Update debian7 docker images for CVE-2019-3462 (apt rce)
Categories
(Firefox Build System :: Task Configuration, task)
Tracking
(firefox68 fixed)
| Tracking | Status | |
|---|---|---|
| firefox68 | --- | fixed |
People
(Reporter: glandium, Assigned: glandium)
References
Details
Attachments
(2 files)
Bug 1532878 did it indirectly for debian9-based images, this is about the debian7-based ones. We'll still need to update the ubuntu-based images after this.
|
Assignee | |
Comment 1•5 years ago
|
||
When docker images use setup_packages.sh, they add apt sources. While we
currently do run apt-get update to pick those new sources, if a package
provided by them is already installed and not explicitly listed in
subsequent apt-get install, they're not going to be upgraded.
|
|
Assignee | |
Comment 2•5 years ago
|
||
This imports the changes from wheezy-lts (http://deb.freexian.com/extended-lts/)
and creates a package we install in the debian7-based images (with a
modified version number to work around bug #1419577.
This leaves out debian7-raw and debian7-packages as unpatched, because
of the chicken-and-egg problem.
Depends on D26100
Pushed by mh@glandium.org: https://hg.mozilla.org/integration/autoland/rev/97fa367562a0 Ensure docker images using setup_packages.sh are up-to-date wrt the packages provided there. r=tomprince https://hg.mozilla.org/integration/autoland/rev/7d60a7fd2fac Update debian7 docker images for CVE-2019-3462. r=tomprince
|
||
Comment 4•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/97fa367562a0
https://hg.mozilla.org/mozilla-central/rev/7d60a7fd2fac
Pushed by mozilla@jorgk.com: https://hg.mozilla.org/comm-central/rev/fabb02fab198 Port bug 1541821: Add deb7-apt package. rs=bustage-fix DONTBUILD
Description
•