Closed TomSweeneyRedHat closed 5 years ago
Ready for review. I figured out the swarm issues I was having and have noted updated test steps taken in the description of the PR. This code is now read for review. Once this goes through, I'll create another patch for the Docker 1.13.1-rhel branch too.
@rhatdan and @giuseppe this is ready to go, can I get some LGTM's or feedback on what needs to change?
LGTM @giuseppe @mheon PTAL
Code LGTM
Signed-off-by: TomSweeneyRedHat tsweeney@redhat.com
- What I did Applied patch that was put into upstream to address CVE-2019-13509 . (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509). Patch on upstream located at: https://github.com/dweomer/docker/pull/82
- How I did it vi and some blood, sweat and tears.
- How to verify it
This patch introduces some change in behavior:
Data
field scrubbed. Generally, the actual data should not be interesting for debugging, so likely will not be problematic. In addition, scrubbing this data for configs may actually be desirable, because (even though they are not explicitely designed for this purpose) configs may contain sensitive data (credentials inside a configuration file, e.g.).label
nameddata
on a config, will scrub/mask the value of that label.jointoken
,password
,secret
,signingcakey
, orunlockkey
.- Description for the changelog Addresses CVE-2019-13509 - secret leakage in debug logging
- A picture of a cute animal (not mandatory but encouraged)