Re: runc CVEs in docker.io

To: debian-user@lists.debian.org
Subject: Re: runc CVEs in docker.io
From: Dominique Dumont <dod@debian.org>
Date: Mon, 02 Aug 2021 12:48:36 +0200
Message-id: <[🔎] 17142577.ciy3gvHIKF@ylum>
Reply-to: dod@debian.org
In-reply-to: <288e8097-788f-4dde-8db3-8573d5ba41c8@www.fastmail.com>
References: <288e8097-788f-4dde-8db3-8573d5ba41c8@www.fastmail.com>

On Tuesday, 27 July 2021 18:07:53 CEST Gareth Evans wrote:
> Given that these are all fixed in Bullseye (and at least the grave
> apt-listbugs issue has been fixed in eg Ubuntu since March 2020 [1]) why
> not also Buster?

According to runc security tracker, a fixed runc is available for buster, 
albeit in buster's security repository.

I guess that security repo is missing from your /etc/apt/sources.list

See https://www.debian.org/security/#keeping-secure for instructions.

HTH

Dod

Reply to:

Follow-Ups:
- Re: runc CVEs in docker.io
  - From: "Gareth Evans" <donotspam@fastmail.fm>

Prev by Date: Re: what binds to port
Next by Date: Re: what binds to port
Previous by thread: Re: Apparmor: 1 processes are unconfined but have a profile defined
Next by thread: Re: runc CVEs in docker.io
Index(es):
- Date
- Thread