group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1655136] Re: Multiple CVEs in xenial

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Mattia Rizzolo <mattia@xxxxxxxxxxx>
Date: Mon, 09 Jan 2017 20:06:10 -0000
Reply-to: Bug 1655136 <1655136@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: firejail (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: firejail (Ubuntu Zesty)
   Importance: Undecided
       Status: New

** Changed in: firejail (Ubuntu Xenial)
       Status: New => In Progress

** Changed in: firejail (Ubuntu Xenial)
     Assignee: (unassigned) => Reiner Herrmann (deki)

** Changed in: firejail (Ubuntu Zesty)
       Status: New => Fix Released

** Changed in: firejail (Ubuntu Zesty)
   Importance: Undecided => High

** Changed in: firejail (Ubuntu Xenial)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1655136

Title:
  Multiple CVEs in xenial

Status in firejail package in Ubuntu:
  Fix Released
Status in firejail source package in Xenial:
  In Progress
Status in firejail source package in Zesty:
  Fix Released

Bug description:
  firejail 0.9.38 is affected by the following CVEs:
  - CVE-2016-9016: sandbox escape
  - CVE-2016-10118: overwrite /etc/resolv.conf
  - CVE-2017-5180: local root exploit

  Please apply the attached debdiff.

  firejail 0.9.40 is also affected by those (and perhaps other) CVEs. It still needs to be checked by which ones exactly.
  I will file a separate bug for it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1655136/+subscriptions