Candidate: CVE-2014-5277
PublicDate: 2014-11-17 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5277
 https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion
Description:
 Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the
 HTTPS connection to the registry fails, which allows man-in-the-middle
 attackers to conduct downgrade attacks and obtain authentication and image
 data by leveraging a network position between the client and the registry
 to block HTTPS traffic.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Solomon Hykes and Florian Weimer
Assigned-to:
CVSS: 

Patches_docker.io:
upstream_docker.io: released (1.3.1~dfsg1-1)
lucid_docker.io: DNE
precise_docker.io: DNE
precise/esm_docker.io: DNE
trusty_docker.io: released (1.6.2~dfsg1-1ubuntu4~14.04.1)
trusty/esm_docker.io: DNE (trusty was released [1.6.2~dfsg1-1ubuntu4~14.04.1])
utopic_docker.io: ignored (reached end-of-life)
vivid_docker.io: not-affected (1.3.1~dfsg1-1)
vivid/stable-phone-overlay_docker.io: DNE
vivid/ubuntu-core_docker.io: DNE
wily_docker.io: not-affected (1.3.1~dfsg1-1)
xenial_docker.io: not-affected (1.3.1~dfsg1-1)
yakkety_docker.io: not-affected (1.3.1~dfsg1-1)
zesty_docker.io: not-affected (1.3.1~dfsg1-1)
devel_docker.io: not-affected (1.3.1~dfsg1-1)