projects / snapd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 11e1061 15ef1bb)
snapd (2.49-1+deb11u1) bullseye-security; urgency=high
authorMichael Vogt <mvo@debian.org>
Wed, 16 Feb 2022 09:56:34 +0000 (09:56 +0000)
committerMichael Vogt <mvo@debian.org>
Wed, 16 Feb 2022 09:56:34 +0000 (09:56 +0000)
commitb308e7f7ecfd3123c8af665cfde09a275336abb2
tree42fc19d4f6148f3184a1496ee8ece25d2a421984tree | snapshot
parent11e10616c3e5ff8339c6ea17fc2da82a1256ff7ecommit | diff
parent15ef1bba4182ac538bb0b9384681ebc434fbf631commit | diff
snapd (2.49-1+deb11u1) bullseye-security; urgency=high

  * SECURITY UPDATE: local privilege escalation
    - 0015-cve-2021-44730-44731-4120.patch: Add validations of the
      location of the snap-confine binary within snapd.
    - 0015-cve-2021-44730-44731-4120: Fix race condition in snap-confine
      when preparing a private mount namespace for a snap.
    - 0016-cve-2021-2021-44730-44731-4120-auto-remove.patch: automatic
      remove vulnerable inactive core/snapd snaps
    - CVE-2021-44730
    - CVE-2021-44731
  * SECURITY UPDATE: data injection from malicious snaps
    - 0015-cve-2021-44730-44731-4120: Add validations of snap content
      interface and layout paths in snapd
    - CVE-2021-4120
    - LP: #1949368

[dgit import unpatched snapd 2.49-1+deb11u1]
41 files changed:
debian/README.Source | | blob
debian/changelog | | blob
debian/compat | | blob
debian/control | | blob
debian/copyright | | blob
debian/gbp.conf | | blob
debian/golang-github-snapcore-snapd-dev.install | | blob
debian/not-installed | | blob
debian/patches/0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch | | blob
debian/patches/0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch | | blob
debian/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch | | blob
debian/patches/0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch | | blob
debian/patches/0005-advisor-errtracker-use-upstream-bolt-package.patch | | blob
debian/patches/0006-systemd-disable-snapfuse-system.patch | | blob
debian/patches/0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch | | blob
debian/patches/0010-man-page-sections.patch | | blob
debian/patches/0013-cherry-pick-pr9936.patch | | blob
debian/patches/0015-cve-2021-44730-44731-4120.patch | | blob
debian/patches/0016-cve-2021-2021-44730-44731-4120-auto-remove.patch | | blob
debian/patches/no-seccomp-fork.patch | | blob
debian/patches/no-snapfuse.patch | | blob
debian/patches/series | | blob
debian/rules | | blob
debian/snap-confine.maintscript | | blob
debian/snapd.autoimport.udev | | blob
debian/snapd.dirs | | blob
debian/snapd.install | | blob
debian/snapd.links | | blob
debian/snapd.lintian-overrides | | blob
debian/snapd.maintscript | | blob
debian/snapd.manpages | | blob
debian/snapd.postinst | | blob
debian/snapd.postrm | | blob
debian/snapd.prerm | | blob
debian/source/format | | blob
debian/source/options | | blob
debian/tests/README.md | | blob
debian/tests/control | | blob
debian/tests/integrationtests | | blob
debian/tests/testconfig.json | | blob
debian/watch | | blob
Unnamed repository; edit this file 'description' to name the repository.