Bug 28282

Summary: docker new security issues CVE-2021-21284 and CVE-2021-21285
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: bruno, mageia
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: docker-19.03.14-1.mga8.src.rpm CVE:
Status comment: Patched in SVN, but doesn't build
Bug Depends on:    
Bug Blocks: 27709    

Description David Walser 2021-02-02 20:56:36 CET 
Docker 19.03.15 has been released on January 29, fixing security issues:
https://github.com/docker/docker-ce/blob/v19.03.15/CHANGELOG.md

Upstream advisories:
https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8

Mageia 7 is also affected.
David Walser 2021-02-02 20:56:51 CET

Whiteboard: (none) => MGA7TOO
Status comment: (none) => Fixed upstream in 19.03.15

David Walser 2021-02-02 20:57:44 CET

Blocks: (none) => 27709

Comment 1 Nicolas Lécureuil 2021-02-02 23:22:26 CET 
freeze push asked.

CC: (none) => mageia

Comment 2 Nicolas Lécureuil 2021-02-03 14:11:54 CET 
Fixed in cauldron:
docker-19.03.15-1.mga8

Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

Comment 3 David Walser 2021-02-28 15:12:57 CET 
Debian has issued an advisory for this on February 27:
https://www.debian.org/security/2021/dsa-4865
Comment 4 Nicolas Lécureuil 2021-03-04 19:22:55 CET 
patches added for mageia 7

src:
    - docker-18.09.9-1.2.mga7

Assignee: bruno => qa-bugs
Status comment: Fixed upstream in 19.03.15 => (none)

Nicolas Lécureuil 2021-03-04 19:30:22 CET

Assignee: qa-bugs => mageia

David Walser 2021-03-04 22:49:03 CET

Status comment: (none) => Patched in SVN, but doesn't build
CC: (none) => bruno

Comment 5 David Walser 2021-07-01 18:30:20 CEST 
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Status: NEW => RESOLVED
Resolution: (none) => OLD