projects / snapd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: aaede0e 0a6869f)
snapd (2.37.4-1+deb10u1) buster-security; urgency=medium
authorMichael Vogt <mvo@debian.org>
Thu, 17 Feb 2022 15:29:46 +0000 (15:29 +0000)
committerMichael Vogt <mvo@debian.org>
Thu, 17 Feb 2022 15:29:46 +0000 (15:29 +0000)
commit1458fa5ba364c9c17f53f86c4afc66384fd5f5f8
tree5dc4e035950ae3a771f3c4106fa8fb7d3620954atree | snapshot
parentaaede0e1c96e61f4d2697ad194ba7fe749d112eecommit | diff
parent0a6869fde2383398fac6cf3516ba1e48ff9bb0cfcommit | diff
snapd (2.37.4-1+deb10u1) buster-security; urgency=medium

   * SECURITY UPDATE: local privilege escalation
    - d/p/cve202144730: Add validations of the
      location of the snap-confine binary within snapd.
    - d/p/cve202144730: Fix race condition in snap-confine
      when preparing a private mount namespace for a snap.
    - CVE-2021-44730
    - CVE-2021-44731

[dgit import unpatched snapd 2.37.4-1+deb10u1]
40 files changed:
debian/changelog | | blob
debian/compat | | blob
debian/control | | blob
debian/copyright | | blob
debian/gbp.conf | | blob
debian/golang-github-snapcore-snapd-dev.install | | blob
debian/not-installed | | blob
debian/patches/0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch | | blob
debian/patches/0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch | | blob
debian/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch | | blob
debian/patches/0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch | | blob
debian/patches/0005-advisor-errtracker-use-upstream-bolt-package.patch | | blob
debian/patches/0006-systemd-disable-snapfuse-system.patch | | blob
debian/patches/0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch | | blob
debian/patches/0010-man-page-sections.patch | | blob
debian/patches/cve202144730/0010-cmd-libsnap-confine-private-Fix-use-of-uninitialised.patch | | blob
debian/patches/cve202144730/0011-cmd-libsnap-confine-private-Defend-against-hardlink-.patch | | blob
debian/patches/cve202144730/0012-cmd-libsnap-confine-private-Don-t-fail-open-on-appar.patch | | blob
debian/patches/cve202144730/0013-cmd-libsnap-confine-private-Tighten-AppArmor-label-c.patch | | blob
debian/patches/cve202144730/0014-cmd-snap-confine-Remove-execute-permission-from-AppA.patch | | blob
debian/patches/cve202144730/0015-cmd-snap-confine-Prevent-user-controlled-race-in-set.patch | | blob
debian/patches/series | | blob
debian/rules | | blob
debian/snap-confine.maintscript | | blob
debian/snapd.autoimport.udev | | blob
debian/snapd.dirs | | blob
debian/snapd.install | | blob
debian/snapd.links | | blob
debian/snapd.lintian-overrides | | blob
debian/snapd.maintscript | | blob
debian/snapd.manpages | | blob
debian/snapd.postinst | | blob
debian/snapd.postrm | | blob
debian/source/format | | blob
debian/source/options | | blob
debian/tests/README.md | | blob
debian/tests/control | | blob
debian/tests/integrationtests | | blob
debian/tests/testconfig.json | | blob
debian/watch | | blob
Unnamed repository; edit this file 'description' to name the repository.