Candidate: CVE-2014-9358
PublicDate: 2014-12-16 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9358
 https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ
Description:
 Docker before 1.3.3 does not properly validate image IDs, which allows
 remote attackers to conduct path traversal attacks and spoof repositories
 via a crafted image in a (1) "docker load" operation or (2) "registry
 communications."
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909
Priority: medium
Discovered-by: Eric Windisch
Assigned-to:
CVSS: 

Patches_docker.io:
upstream_docker.io: released (1.3.3)
lucid_docker.io: DNE
precise_docker.io: DNE
precise/esm_docker.io: DNE
trusty_docker.io: not-affected (1.6.2~dfsg1-1ubuntu4~14.04.1)
trusty/esm_docker.io: DNE (trusty was not-affected [1.6.2~dfsg1-1ubuntu4~14.04.1])
utopic_docker.io: ignored (reached end-of-life)
vivid_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
vivid/stable-phone-overlay_docker.io: DNE
vivid/ubuntu-core_docker.io: DNE
wily_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
xenial_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
yakkety_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
zesty_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
devel_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)