Bug#1031408: unblock: containerd/1.6.18~ds1-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: containerd@packages.debian.org, publicsuffix@packages.debian.org, zhsj@debian.org
Control: affects -1 + src:containerd src:golang-golang-x-net src:publicsuffix
Please age package containerd
[ Reason ]
* New upstream version 1.6.18~ds1
+ CVE-2023-25153: OCI image importer memory exhaustion
+ CVE-2023-25173: Supplementary groups are not set up properly
* Install cni-bridge-fp to /usr/lib/cni in autopkgtest
[ Impact ]
Delay of security fix.
[ Tests ]
This package has integration tests in autopkgtest.
Though there are known failures cri-integration (one of the integrations).
But it's not regression. 1.6.17~ds1-1 has 5 failed test cases. I've fixed the
tests scripts in 1.6.18~ds1-1, and it has only 1 failed test case now.
[ Risks ]
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[ ] attach debdiff against the package in testing
[ Other info ]
To age containerd, the following packages need age as well.
+ golang-golang-x-net/1:0.7.0+dfsg-1
* New upstream version 0.7.0
+ CVE-2022-41723: http2/hpack: avoid quadratic complexity in hpack decoding
+ publicsuffix/20230209.2326-1
* new upstream version
Reply to: