Register | Log in

bubblewrap

utility for unprivileged chroot and namespace manipulation

Choose email to subscribe with

general

source: bubblewrap (main)
version: 0.11.2-2
maintainer: Utopia Maintenance Team (archive) (DMD)
uploaders: Simon McVittie [DMD] – Laszlo Boszormenyi (GCS) [DMD]
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.4.1-3
o-o-sec: 0.4.1-3+deb11u1
oldstable: 0.8.0-2+deb12u1
old-sec: 0.8.0-2+deb12u1
stable: 0.11.0-2
stable-p-u: 0.11.0-2+deb13u1
testing: 0.11.2-1
unstable: 0.11.2-2

versioned links

0.4.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.4.1-3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.0-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.11.0-2+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.11.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.11.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

bubblewrap (2 bugs: 0, 2, 0, 0)

action needed

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2026-41163: bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily use the privileged operations, and in particular the "overlay mount" operation, allowing the creation of overlay mounts which is otherwise not allowed in the setuid version of bubblewrap. This issue has been patched in version 0.11.2.

Created: 2026-05-16 Last update: 2026-05-16 12:01

Depends on packages which need a new maintainer normal

The packages that bubblewrap depends on which need a new maintainer are:

docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2023-09-01 Last update: 2026-05-16 15:02

testing migrations

excuses:
- Migration status for bubblewrap (0.11.2-1 to 0.11.2-2): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Autopkgtest for bubblewrap/0.11.2-2: amd64: Pass, arm64: No tests, superficial or marked flaky ♻, i386: No tests, superficial or marked flaky ♻, loong64: No tests, superficial or marked flaky ♻, ppc64el: No tests, superficial or marked flaky ♻, riscv64: No tests, superficial or marked flaky ♻, s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for glycin/2.0.8-1: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻, i386: No tests, superficial or marked flaky ♻, loong64: Test triggered, ppc64el: No tests, superficial or marked flaky ♻, riscv64: No tests, superficial or marked flaky ♻, s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for laniakea/0.1.1-5: amd64: Pass, arm64: Pass, i386: No tests, superficial or marked flaky ♻, loong64: Test triggered, ppc64el: No tests, superficial or marked flaky ♻, riscv64: No tests, superficial or marked flaky ♻, s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for opam/2.5.1-2: amd64: Pass, arm64: Pass, i386: Pass, loong64: Reference test triggered, but real test failed already ♻, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Autopkgtest for systemd/260.1-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Too young, only 3 of 5 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/b/bubblewrap.html
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- Not considered

news

[2026-05-12] Accepted bubblewrap 0.11.2-2 (source) into unstable (Simon McVittie)
[2026-04-30] Accepted bubblewrap 0.11.0-2+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Simon McVittie)
[2026-04-28] bubblewrap 0.11.2-1 MIGRATED to testing (Debian testing watch)
[2026-04-23] Accepted bubblewrap 0.11.2-1 (source) into unstable (Simon McVittie)
[2026-03-27] bubblewrap 0.11.1-1 MIGRATED to testing (Debian testing watch)
[2026-03-21] Accepted bubblewrap 0.11.1-1 (source) into unstable (Simon McVittie)
[2025-03-31] Accepted bubblewrap 0.4.1-3+deb11u1 (source) into oldstable-security (Adrian Bunk)
[2025-01-04] bubblewrap 0.11.0-2 MIGRATED to testing (Debian testing watch)
[2024-12-30] Accepted bubblewrap 0.11.0-2 (source) into unstable (Simon McVittie)
[2024-11-05] bubblewrap 0.11.0-1 MIGRATED to testing (Debian testing watch)
[2024-10-30] Accepted bubblewrap 0.11.0-1 (source) into unstable (Simon McVittie)
[2024-10-18] Accepted bubblewrap 0.10.0+30+g0545e72-1 (source) into experimental (Simon McVittie)
[2024-08-17] bubblewrap 0.10.0-1 MIGRATED to testing (Debian testing watch)
[2024-08-16] Accepted bubblewrap 0.8.0-2+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Simon McVittie)
[2024-08-14] Accepted bubblewrap 0.8.0-2+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Simon McVittie)
[2024-08-14] Accepted bubblewrap 0.10.0-1 (source) into unstable (Simon McVittie)
[2024-04-01] bubblewrap 0.9.0-1 MIGRATED to testing (Debian testing watch)
[2024-03-26] Accepted bubblewrap 0.9.0-1 (source) into unstable (Simon McVittie)
[2023-03-14] Accepted bubblewrap 0.8.0-2~bpo11+1 (source) into bullseye-backports (Simon McVittie)
[2023-03-10] bubblewrap 0.8.0-2 MIGRATED to testing (Debian testing watch)
[2023-02-28] Accepted bubblewrap 0.8.0-2 (source) into unstable (Simon McVittie)
[2023-02-27] Accepted bubblewrap 0.8.0-1 (source) into experimental (Simon McVittie)
[2023-01-18] Accepted bubblewrap 0.7.0-2~bpo11+1 (source) into bullseye-backports (Simon McVittie)
[2023-01-17] bubblewrap 0.7.0-2 MIGRATED to testing (Debian testing watch)
[2023-01-11] Accepted bubblewrap 0.7.0-2 (source) into unstable (Simon McVittie)
[2022-12-06] Accepted bubblewrap 0.7.0-1~bpo11+1 (source) into bullseye-backports (Simon McVittie)
[2022-11-13] bubblewrap 0.7.0-1 MIGRATED to testing (Debian testing watch)
[2022-11-07] Accepted bubblewrap 0.7.0-1 (source) into unstable (Simon McVittie)
[2022-09-26] Accepted bubblewrap 0.6.2-1~bpo11+1 (amd64 source) into bullseye-backports (Debian FTP Masters) (signed by: Simon McVittie)
[2022-05-17] bubblewrap 0.6.2-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.11.1-1
4 bugs

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing