mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-02 21:48:20 +03:00
8ebb77ac1d
Fixes the following security issues: - CVE-2019-19921: runc volume mount race condition with shared mounts - CVE-2019-16884: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. For details, see the announcement: https://github.com/containerd/containerd/releases/tag/v1.2.12 containerd is now a separate CNCF sponsored project, and is no longer explicitly associated with docker/moby. Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>