Date: Mon, 23 Mar 2015 23:30:18 -0600 From: Kurt Seifried <kseifried@...hat.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Another example of why embargoes are a bad idea, these issues have been fixed for ages by upstream but fell through the cracks, because embargo! https://bugzilla.redhat.com/show_bug.cgi?id=1063549 https://bugzilla.redhat.com/show_bug.cgi?id=1063550 tmp vulns and use of http for sensitive downloads like keys/executable content with no checks (especially when https is available and other ways to do it safely). -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ