-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 30 Mar 2020 14:33:54 +0100 Source: bubblewrap Architecture: source Version: 0.4.1-1 Distribution: unstable Urgency: high Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Closes: 948617 951577 Changes: bubblewrap (0.4.1-1) unstable; urgency=high . * New upstream release - Fixes a root privilege escalation vulnerability introduced in 0.4.0, in cases where the kernel allows creation of user namespaces by unprivileged users and bwrap is (unnecessarily) setuid root. Debian systems are vulnerable if /proc/sys/kernel/unprivileged_userns_clone (default 0) has been changed to 1, or if using an upstream kernel instead of a Debian kernel. Ubuntu systems are not normally vulnerable, because bwrap is not normally setuid there. (GHSA-j2qp-rvxj-43vj, CVE ID pending) - Fixes test failure with libcap >= 2.29 (Closes: #951577) * Update various URLs from https://github.com/projectatomic/bubblewrap to https://github.com/containers/bubblewrap * Set upstream metadata fields: Repository. * Remove obsolete field Name from debian/upstream/metadata (already present in machine-readable debian/copyright). * Standards-Version: 4.5.0 (no changes required) * d/tests/control: Qualify CLI tools with :native. Thanks to Steve Langasek (Closes: #948617) Checksums-Sha1: eb0362c62110572b60842fef5d9dbd8874b2c7b9 2300 bubblewrap_0.4.1-1.dsc 00e121950ea494fcd9cfbe23971c0938d6be6755 214496 bubblewrap_0.4.1.orig.tar.xz 8015835ad2a1c3157866bde37893eab1bfb6455d 8592 bubblewrap_0.4.1-1.debian.tar.xz 6544b2120a9cd79330a35877429314b1cf839a04 6108 bubblewrap_0.4.1-1_source.buildinfo Checksums-Sha256: f1fe92d4c67b80a28e10026f42658bd8aca7f15217a1df4de640698ec6257626 2300 bubblewrap_0.4.1-1.dsc b9c69b9b1c61a608f34325c8e1a495229bacf6e4a07cbb0c80cf7a814d7ccc03 214496 bubblewrap_0.4.1.orig.tar.xz b0a2d0917ad1886f459c7b77cbd7ee0a10bf7f993859d3cd433f6f7b2e47e854 8592 bubblewrap_0.4.1-1.debian.tar.xz c4722c80a0e2d8aec0ea2f8d893a8d4321828b4eb921ade52b4159a8a8620525 6108 bubblewrap_0.4.1-1_source.buildinfo Files: 3569734be1857e791690dceb9e7ae648 2300 admin optional bubblewrap_0.4.1-1.dsc 1104b0e43006f22076b5057c129939c8 214496 admin optional bubblewrap_0.4.1.orig.tar.xz 793296e5e8bebfa41ed1ffa0ce4caddf 8592 admin optional bubblewrap_0.4.1-1.debian.tar.xz d84470f46e8dbd039f0edfacd4164452 6108 admin optional bubblewrap_0.4.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl6B96oQHHNtY3ZAZGVi aWFuLm9yZwAKCRDgWuFHj4FMT6TeD/sGCq+IiQ1aSHWnOZcL81tJNA5hdd02yNxj ftwCKDDpFK1viCcm7kdQZxls+Eh+jT8J1d2ozEl/tw+TpvA+SwmXsv1f4JfaeKdW Q/0OwIJNB0/iud4AUNXusBLxGQ0F/AaQ4ju5rtV9jFtqmQlQEJGmoAykDrMWqDe2 QLn+lyL3Ve5sE3ppb8QOIPTxOHf1BcbPJeg0bw6+uqEimYiu4ovJW63aFmBClGby AY6jv9iZaStzvv6krwmq2bXluZSudMn0I6urvgMXhdVju0FcbZfzHAMsWnEB0sn9 lADvVpwQbMuHvjfqQKuXEJCJmi5pEMMAvC0juHRQdoA4gMJQrdSRgcBCbZaJLNj0 aAl8XPONU4G1K/abv2FpiBjIc/sSdk0Ze0GYddBEU+w+vhe03bDjaIDYhYs9ATCF quMNuMf0Rw67HR4JYMiNanWe4Rrh1bKPcGUbJvuUDnZUd+FAeaXurfxQ5p6ibq8L fa+u9txlweCQBiOU6ZISXt9fLe/R+VPGeQ4VyOParTNOBoKINc54oQFOqfnqozzg c5DQ9aKM54IO4/FDW4RD1Jtfv7btjoCEiBd6nZqRfkBiomBXThiO4Z2rcM+3Vk9U IalmoYl5i9yjbS4sPrXiHuyJRUOsE0whYkHzu3yA0kQD0nhYBwQOR38Tld4Fb6sy K/Z3B9OGsg== =K2ep -----END PGP SIGNATURE-----