oss-sec mailing list archives
2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 23 Mar 2015 23:30:18 -0600
Another example of why embargoes are a bad idea, these issues have been fixed for ages by upstream but fell through the cracks, because embargo! https://bugzilla.redhat.com/show_bug.cgi?id=1063549 https://bugzilla.redhat.com/show_bug.cgi?id=1063550 tmp vulns and use of http for sensitive downloads like keys/executable content with no checks (especially when https is available and other ways to do it safely). -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Kurt Seifried (Mar 23)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Florian Weimer (Mar 24)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Kurt Seifried (Mar 24)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Eric Windisch (Mar 24)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Trevor Jay (Mar 24)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Florian Weimer (Mar 31)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Kurt Seifried (Mar 24)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Florian Weimer (Mar 24)