[Buildroot] [PATCH 1/1] package/runc: security bump to version 1.0.0-rc95

Peter Korsgaard peter at korsgaard.com
Mon Jun 7 21:35:07 UTC 2021

>>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:

 > Christian, All,
 > On 2021-05-21 13:15 -0700, Christian Stewart spake thusly:
 >> Fixes CVE-2021-30465: runc 1.0.0-rc94 and earlier are vulnerable to a symlink
 >> exchange attack whereby an attacker can request a seemingly-innocuous container
 >> configuration that actually results in the host filesystem being bind-mounted
 >> into the container, allowing for a container escape.
 >> Signed-off-by: Christian Stewart <christian at paral.in>

Committed to 2021.02.x, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list