Register | Log in

firejail

sandbox to restrict the application environment

Choose email to subscribe with

general

source: firejail (main)
version: 0.9.60-2
maintainer: Reiner Herrmann [DMD] [dm]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.9.44.8-2
old-bpo: 0.9.58.2-2~bpo9+1
stable: 0.9.58.2-2
testing: 0.9.60-2
unstable: 0.9.60-2

versioned links

0.9.44.8-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.58.2-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.58.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.60-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

firejail (3 bugs: 0, 2, 1, 0)
firejail-profiles (1 bugs: 0, 1, 0, 0)

action needed

2 security issues in stretch high

There are 2 open security issues in stretch.

2 important issues:

CVE-2019-12499: Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736.
CVE-2019-12589: In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.

Please fix them.

Created: 2019-05-30 Last update: 2019-07-13 06:36

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:22

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2019-07-08 20:08

news

[2019-07-13] firejail 0.9.60-2 MIGRATED to testing (Debian testing watch)
[2019-07-07] Accepted firejail 0.9.60-2 (source) into unstable (Reiner Herrmann)
[2019-06-09] Accepted firejail 0.9.58.2-2~bpo9+1 (source) into stretch-backports->backports-policy, stretch-backports (Reiner Herrmann)
[2019-06-01] firejail 0.9.58.2-2 MIGRATED to testing (Debian testing watch)
[2019-05-29] Accepted firejail 0.9.60-1 (source) into experimental (Reiner Herrmann)
[2019-05-29] Accepted firejail 0.9.58.2-2 (source) into unstable (Reiner Herrmann)
[2019-02-19] Accepted firejail 0.9.58.2-1~bpo9+1 (source) into stretch-backports (Reiner Herrmann)
[2019-02-19] firejail 0.9.58.2-1 MIGRATED to testing (Debian testing watch)
[2019-02-08] Accepted firejail 0.9.58.2-1 (source) into unstable (Reiner Herrmann)
[2019-02-02] firejail 0.9.58-1 MIGRATED to testing (Debian testing watch)
[2019-01-27] Accepted firejail 0.9.58-1 (source) into unstable (Reiner Herrmann)
[2019-01-21] Accepted firejail 0.9.58~rc1-1 (source) into experimental (Reiner Herrmann)
[2018-10-09] Accepted firejail 0.9.56-2~bpo9+1 (source) into stretch-backports (Reiner Herrmann)
[2018-10-07] firejail 0.9.56-2 MIGRATED to testing (Debian testing watch)
[2018-10-01] Accepted firejail 0.9.56-2 (source) into unstable (Reiner Herrmann)
[2018-09-26] firejail 0.9.56-1 MIGRATED to testing (Debian testing watch)
[2018-09-20] Accepted firejail 0.9.56-1 (source) into unstable (Reiner Herrmann)
[2018-08-16] Accepted firejail 0.9.56~rc1-1 (source) into experimental (Reiner Herrmann)
[2018-05-19] Accepted firejail 0.9.54-1~bpo9+1 (source) into stretch-backports (Reiner Herrmann)
[2018-05-19] firejail 0.9.54-1 MIGRATED to testing (Debian testing watch)
[2018-05-16] Accepted firejail 0.9.54-1 (source) into unstable (Reiner Herrmann)
[2018-05-13] Accepted firejail 0.9.54~rc2-1 (source) into experimental (Reiner Herrmann)
[2018-05-07] Accepted firejail 0.9.54~rc1-1 (source) into experimental (Reiner Herrmann)
[2018-05-03] firejail 0.9.52-3 MIGRATED to testing (Debian testing watch)
[2018-04-27] Accepted firejail 0.9.52-3 (source) into unstable (Reiner Herrmann)
[2018-02-10] Accepted firejail 0.9.52-2~bpo9+2 (source) into stretch-backports (Reiner Herrmann)
[2018-02-04] Accepted firejail 0.9.52-2~bpo9+1 (source) into stretch-backports (Reiner Herrmann)
[2017-12-27] firejail 0.9.52-2 MIGRATED to testing (Debian testing watch)
[2017-12-21] Accepted firejail 0.9.52-2 (source) into unstable (Reiner Herrmann)
[2017-12-21] firejail 0.9.52-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 4
RC: 0
I&N: 3
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.9.60-2
1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing