GNU bug report logs - #34446
Runc container escape patches CVE-2019-5736

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 11 Feb 2019 23:49:01 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Danny Milosavljevic <dannym <at> scratchpost.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: 34446 <at> debbugs.gnu.org
Subject: [bug#34446] [PATCH 1/2] gnu: runc: Update to 1.0.0-rc6 [fixes CVE-2019-5736].
Date: Tue, 12 Feb 2019 01:45:01 +0100

[Message part 1 (text/plain, inline)]
On Mon, 11 Feb 2019 19:27:35 -0500
Leo Famulari <leo <at> famulari.name> wrote:

>  (define-public runc
>    (package
>      (name "runc")
> -    (version "1.0.0-rc5")
> +    (version "1.0.0-rc6")
>      (source (origin
>                (method url-fetch)
>                (uri (string-append
>                      "https://github.com/opencontainers/runc/releases/"
>                      "download/v" version "/runc.tar.xz"))
> +              (file-name (string-append name "-" version ".tar.xz"))
> +              (patches (search-patches "runc-CVE-2019-5736.patch"))
>                (sha256
>                 (base32
> -                "081avdzwnqpk368wbaihlzsypaxpj42d7699h7jgp0fks14x4103"))))
> +                "1c7832dq70slkjh8qp2civ1wxhhdd2hrx84pq7db1mmqc9fdr3cc"))))
>      (build-system go-build-system)
>      (arguments
>       '(#:import-path "github.com/opencontainers/runc"

Docker still contains some vendored dependencies, among those github.com/opencontainers/runc,
in directory "vendor", and so does containerd.  It might make sense to also remove them now.

[Message part 2 (application/pgp-signature, inline)]
This bug report was last modified 6 years and 96 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.