All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Subject: [Buildroot] [git commit] package/containerd: security bump to version 1.5.11
Date: Tue, 5 Apr 2022 19:28:14 +0200	[thread overview]
Message-ID: <20220405185320.319C18361B@busybox.osuosl.org> (raw)

commit: https://git.buildroot.net/buildroot/commit/?id=2642edb0af08f04fb98f4cb5f88895faded4b325
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Fixes the following security issues:

- CVE-2022-23648: containerd CRI plugin: Insecure handling of image volumes
  https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7

- CVE-2022-24769: Default inheritable capabilities for linux container
  should be empty
  https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/containerd/containerd.hash | 2 +-
 package/containerd/containerd.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/containerd/containerd.hash b/package/containerd/containerd.hash
index d5aafe2e70..23dacded88 100644
--- a/package/containerd/containerd.hash
+++ b/package/containerd/containerd.hash
@@ -1,3 +1,3 @@
 # Computed locally
-sha256  40c9767af3e87f2c36adf2f563f0a8374e80b30bd2b7aa80058c85912406cef4  containerd-1.5.9.tar.gz
+sha256  6a289406c1c0583763e5a9754e31a1eced55cd5f162a7bc2a3a315d5eb05c7a1  containerd-1.5.11.tar.gz
 sha256  4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4  LICENSE
diff --git a/package/containerd/containerd.mk b/package/containerd/containerd.mk
index 8976e12f1a..c405b75e81 100644
--- a/package/containerd/containerd.mk
+++ b/package/containerd/containerd.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CONTAINERD_VERSION = 1.5.9
+CONTAINERD_VERSION = 1.5.11
 CONTAINERD_SITE = $(call github,containerd,containerd,v$(CONTAINERD_VERSION))
 CONTAINERD_LICENSE = Apache-2.0
 CONTAINERD_LICENSE_FILES = LICENSE
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

             reply	other threads:[~2022-04-05 19:03 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-05 17:28 Peter Korsgaard [this message]
2022-04-11 12:28 ` [Buildroot] [git commit] package/containerd: security bump to version 1.5.11 Marcus Hoffmann
2022-04-11 17:03   ` Arnout Vandecappelle
2022-04-11 18:33     ` Yann E. MORIN
2022-04-11 19:02     ` Peter Korsgaard
2022-04-11 20:27       ` Arnout Vandecappelle
2022-04-11 20:34       ` Peter Korsgaard
2022-04-12  8:28         ` Arnout Vandecappelle
2022-04-12  9:26           ` Peter Korsgaard
2022-04-14 19:15             ` Arnout Vandecappelle
2022-04-14 20:06               ` Peter Korsgaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220405185320.319C18361B@busybox.osuosl.org \
    --to=peter@korsgaard.com \
    --cc=buildroot@buildroot.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.