From 2edc394d28b35a4aee13d98128cc4ce25836852a Mon Sep 17 00:00:00 2001 From: Reiner Herrmann Date: Sat, 7 Jan 2017 17:27:43 +0100 Subject: Add references to CVEs in release notes --- RELNOTES | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'RELNOTES') diff --git a/RELNOTES b/RELNOTES index 5a3bfa5fb..5d5c93e63 100644 --- a/RELNOTES +++ b/RELNOTES @@ -4,13 +4,13 @@ firejail (0.9.45) baseline; urgency=low * security: disabled --allow-debuggers when running on kernel versions prior to 4.8; a kernel bug in ptrace system call allows a full bypass of seccomp filter; problem reported by Lizzie Dixon - * security: overwrite /etc/resolv.conf found by Martin Carpenter + * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson - * security: invalid environment exploit found by Martin Carpenter + * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122) * security: split most of networking code in a separate executable * security: split seccomp filter code configuration in a separate executable * security: split file copying in private option in a separate executable - * security: root exploit found by Sebastian Krahmer + * security: root exploit found by Sebastian Krahmer (CVE-2017-5180) * feature: disable gnupg and systemd directories under /run/user * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) * feature: AppImage type 2 support @@ -32,7 +32,7 @@ firejail (0.9.45) baseline; urgency=low -- netblue30 Sun, 23 Oct 2016 08:00:00 -0500 firejail (0.9.44) baseline; urgency=low - * CVE-2016-7545 submitted by Aleksey Manevich + * CVE-2016-9016 submitted by Aleksey Manevich * modifs: removed man firejail-config * modifs: --private-tmp whitelists /tmp/.X11-unix directory * modifs: Nvidia drivers added to --private-dev @@ -149,11 +149,12 @@ firejail (0.9.38) baseline; urgency=low * added KMail, Seamonkey, Telegram, Mathematica, uGet, * and mupen64plus profiles * --chroot in user mode allowed only if seccomp support is available - * in current Linux kernel + * in current Linux kernel (CVE-2016-10123) * deprecated --private-home feature * the first protocol list installed takes precedence - * --tmpfs option allowed only running as root + * --tmpfs option allowed only running as root (CVE-2016-10117) * added --private-tmp option + * weak permissions (CVE-2016-10119, CVE-2016-10120, CVE-2016-10121) * bugfixes -- netblue30 Tue, 2 Feb 2016 10:00:00 -0500 -- cgit v1.2.3-54-g00ecf