Package: golang-github-docker-docker-credential-helpers

Package: golang-github-docker-docker-credential-helpers / 0.6.1-2+deb10u1

Metadata

Package	Version	Patches format
golang-github-docker-docker-credential-helpers	0.6.1-2+deb10u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
fix free err.patch \| (download)	secretservice/secretservice_linux.go \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	c.free(unsafe.pointer(err)) -> defer c.g_error_free(err) Cherry-picked from upstream and reworked to apply to v0.6.1. Hopefully upstream issue a release one day, but hey, that's docker...
cve 2019 1020014 Fix a double free in the List functions.patch \| (download)	osxkeychain/osxkeychain_darwin.c \| 1 0 + 1 - 0 ! osxkeychain/osxkeychain_darwin.go \| 5 2 + 3 - 0 ! secretservice/secretservice_linux.c \| 1 0 + 1 - 0 ! secretservice/secretservice_linux.go \| 4 2 + 2 - 0 ! 4 files changed, 4 insertions(+), 7 deletions(-)	[patch] fix a double free in the list functions The code was set up so that it would free the individual items and the data in `freeListData`, but there was already a Go `defer` to free the data item, resulting in a double free. Remove the `free` in `freeListData` and leave the original one. In addition, move the `defer` for freeing the list data before the error check, so that the data is also free in the error case. This just removes a minor leak. This vulnerability was discovered by: Jasiel Spelman of Trend Micro Zero Day Initiative and Trend Micro Team Nebula Signed-off-by: Justin Cormack <justin.cormack@docker.com>

Patch

File delta

Description

fix free err.patch | (download)

secretservice/secretservice_linux.go | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

c.free(unsafe.pointer(err)) -> defer c.g_error_free(err)

Cherry-picked from upstream and reworked to apply to v0.6.1. Hopefully
upstream issue a release one day, but hey, that's docker...

cve 2019 1020014 Fix a double free in the List functions.patch | (download)

osxkeychain/osxkeychain_darwin.c | 1 0 + 1 - 0 !
osxkeychain/osxkeychain_darwin.go | 5 2 + 3 - 0 !
secretservice/secretservice_linux.c | 1 0 + 1 - 0 !
secretservice/secretservice_linux.go | 4 2 + 2 - 0 !
4 files changed, 4 insertions(+), 7 deletions(-)

 [patch] fix a double free in the list functions

The code was set up so that it would free the individual items and the data
in `freeListData`, but there was already a Go `defer` to free the data item,
resulting in a double free.

Remove the `free` in `freeListData` and leave the original one.

In addition, move the `defer` for freeing the list data before the error
check, so that the data is also free in the error case. This just removes
a minor leak.

This vulnerability was discovered by:
Jasiel Spelman of Trend Micro Zero Day Initiative and Trend Micro Team Nebula

Signed-off-by: Justin Cormack <justin.cormack@docker.com>