enhacement: fix these cve

[nyancat18]

https://security.archlinux.org/package/firejail

[Fred-Barclay]

Hi @triceratops1 I believe all of these have been fixed as of the latest release of firejail - version 0.9.44.10:

CVE-2016-10117 - was fixed in 0.9.38
CVE-2016-10118 - was fixed in 0.9.44.2 and 0.9.38.6
CVE-2016-10119 - was fixed in 0.9.38
CVE-2016-10120 - was fixed in 0.9.38
CVE-2016-10121 - was fixed in 0.9.38
CVE-2016-10122 - was fixed in 0.9.44.2
CVE-2016-10123 - was fixed in 0.9.38
CVE-2017-5180 - was fixed twice (there were two different ways to exploit this): originally in 0.9.38.8 and 0.9.44.4, and then later in 0.9.38.10 and 0.9.44.6.
CVE-2017-5206 - was fixed in 0.9.44.4
CVE-2017-5207 - was fixed in 0.9.44.4

(Side note: I was watching at the time, and CVE-2017-5207 was fixed within four hours of being reported.)

You can always check the current status of firejail, including bug fixes, from the release notes: https://firejail.wordpress.com/download-2/release-notes/)
If you want to check the status of the in-development code on GitHub, the release notes are here: https://github.com/netblue30/firejail/blob/master/RELNOTES

@netblue30 Can you check this for me and verify if I'm correct or not?

[netblue30]

Thanks @Fred-Barclay. It is missing CVE-2017-5940 (Arch people are also missing it athttps://security.archlinux.org/package/firejail).

It was fixed in 0.9.38.10 and 0.9.44.6. This is the second part for the incomplete fix in CVE-2017-5180. Most CVEs were published and numbers assigned after the release with the fix was out. The release notes in the package reflect the correct numbers after one more release. Anyway, I'll keep an up to date list here: https://firejail.wordpress.com/download-2/cve-status/