1
Candidate: CVE-2014-9358
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9358
5
https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ
7
Docker before 1.3.3 does not properly validate image IDs, which allows
8
remote attackers to conduct path traversal attacks and spoof repositories
9
via a crafted image in a (1) "docker load" operation or (2) "registry
14
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909
16
Discovered-by: Eric Windisch
20
upstream_docker.io: released (1.3.3)
22
precise_docker.io: DNE
23
precise/esm_docker.io: DNE
24
trusty_docker.io: not-affected (1.6.2~dfsg1-1ubuntu4~14.04.1)
25
utopic_docker.io: ignored (reached end-of-life)
26
vivid_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
27
vivid/stable-phone-overlay_docker.io: DNE
28
vivid/ubuntu-core_docker.io: DNE
29
wily_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
30
xenial_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
31
yakkety_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
32
zesty_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
33
devel_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)