diff options
author | netblue30 <netblue30@yahoo.com> | 2017-01-09 07:52:14 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-01-09 07:52:14 -0500 |
commit | cd4a14d02ab774c4c5b605b5fee129340fe2183b (patch) | |
tree | 0767269bf2c21ceeda08712c535cc10fe8d229e1 | |
parent | Merge pull request #1025 from reinerh/cve-references2 (diff) | |
parent | Reference new CVEs (diff) | |
download | firejail-cd4a14d02ab774c4c5b605b5fee129340fe2183b.tar.gz firejail-cd4a14d02ab774c4c5b605b5fee129340fe2183b.tar.zst firejail-cd4a14d02ab774c4c5b605b5fee129340fe2183b.zip |
Merge pull request #1027 from reinerh/cve-references2
Reference new CVEs
-rw-r--r-- | RELNOTES | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -1,9 +1,10 @@ | |||
1 | firejail (0.9.45) baseline; urgency=low | 1 | firejail (0.9.45) baseline; urgency=low |
2 | * development version, work in progress | 2 | * development version, work in progress |
3 | * security: --bandwidth root shell found by Martin Carpenter | 3 | * security: --bandwidth root shell found by Martin Carpenter (CVE-2017-5207) |
4 | * security: disabled --allow-debuggers when running on kernel | 4 | * security: disabled --allow-debuggers when running on kernel |
5 | versions prior to 4.8; a kernel bug in ptrace system call | 5 | versions prior to 4.8; a kernel bug in ptrace system call |
6 | allows a full bypass of seccomp filter; problem reported by Lizzie Dixon | 6 | allows a full bypass of seccomp filter; problem reported by Lizzie Dixon |
7 | (CVE-2017-5206) | ||
7 | * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) | 8 | * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) |
8 | * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson | 9 | * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson |
9 | * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122) | 10 | * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122) |