpstream.go.
- CVE-2022-23471
* SECURITY UPDATE: Memory exhaustion through ExecSync.
- debian/patches/CVE-2022-31030.patch: limit the response size
of ExecSync in pkg/cri/server/container_execsync.go.
- CVE-2022-31030
-- David Fernandez Gonzalez <email address hidden> Mon, 12 Dec 2022 11:43:31 +0100
-
containerd (1.6.4-0ubuntu1) kinetic; urgency=medium
* New upstream release.
* Remove patches applied by upstream:
- d/p/build-with-go1.18.patch
- d/p/CVE-2022-23648.patch
* d/p/build-gen-manpages-instead-of-go-run.patch: add upstream patch to
avoid calling go run to build manpages.
* d/rules: fix DESTDIR and PREFIX variables.
-- Lucas Kanashiro <email address hidden> Wed, 11 May 2022 17:48:49 -0300
-
containerd (1.5.9-0ubuntu3) jammy; urgency=medium
* d/p/build-with-go1.18.patch: fix FTBFS with Go 1.18 (LP: #1965157).
In Go 1.17 the module graph has been changed to enable pruning and lazy
loading, some changes to go.{mod,sum} files are needed. We were delaying
the fix of this issue but now is the time.
-- Lucas Kanashiro <email address hidden> Wed, 23 Mar 2022 19:41:42 +0000