Summary: | <app-emulation/containerd-1.4.4: Information disclosure via environment variables (CVE-2021-21334) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gyakovlev, williamh |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=790257 | ||
Whiteboard: | B4 [cve glsa+] | ||
Package list: |
app-emulation/containerd-1.4.4 amd64 arm64 ppc64
app-emulation/docker-20.10.6-r1 amd64 arm64 ppc64
app-emulation/docker-cli-20.10.6 amd64 arm64 ppc64
app-emulation/docker-proxy-0.8.0_p20201215 amd64 arm64 ppc64
app-emulation/runc-1.0.0_rc92 amd64 arm64 ppc64
sys-process/tini-0.19.0 amd64 arm64 ppc64
|
Runtime testing required: | --- |
Bug Depends on: | 783525, 790257 | ||
Bug Blocks: |
Description
Sam James
2021-03-11 02:48:56 UTC
Tell us when ready to stable -- or if you plan to bump to 1.3.10 and stable that instead? Sanity check failed:
> app-emulation/containerd-1.4.4
> bdepend amd64 dev profile default/linux/amd64/17.0/x32 (3 total)
> ~app-emulation/runc-1.0.0_rc92
> bdepend amd64 stable profile default/linux/amd64/17.1 (33 total)
> ~app-emulation/runc-1.0.0_rc92
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (3 total)
> ~app-emulation/runc-1.0.0_rc92
> rdepend amd64 stable profile default/linux/amd64/17.1 (33 total)
> ~app-emulation/runc-1.0.0_rc92
ping Sanity check failed:
> app-emulation/containerd-1.4.4
> bdepend amd64 dev profile default/linux/amd64/17.0/x32 (3 total)
> ~app-emulation/runc-1.0.0_rc92
> bdepend amd64 stable profile default/linux/amd64/17.1 (33 total)
> ~app-emulation/runc-1.0.0_rc92
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (3 total)
> ~app-emulation/runc-1.0.0_rc92
> rdepend amd64 stable profile default/linux/amd64/17.1 (33 total)
> ~app-emulation/runc-1.0.0_rc92
Sanity check failed:
> app-emulation/containerd-1.4.4
> bdepend arm64 stable profile default/linux/arm64/17.0 (18 total)
> ~app-emulation/runc-1.0.0_rc92
> rdepend arm64 stable profile default/linux/arm64/17.0 (18 total)
> ~app-emulation/runc-1.0.0_rc92
> bdepend ppc64 dev profile default/linux/ppc64le/17.0/desktop/plasma (2 total)
> ~app-emulation/runc-1.0.0_rc92
> rdepend ppc64 dev profile default/linux/ppc64le/17.0/desktop/plasma (2 total)
> ~app-emulation/runc-1.0.0_rc92
Sanity check failed:
> app-emulation/containerd-1.4.4
> bdepend ppc64 stable profile default/linux/powerpc/ppc64/17.0/64bit-userland (9 total)
> ~app-emulation/runc-1.0.0_rc92
> bdepend ppc64 dev profile default/linux/ppc64le/17.0/desktop/plasma (2 total)
> ~app-emulation/runc-1.0.0_rc92
> rdepend ppc64 stable profile default/linux/powerpc/ppc64/17.0/64bit-userland (9 total)
> ~app-emulation/runc-1.0.0_rc92
> rdepend ppc64 dev profile default/linux/ppc64le/17.0/desktop/plasma (2 total)
> ~app-emulation/runc-1.0.0_rc92
Added to an existing GLSA request. This issue was resolved and addressed in GLSA 202105-33 at https://security.gentoo.org/glsa/202105-33 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architecture. going to skip ppc64 here and proceed in 790257 ppc64 done in 790257 Thanks! Please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86912bea08db24cd53aa813c9c1a266f09c9fe70 commit 86912bea08db24cd53aa813c9c1a266f09c9fe70 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-06-11 16:23:21 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-06-11 16:25:13 +0000 app-emulation/docker: stabilize 20.10.7 on amd64 Bug: https://bugs.gentoo.org/775329 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: William Hubbs <williamh@gentoo.org> app-emulation/docker/docker-20.10.7.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c05e1b29e4a19c5d3f868890f78816c7acd6294 commit 6c05e1b29e4a19c5d3f868890f78816c7acd6294 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-06-11 16:11:39 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-06-11 16:25:13 +0000 app-emulation/docker-proxy: stabilize 0.8.0_p20210525 on amd64 Bug: https://bugs.gentoo.org/775329 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: William Hubbs <williamh@gentoo.org> app-emulation/docker-proxy/docker-proxy-0.8.0_p20210525.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f72167936ef4898678107e43080fb9349f3e20cd commit f72167936ef4898678107e43080fb9349f3e20cd Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-06-11 16:08:07 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-06-11 16:25:13 +0000 app-emulation/docker-cli: stabilize 20.10.7 on amd64 Bug: https://bugs.gentoo.org/775329 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: William Hubbs <williamh@gentoo.org> app-emulation/docker-cli/docker-cli-20.10.7.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2d4eaa5dcd3772bc4053c935909676e6cc994f4 commit b2d4eaa5dcd3772bc4053c935909676e6cc994f4 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-06-11 16:04:26 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-06-11 16:25:13 +0000 app-emulation/runc: stabilize 1.0.0_rc95 on amd64 Bug: https://bugs.gentoo.org/775329 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: William Hubbs <williamh@gentoo.org> app-emulation/runc/runc-1.0.0_rc95.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e50c548ae83692602b6cd5dce9621292b5ef7482 commit e50c548ae83692602b6cd5dce9621292b5ef7482 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-06-11 15:57:13 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-06-11 16:25:12 +0000 app-emulation/containerd: stabilize 1.4.6 on amd64 Bug: https://bugs.gentoo.org/775329 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: William Hubbs <williamh@gentoo.org> app-emulation/containerd/containerd-1.4.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) cleanup done Unable to check for sanity:
> no match for package: app-emulation/containerd-1.4.4
Thanks! All done. |