-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 14 Aug 2024 18:19:22 BST Source: bubblewrap Architecture: source Version: 0.8.0-2+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Changes: bubblewrap (0.8.0-2+deb12u1) bookworm-security; urgency=high . * d/gbp.conf: Use debian/bookworm packaging branch for Debian 12 * d/p/Add-bind-fd-and-ro-bind-fd-to-let-you-bind-a-O_PATH-fd.patch: Backport new --[ro-]bind-fd feature from upstream release 0.10.0. This is necessary to resolve CVE-2024-42472 in Flatpak without introducing a potentially exploitable race condition. Checksums-Sha256: 155ac8bc44bd578a628d76f5b826817d6d091fc82e900ed8158d9921f650a41c 2267 bubblewrap_0.8.0-2+deb12u1.dsc 37917e8abdd6df1d1118f089e9cf1f9374e1b5bb21c8a70d7de4e9b5dfb10f6d 14828 bubblewrap_0.8.0-2+deb12u1.debian.tar.xz 0a81e6c99614a6cde6a08f203633f4bb05ca9c76d419830fbf5243fdd28ea935 7173 bubblewrap_0.8.0-2+deb12u1_source.buildinfo 957ad1149db9033db88e988b12bcebe349a445e1efc8a9b59ad2939a113d333a 149088 bubblewrap_0.8.0.orig.tar.xz Checksums-Sha1: 0712f21a84b519043ae56763b99eefb401ca6a97 2267 bubblewrap_0.8.0-2+deb12u1.dsc 6efb68ae45f0ba7e965cbf392fd2a73e69bdd6df 14828 bubblewrap_0.8.0-2+deb12u1.debian.tar.xz 3b5bc833eb5fc238479506034c43fac2de5d3909 7173 bubblewrap_0.8.0-2+deb12u1_source.buildinfo d7476e68af117f16e69495bfbb129ef63fe579f7 149088 bubblewrap_0.8.0.orig.tar.xz Files: 3a34635dc29d0c0c755e5d74aa215bbe 2267 admin optional bubblewrap_0.8.0-2+deb12u1.dsc 70e038827a87f54756e5f40eb4a6e00d 14828 admin optional bubblewrap_0.8.0-2+deb12u1.debian.tar.xz 0248e0d62318ef3c0491655b16d01442 7173 admin optional bubblewrap_0.8.0-2+deb12u1_source.buildinfo fc0e14bc26df76225e8f8cc2df9fb657 149088 admin optional bubblewrap_0.8.0.orig.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAma85yIACgkQ4FrhR4+B TE8xow//fL3ytqzACAPlKCgtx9sy5lQKYYAjRREfZhQ8kc3iK9a95wVikUapGNnu nTD87YvXWZH03LuHxIX+FxADrTJnpDUHwgUegeWpN2kvAAMM7RI0fN1RyNras5z/ FY3vCrQc6QRwcPVjKBfypKEcFZFZje6TG/q/FAwCeAp3Mv03AJJ5FFR0W4gfua9q IGKHk6kIWRgrH8RZbHjGVc5ud4I75pPh5r+6M6wOZw0lkgn9pNMp53b/FQe293ES Q/yR48MGBe9h6yLyUXaSHM37eK7RGe6168xWDzyEhNMLyDOpAaOJBi8oxPhWDF6O CbeOKu5RCTmMcJX6dcLbLbnZHcZTICm65e5MmdL9XIAEGMZiFXGVHKB5hUMBnMqK adt8ofZK8YV/EOfQFDn4D0QUHMH1FdNbXNwGe7aTsYHRKlzoLvRy7JO0054H0zBW LeJ7V+4GW5Fm0NnJBqRKbPmWUETUK8OwthQHYRvUwmO2tay4gQ+mbD+Hqtxc/dQg wkMd93H5/LiUTRLvGQLaDWVPuzJ6xfvlM4p9hSqFl+ef9TsUL/wV4d4xFFvgciLI vKlLrem8zUyYC3Ag72M25f5DEdDKbnGqOv6Tw3QgTLERlklD77v2NOgn7b1m1rPG orBbaUcc30Kadidu0NT/+PS1zVeLPwR97uNB3C+TfP+V69EpS/w= =ojQz -----END PGP SIGNATURE-----