-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 28 Jun 2024 00:16:20 +0200 Source: runc Binary: golang-github-opencontainers-runc-dev runc runc-dbgsym Architecture: source all amd64 Version: 1.0.0~rc93+ds1-5+deb11u4 Distribution: bullseye Urgency: medium Maintainer: Debian Go Packaging Team Changed-By: Daniel Leidert Description: golang-github-opencontainers-runc-dev - Open Container Project - development files runc - Open Container Project - runtime Changes: runc (1.0.0~rc93+ds1-5+deb11u4) bullseye; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * d/patches/0025-Fix-busybox-tarball-url-in-integration-test.patch: Updated. - Fixed download URLs again. * d/patches/CVE-2021-43784.patch: Added to fix CVE-2021-43784. - When writing netlink messages, it is possible to have a byte array larger than UINT16_MAX which would result in the length field overflowing and allowing user-controlled data to be parsed as control characters (such as creating custom mount points, changing which set of namespaces to allow, and so on). * d/patches/0027-Fix-test-for-newer-kernels.patch: Added. - Fix test for newer kernels. * d/patches/CVE-2023-25809.patch: Added to fix CVE-2023-25809. - It was found that rootless runc makes `/sys/fs/cgroup` writable under specific conditions. A container may then gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host. * Update changelog for 1.0.0~rc93+ds1-5+deb11u4~1.gbpce2b39 release * Update patch for download URLs of busybox tarball * Add patch to fix CVE-2021-43784.patch * Add patch to fix tests with newer kernels * Add patch to fix CVE-2023-25809 Checksums-Sha1: 745043667264bb52cf2bbd7fb5957fa5a207f1f1 3216 runc_1.0.0~rc93+ds1-5+deb11u4.dsc 44e8ae775b1f36c0f317a3cf99cb7fe66ffe9c43 456640 runc_1.0.0~rc93+ds1.orig.tar.xz 82d17e1c0642a90d16eafbc912428652bd1fc1f9 52876 runc_1.0.0~rc93+ds1-5+deb11u4.debian.tar.xz 2113d2e7d931ae91dfa32d640deb7a88b6ecbdf8 233236 golang-github-opencontainers-runc-dev_1.0.0~rc93+ds1-5+deb11u4_all.deb c0d58b24824f69c60927d37af9984f80c7d1e958 2506336 runc-dbgsym_1.0.0~rc93+ds1-5+deb11u4_amd64.deb 6033d140129c56c8a16bda592cd12cbf574c2dca 8850 runc_1.0.0~rc93+ds1-5+deb11u4_amd64.buildinfo de1991635f4fa607d1c4aeacb993c4c03c831d60 2430356 runc_1.0.0~rc93+ds1-5+deb11u4_amd64.deb Checksums-Sha256: 90021cde7ec635e549f55b06dca3d2447736df859b1722fa130a6ad454ac50d9 3216 runc_1.0.0~rc93+ds1-5+deb11u4.dsc f47903dacd71c002b648250f840ce4c4c9ec9c328e4b7cab8a02946d3ef989f3 456640 runc_1.0.0~rc93+ds1.orig.tar.xz 9876c49659a04b45fb1dc9d5b25126f70a5b411f7920aacaa8beabbee332b60b 52876 runc_1.0.0~rc93+ds1-5+deb11u4.debian.tar.xz 9facee5c621fefdc0a2553f9f1f455fa0dbf2b5a00b1bbdb8dce901c4f7b6eb4 233236 golang-github-opencontainers-runc-dev_1.0.0~rc93+ds1-5+deb11u4_all.deb d1f45d49193e3289d1b8d6357343acb319a2c58a6f07e1563607139f495b544c 2506336 runc-dbgsym_1.0.0~rc93+ds1-5+deb11u4_amd64.deb b3a795826d81c0e42ac409dc1b983146823cacc9971f37a8ca7b537f9228cde8 8850 runc_1.0.0~rc93+ds1-5+deb11u4_amd64.buildinfo 62d9046de2f91d76606732be8c3b6d71399d5731da5312636b3d82213bbce309 2430356 runc_1.0.0~rc93+ds1-5+deb11u4_amd64.deb Files: bcd69f619c297afe3caf3e58290bb2a0 3216 admin optional runc_1.0.0~rc93+ds1-5+deb11u4.dsc 168220a508ee96372b5fec47e854a1a8 456640 admin optional runc_1.0.0~rc93+ds1.orig.tar.xz 29e1d2abd9ea3e989f01978f2f312549 52876 admin optional runc_1.0.0~rc93+ds1-5+deb11u4.debian.tar.xz 2f018c638320721e640d1923a4e7d286 233236 golang optional golang-github-opencontainers-runc-dev_1.0.0~rc93+ds1-5+deb11u4_all.deb 46f8622fc5efd67553c2450e2ce807d8 2506336 debug optional runc-dbgsym_1.0.0~rc93+ds1-5+deb11u4_amd64.deb 725f075f749b2edcae86e8955624274b 8850 admin optional runc_1.0.0~rc93+ds1-5+deb11u4_amd64.buildinfo 53ebac174d1a3c6bb7caad2bd3f605b9 2430356 admin optional runc_1.0.0~rc93+ds1-5+deb11u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmZ96qgACgkQS80FZ8KW 0F0/Ug/+L/qewskC3KZrYR8PXxfMJmhSayw3Zg7YP4Ct/YoEDp2q4FUSgUKnf5jD aRnbh3yteggXHpy21tlUYNmXf5epg0ewphJSw9LU3tRjMgUAWMqsprhdei4mPxDk BMtA/qKTIZPrwJp/Qa2/TBufwXBcI24z3SAB+FhmgDN/7RvyQ0LLYSbDfuavmFsf PCp1bJN72ORVEGEenQv1xvlMUzYRHbRQJfZizdeeWtnNuolAGu4kMEsYVFGNxf1s rFreWhOLD8T9cShSJ6ILWAd8Y8AZ9S4xH1D5OVMGL7pv9Qkdg5twQvJHp1Pv2Vby gjFUYxmvQfhnSU8jot27wFD/Bw0W4fE1+qB9VC5VvKvOHZ5IbdBRfucznmCAcgC5 ILi+ZCnYR8NntB9JjukIjeNNOEER+E9UpkPcp/P2SWrJ99XT2tkcmil1kJ14TMEs +p6fq/GBC275ISW5/DWjRl8qXCuyE32oldoWyIPmgwZk/P8xq8kOrQ/jMtD7oCnw KlMyHN9iopIjx59QyNdCRSNJEyd2VAbvt4xyYFRs6MJCy8Ucucgh29sLc5Dq7jVh UIlTEavAgtZv1WXNeMq8v2LkFaE5fhByPXLuIgRWlOszNHagL9X8QQBFs7j6Cf6n TQU3qPEt2Jgw+7Bm5OGPDMbEidcRJMBPDzRsuOA0BDE/tG6PMrw= =4qPY -----END PGP SIGNATURE-----