-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 28 Jun 2024 00:16:20 +0200 Source: runc Binary: runc runc-dbgsym Architecture: i386 Version: 1.0.0~rc93+ds1-5+deb11u4 Distribution: bullseye Urgency: medium Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Daniel Leidert Description: runc - Open Container Project - runtime Changes: runc (1.0.0~rc93+ds1-5+deb11u4) bullseye; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * d/patches/0025-Fix-busybox-tarball-url-in-integration-test.patch: Updated. - Fixed download URLs again. * d/patches/CVE-2021-43784.patch: Added to fix CVE-2021-43784. - When writing netlink messages, it is possible to have a byte array larger than UINT16_MAX which would result in the length field overflowing and allowing user-controlled data to be parsed as control characters (such as creating custom mount points, changing which set of namespaces to allow, and so on). * d/patches/0027-Fix-test-for-newer-kernels.patch: Added. - Fix test for newer kernels. * d/patches/CVE-2023-25809.patch: Added to fix CVE-2023-25809. - It was found that rootless runc makes `/sys/fs/cgroup` writable under specific conditions. A container may then gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host. * Update changelog for 1.0.0~rc93+ds1-5+deb11u4~1.gbpce2b39 release * Update patch for download URLs of busybox tarball * Add patch to fix CVE-2021-43784.patch * Add patch to fix tests with newer kernels * Add patch to fix CVE-2023-25809 Checksums-Sha1: 35ce3cd91836b22451077e19c79bf3480ac0aefd 2463584 runc-dbgsym_1.0.0~rc93+ds1-5+deb11u4_i386.deb c75f7bf4b1720d37635c249c30ebbfbea87c3d6b 8066 runc_1.0.0~rc93+ds1-5+deb11u4_i386-buildd.buildinfo 3291a66a7fee412d96a6695747ff86e7810632be 2278024 runc_1.0.0~rc93+ds1-5+deb11u4_i386.deb Checksums-Sha256: 015fd3674350aee97a7833a096dfc00d5dccabb15a3d0ede7089b47f921488b2 2463584 runc-dbgsym_1.0.0~rc93+ds1-5+deb11u4_i386.deb 2e53382e1d3b07a81d6cf0605055bc95b93c1ad552ed5e5b26b1714d7a81f562 8066 runc_1.0.0~rc93+ds1-5+deb11u4_i386-buildd.buildinfo 1c6e0e6f2d36d04d363b184170d345fcdee36b17d09ec1d53d7bce64aa02faf3 2278024 runc_1.0.0~rc93+ds1-5+deb11u4_i386.deb Files: f4ac7fb7be23c016fe71f424ddd84c94 2463584 debug optional runc-dbgsym_1.0.0~rc93+ds1-5+deb11u4_i386.deb d64fe19e71c63e3d0b39ac8223afae9a 8066 admin optional runc_1.0.0~rc93+ds1-5+deb11u4_i386-buildd.buildinfo 0d3a1efb5e148a20f53c6e0c9e8ecabb 2278024 admin optional runc_1.0.0~rc93+ds1-5+deb11u4_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEyTfXx8sBpQ0Lh3cUU9a0/LcaTpMFAmaffj8ACgkQU9a0/Lca TpOWMA//Wfjf78hTge2qmMNADDfh50CPy1W3UBfyDTzj+UuRxyICQObR7xbRQC44 fejjVyebLxHMKbDWb46x04bXHx9uHJKEZm/2sI2/VHqQ+1q2vq5i4ILum5hr4HiO Gvg1xGRubm6qOckLLaGhRNXx2g3bLKqj9LFUzmVJ259XQOMuP9FigtonNzxveR6l /OnB82WnM5ke5nf9AME6UA3yFvm1w2q81LrNl07cWUoA6BieAJ/ESI/8guJx056b gQwJwu41nJrEv8lxUFcDJy5TRLuXm3pAzw/C7mG+xn5Kzb8oCFnkvwgXyYnuCA3i mQ68wXxB/m/W7/nHmgg0wmyX7lMY62WaMfkkzgvNWxJTl/tL3f6WHJM1PCb29QSy c/PqGoxNrUuEgsnTwqPaMpyqIsbX+aMEJFmQEOoa9TVBvD3vY2YDkhHK9bcyL0Wu VDL/UBC+ruAHVzgQqhU7RjxPldVf5ZdB8bK1GZZKOArCj58baiwLi94wsBk48A6N 1BO17S7T4WlRvkgPMTB7jFfW0fdYRE5MilWbGonYMcV684hD8VTmV20aR0KDvnx0 hxlo3kGPZiPV9wdC3SZC1qLcHGpOrTWJpR24kuNe3ucKUFeG7cjsJaFTJHfqfanP yIFHA0RaP4H0t7PCf6KQ8FGNzTaab5N+So9Y2dubOVw2XuV+zGE= =hJa9 -----END PGP SIGNATURE-----