Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted bubblewrap 0.11.2-1 (source) into unstable
Date: Thu, 23 Apr 2026 12:51:58 +0000
Signed by: Simon McVittie <smcv@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 23 Apr 2026 12:25:34 +0100
Source: bubblewrap
Architecture: source
Version: 0.11.2-1
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 1134704
Changes:
 bubblewrap (0.11.2-1) unstable; urgency=medium
 .
   * New upstream release
     - Fixes a root privilege escalation vulnerability if bwrap has been
       made setuid root locally (CVE-2026-41163, Closes: #1134704).
       Most Debian systems have a non-setuid bubblewrap and therefore
       are unaffected by this.
   * d/rules: Temporarily allow bubblewrap to be setuid root.
     This configuration is a security risk and rarely necessary, so the
     option is deprecated, and a future upstream version will
     unconditionally refuse to run if it detects that it has been run
     setuid root.
   * d/README.Debian: Update to reflect deprecation of setuid-root bwrap
   * d/NEWS: Mention deprecation of setuid-root mode
Checksums-Sha1:
 fbc9e7a54ab37f026b282ab29559f222020f7acc 2427 bubblewrap_0.11.2-1.dsc
 ac91654c2d5563cb512f5f4f2963664e31d82d26 116336 bubblewrap_0.11.2.orig.tar.xz
 2439262de549a5da4c584ed8320ceabd018b2250 13004 bubblewrap_0.11.2-1.debian.tar.xz
 de325b1460f4b143fa6418207022fa737ca29b8c 7300 bubblewrap_0.11.2-1_source.buildinfo
Checksums-Sha256:
 ffa604cd84eb4bd47e17c6369ca473816c5aab7f838f22b8fc5997ba780f7a4b 2427 bubblewrap_0.11.2-1.dsc
 69abc30005d2186baf7737feacd8da35633b93cf5af38838ecff17c5f8e924f6 116336 bubblewrap_0.11.2.orig.tar.xz
 ae5a41479277ebf5c893a75dfae9334aa57eba80cfc6aa21dfcd0981c70310ff 13004 bubblewrap_0.11.2-1.debian.tar.xz
 98be11bbcfd30fb0a6333940510ea76fc186d9a39f49fce1dfacc22fdd6a464a 7300 bubblewrap_0.11.2-1_source.buildinfo
Files:
 3b37d9616a9b1bf83acfafcd6820277b 2427 admin optional bubblewrap_0.11.2-1.dsc
 6376255e2e505100e01b20c2dafa7faf 116336 admin optional bubblewrap_0.11.2.orig.tar.xz
 cc43a86a8cf7f466622bf22260f3469e 13004 admin optional bubblewrap_0.11.2-1.debian.tar.xz
 483dd999e248743b2c5c9b9d38ff4dd9 7300 admin optional bubblewrap_0.11.2-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmnqBVgACgkQI1wJnT6z
MHanJA/9GTh/l+UI3FSd40tdAlFsz2ttCgE8NTwT5qDPeH8rtIuU95ER/NBNu42b
trpRo0aPis1W7aT5a81zpMU+lOZUt/35LUKyOmms2pDMlIPGPa6fg/+z/+ZFxYw3
YaupR7bu/NGgxDqvwQffZte9JLZ6mrngpIEOxUpZtLQGrbTT39HjDQLzJ1oe/L/T
u/kYzjS/PQJeR7Zbkt1YopkUBYf0KMejTSDA5ywYIZU6zCqOWakaeUN4TnX+HRjd
YR+47sELGKDkxJeRAPGzE014o3f86CSvoeq8jFTHXIx4cF1iRYRIGmSXGr8NjdgL
KKXifGLZAuPWE9U7iLIvT5hK1DQgD1rGPB4gb/5M+C7HTTtysINWX33Podrnlv4N
3pbRoaQqqI25zX5mShtODzPTBxnhrsusOn3I6hXNUotYIvrrt2FqnMle8nKN+vle
mtsnuQS9MYIs9ydiNBKlzt6s6dNOpvlfin6dYyx/wvx608F5wIj7/NLn+OZmmlkr
rTqIkV8kg7vkkUM8PaK/DbeO6Vi4sjR+gXaSYGnV2V5okbeDkdVuDWiTHbn+ZNo6
prIgVfg5px4dFYWIFn2PZL20yk3G5b1mX1nK0JiZCYFqWYUcq6abgpjU2xbkhJWt
pBaFl+HHjVIzXCnX+DQjmKPofbcgtqB+dDP+GkuQuKq2y4/sdWw=
=pwqS
-----END PGP SIGNATURE-----
News for package bubblewrap
