CVE-2022-23648: privilege escape in docker/containerd
this just in, container escape through crafted container images:
https://security-tracker.debian.org/tracker/CVE-2022-23648 https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
this probably affects our gitlab runners. the impact is minimal (reading arbitrary files), but we should still look into this.