-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 30 Mar 2020 14:46:40 +0100 Source: bubblewrap Architecture: source Version: 0.4.1-1~bpo10+1 Distribution: buster-backports Urgency: high Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Closes: 948617 951577 Changes: bubblewrap (0.4.1-1~bpo10+1) buster-backports; urgency=high . * Rebuild for buster-backports. . bubblewrap (0.4.1-1) unstable; urgency=high . * New upstream release - Fixes a root privilege escalation vulnerability introduced in 0.4.0, in cases where the kernel allows creation of user namespaces by unprivileged users and bwrap is (unnecessarily) setuid root. Debian systems are vulnerable if /proc/sys/kernel/unprivileged_userns_clone (default 0) has been changed to 1, or if using an upstream kernel instead of a Debian kernel. Ubuntu systems are not normally vulnerable, because bwrap is not normally setuid there. (GHSA-j2qp-rvxj-43vj, CVE ID pending) - Fixes test failure with libcap >= 2.29 (Closes: #951577) * Update various URLs from https://github.com/projectatomic/bubblewrap to https://github.com/containers/bubblewrap * Set upstream metadata fields: Repository. * Remove obsolete field Name from debian/upstream/metadata (already present in machine-readable debian/copyright). * Standards-Version: 4.5.0 (no changes required) * d/tests/control: Qualify CLI tools with :native. Thanks to Steve Langasek (Closes: #948617) Checksums-Sha1: 1384286a43b7ac3a298a40b5e65a61f6fd75e06e 2367 bubblewrap_0.4.1-1~bpo10+1.dsc c84085291b4b25d1537d41e735591475bf5ce23f 8672 bubblewrap_0.4.1-1~bpo10+1.debian.tar.xz abe69894e170b2e71ff5e930addc883560ba1eae 6096 bubblewrap_0.4.1-1~bpo10+1_source.buildinfo 00e121950ea494fcd9cfbe23971c0938d6be6755 214496 bubblewrap_0.4.1.orig.tar.xz Checksums-Sha256: 0f72f1d18070aa6f90a5cb6f07356f436bdba9e4b3d579590a4070f22f65ca74 2367 bubblewrap_0.4.1-1~bpo10+1.dsc d6fd94f4b1ea4b455bd9235dfdbb7e85051bbad568e823bfc87fe2632f696d21 8672 bubblewrap_0.4.1-1~bpo10+1.debian.tar.xz bfbbe7ec9082eea5082da46e15b6f4139a978e40320ad25ed8eb65d8ba276736 6096 bubblewrap_0.4.1-1~bpo10+1_source.buildinfo b9c69b9b1c61a608f34325c8e1a495229bacf6e4a07cbb0c80cf7a814d7ccc03 214496 bubblewrap_0.4.1.orig.tar.xz Files: e9eaf51d031f7303ad72c592f7a228b1 2367 admin optional bubblewrap_0.4.1-1~bpo10+1.dsc fefa399e90443eab12b80efc82396bef 8672 admin optional bubblewrap_0.4.1-1~bpo10+1.debian.tar.xz 496673b0b7219d528d26c7920f00e883 6096 admin optional bubblewrap_0.4.1-1~bpo10+1_source.buildinfo 1104b0e43006f22076b5057c129939c8 214496 admin optional bubblewrap_0.4.1.orig.tar.xz -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl6B+hEQHHNtY3ZAZGVi aWFuLm9yZwAKCRDgWuFHj4FMT+pzD/94hUjKwRIswfdDHVpPxp8gaLAWB1d9lvgR cD3t0bWajmQvwjyKBVUjjl6VP4rOYwzAKRNC7PONnI5QjPb0UGX1yCKzOsiCQWvt hxB73j69lZqPetP4SpHoE549l0pfUc2GWp45/tLlVvWXmmRTE+r+005YADGS96G0 2TWLwfHfZ94s15UNjcRsP4VFhi3Rmnb5XcLdeGpxSJ8DQmqyqwJw2FsgyX3ny4Mw V0tC8V6+SNubnkbcoydAnEI3OAY67KJfPV+6d7QgsspcGhgqA6zr9k6bBbwT10cu 6V7HKt06sYJjdxwGPeouxvAh6jTTyOQyIF9TTAfoCFHf24WfOocxwURZ5kVcVIOj IMU4mK5rKWmTsIzPytFNDzDVjc4bhq4C4GeDwSrckG/klxG3lCiyE+q1YkUxldWe urIPp9yivPTyuVL/YObqE55VQ87VcZX9jCvTl51LwDNxC1lgMqkW5Fhgy23Q4aJb Z3JNZUy6XT4anIRouAVJXuMjAwK2PODfs6AykG6Sl4Ehq0TVZf6ZK9IBAY7kYX5S r4aeapnfC3ba6SBme/EU/iKNubXVLN46Kf9RFkwWMEbiIqlYLxaY8tG/q9qxRwh1 kihA8Fol4mRcKPHSyFIRQX8xlC4QBvHdOWewyAnG6MDFwIee35Z1aLyJC0Mp3Wjh sTZb0Z0asQ== =OLtE -----END PGP SIGNATURE-----
