-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 22 Jul 2015 18:12:27 +0200 Source: lxc Binary: lxc lxc-dbg Architecture: source Version: 1:1.0.6-6+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Daniel Baumann <mail@daniel-baumann.ch> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: lxc - Linux Containers userspace tools lxc-dbg - Linux Containers userspace tools (debug) Closes: 793298 Changes: lxc (1:1.0.6-6+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add 0018-CVE-2015-1331-lxclock-use-run-lxc-lock-rather-than-r.patch. CVE-2015-1331: Directory traversal flaw that allows arbitrary file creation as the root user. (Closes: #793298) * Add 0019-CVE-2015-1334-Don-t-use-the-container-s-proc-during-.patch. CVE-2015-1334: Processes intended to be run inside of confined LXC containers could escape their AppArmor or SELinux confinement. (Closes: #793298) Checksums-Sha1: ed81cd8a0e58e66bcd11e2f826c2a0dec0d86632 2082 lxc_1.0.6-6+deb8u1.dsc 6ea61825e4edc71ddec56d3899d4f0e9dce1c509 508868 lxc_1.0.6.orig.tar.xz 84024f4d20b12d31825673cff81d6389e0f5a6a1 29668 lxc_1.0.6-6+deb8u1.debian.tar.xz Checksums-Sha256: f89c2f20af1a5068a5b66eb9edea99cf42bc36dedec75ae7a01617dc8227a713 2082 lxc_1.0.6-6+deb8u1.dsc 4a794c57ee852bcbb8f3d543eace6a86e75156c5681c9daf1b01d79407a70c74 508868 lxc_1.0.6.orig.tar.xz 7bfeab59ab2b111ca03096d1b7cf9a87314d94389b657a90ad90dda0ccaa1520 29668 lxc_1.0.6-6+deb8u1.debian.tar.xz Files: d26f8b7df14a407e28832986572e25a8 2082 admin optional lxc_1.0.6-6+deb8u1.dsc 30a70dfbbb7fa016febd26b33f12e20d 508868 admin optional lxc_1.0.6.orig.tar.xz 13e6e2ac25600e77b147941a81a2099b 29668 admin optional lxc_1.0.6-6+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVsSLfAAoJEAVMuPMTQ89EUdYP/RD2lWhpwngDGlaShshaBMyI u9j7LtbIaPUxmw8YCTiYrZHqdZWh7+4SsCq1GTBqEDzUTjqUR6Eb9iFSm53d01jS 3F/YGz1Mn3XkIFb0NrnUPs5u+YWeteIMxkVC8PwG8pMqk+7R1N77Ap8q1e0IA2jt bFQmLsuhboPDyPgCL5NwtEg6kZmLo3GRxOkAw/0b9aK/LT4d2pqBgV6xO2lDIOc1 DXJ6CqCTAdD+HtbV1rQOd+1jqK7DDioVFTFNhk21XPvl8GQ3K3kpjGZlbDZOz5+d pwFjVfmL9HS+pnlLqf7n35iNkCgpXriIfP/hX8BiX2YbqvuOKmz8BBAuvvpalkma iXEnX6bkYwfTRIhvSsaJnA4R/QF9NuE6yrbW3+ASoQi5yV3U9X7qg7B5LEsBLD4M 3xRNP9y9xbo1vIJ71d6fxIEcalmS65Tm+YG2SWIMu39LW94PCt7sQn4HNvRBwetu VU766RZBfC98JQh7H6CKHDrDedg6eRTnJ4zv26ejMiv3X7M5kzXA9GV7P5lrHqWI ztcwWr0kWGwVpDz/QZ5A8JbhcvBz2YZzMoKOdujztjso6wZgUZqedRSCuaAQzL90 nnRfqzigPFfbFa5lQ4Of4eLqeP8EcaUB1E6jLcAhNhu1huVPg3c/TblmFc+7ynw0 YoC4UpOw5ElTdi0NyvF9 =6MoC -----END PGP SIGNATURE-----