-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 06 Jun 2019 19:33:41 +0200 Source: firejail Architecture: source Version: 0.9.58.2-2~bpo9+1 Distribution: stretch-backports Urgency: high Maintainer: Reiner Herrmann <reiner@reiner-h.de> Changed-By: Reiner Herrmann <reiner@reiner-h.de> Closes: 929732 929733 Changes: firejail (0.9.58.2-2~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . firejail (0.9.58.2-2) unstable; urgency=high . * Cherry-pick security fix for seccomp bypass issue. (Closes: #929732) Seccomp filters were writable inside the jail, so they could be overwritten/truncated. Another jail that was then joined with the first one, had no seccomp filters applied. * Cherry-pick security fix for binary truncation issue. (Closes: #929733) When the jailed program was running as root, and firejail was killed from the outside (as root), the jailed program had the possibility to truncate the firejail binary outside the jail. Checksums-Sha1: d8a5974696e0236f67a64aaaf1315d7444ffaf9c 2517 firejail_0.9.58.2-2~bpo9+1.dsc b33c5613e8117e07f0527575c75024d64a128b5f 13428 firejail_0.9.58.2-2~bpo9+1.debian.tar.xz 065903f3ebaf47916b9f7af20f196356dacdbcdf 5589 firejail_0.9.58.2-2~bpo9+1_source.buildinfo Checksums-Sha256: c4c3ff39d4168538beec6f4ffffc8a4f18fe8932d4ad2737f80af52396a0e18a 2517 firejail_0.9.58.2-2~bpo9+1.dsc 2a41a986509d815843f73358d1871cfebf6d72e1a78a0f67dc90ccd55277c70c 13428 firejail_0.9.58.2-2~bpo9+1.debian.tar.xz 1ec9f1844f617de65fbc8990d405ae42dec5522bd37b4843dda36bf19c90a0d2 5589 firejail_0.9.58.2-2~bpo9+1_source.buildinfo Files: a91a84cf45578d15d3b7c88238df2412 2517 utils optional firejail_0.9.58.2-2~bpo9+1.dsc 662eb7e18568a20b26a582ba2dfcfd48 13428 utils optional firejail_0.9.58.2-2~bpo9+1.debian.tar.xz 7f385855fb86f96d7d82768f9eee8497 5589 utils optional firejail_0.9.58.2-2~bpo9+1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE2Pb6feok2Q1urHM7zPBJKNsO6qcFAlz5TwQACgkQzPBJKNsO 6qdqUA//UVHN3X8yMDDE5hk/9kHOaAE6tHYnX03Cww8jUOBeN6O3atKhGPgNdBmn m1evd4dy470QPVUyd5Xc/qOljWu1itCBiNKa4q8yLxjejWGRUWsJE389qTobLTIt VjdQxaILP8iTBkSiFa+1MwQZf1pzd44kzTV6EnRq/r3stLZen2X808XJXA/e7w2K ux8xFd8c2k4azn7e3ZkEhwKs9tC4f5uy0f/eZaMtT+FfDYnqoNnQmYG3Qt+npUXA z9RD7Ises7FHEtOj748xLSzwYJY2+c2qnGWZmgfEtFOaW9HiebhxScDZPT5miMM6 6EuyT5oxMvXyEcU7LjqmzsgfRBXpxYuoSPGvH20ZfC8KURNuaAoY8pv4HZulnnM9 tEYtXCDES4Z1pgmTmNQrgqNmL08zimFHAsh2VoQhDuPVBD8IWuwGaCBnRr/M2J8X NMw9XHjW5V2CG4hUrWXOKHJalxA0lK/1U1ioJ9uxzQczkw0S0oN6S0OA774OaiEu tjfOCc2KtD7p37hjIv7kuP878smfFyE/6ysUysKQ5KHQXxt2RUMMlLkk2l55SEYy 3lrtyFMdJEA4KGVUcwvZeKgz0lwHNS1VVhxgxBNg6xPE+cch4LDEqOqCw6QWVR0E yHHHpemIml/QTQQ3TYnqKUmv2iBnvRkNscypWXQlBoadFIWMlfw= =p/CZ -----END PGP SIGNATURE-----