-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 26 Apr 2026 14:05:43 +0100 Source: bubblewrap Binary: bubblewrap bubblewrap-dbgsym Architecture: amd64 Version: 0.11.0-2+deb13u1 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Simon McVittie Description: bubblewrap - utility for unprivileged chroot and namespace manipulation Closes: 1134704 Changes: bubblewrap (0.11.0-2+deb13u1) trixie; urgency=medium . * d/control, d/gbp.conf: Branch for Debian 13 stable updates * d/patches: Fix privilege escalation if bubblewrap is setuid root. /usr/bin/bwrap has not been installed setuid-root by default since Debian 11, but if it was made setuid via a dpkg-statoverride set up by the local sysadmin (most likely in conjunction with turning off the ability for unprivileged users to create new user namespaces), then the version included in Debian 13.4 would be vulnerable. (CVE-2026-41163, Closes: #1134704) Note that the ability to install bubblewrap setuid-root has been deprecated upstream, and the version included in Debian 14 will refuse to run if it is setuid. Checksums-Sha1: 8c808bd61f1a3eaec65d5ba79540c3c74768da45 85448 bubblewrap-dbgsym_0.11.0-2+deb13u1_amd64.deb bda6c33d389ef7a969e3d87c58f80db539501341 7778 bubblewrap_0.11.0-2+deb13u1_amd64-buildd.buildinfo 817a2e6186906394f63696c2b289f0f19e45b8d3 52500 bubblewrap_0.11.0-2+deb13u1_amd64.deb Checksums-Sha256: 9a98aa80485e5134660d60a7d1575fb83ceb1b353eb122c7de41c9e5a135485a 85448 bubblewrap-dbgsym_0.11.0-2+deb13u1_amd64.deb 55a8214d8363c10312acc895f1295dd119fac08f59129f914cc8cf9b73d26511 7778 bubblewrap_0.11.0-2+deb13u1_amd64-buildd.buildinfo 7a541ad9d12b23db7082ed3bf1f6d5253f23439cdfa7c28b4e022d0a602a19d6 52500 bubblewrap_0.11.0-2+deb13u1_amd64.deb Files: 922395bc0817cb46817090c91275650b 85448 debug optional bubblewrap-dbgsym_0.11.0-2+deb13u1_amd64.deb 35bcc525cc3f1a10fc1fb5f863053720 7778 admin optional bubblewrap_0.11.0-2+deb13u1_amd64-buildd.buildinfo a34895fa65bb0d93d6d42553da01e490 52500 admin optional bubblewrap_0.11.0-2+deb13u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmnzvKsACgkQPkCWRKsh 20cAlhAAtJes3oqoYipTtt94Us8Qzae1yx3ZCKKA8gq0DxxtKHjEMk9xXH3TBOUD Xn9CYjWY6b/xxiCNu3HcAfhXtrY+x7GeBAxVM0O9jmEXtMN+HmexLMqG7pUtqisS DKQ2YNZYVPEzOoWoHPINzvrfJdMh0FfoUKIN6hRzlUN7GsJo99CyTjd6pthiVRyf kHMptF2+Jzk2QTINivabXkzWzr0ggUPQAoa0+P7euiTWw/NIDNAZvnHddixfd8Dp YVkrr95YYSFeu//DWnPIMw0yOHxYu4/sOBBDlw7YQB3xfqOQysfQoOgaUD4TEeCF nc5xvqdt9i/ll+35/gj3g5JBvpnbxDszI7EHHCqf+pPzelZ0qkTjliE9jfFHdDUZ sZf8JpCJ9SYh5x5GGvJdQ7CF7PuQEyw0uJXdnIqRC3ZhhxoUHdGPpy0Pe5EnPwnp tNF54OgB3bArmgOoWuJYXkV8rP9ocrwM8ja2sgvqKu8Z8eH4PgwECN+nXjzkUT+e c24Ls9ZGQ+MJaytY7s7wNka4hy3zh6VZXBP3LKfN+wLmgROYXJa8fYIJuLOm3Kzt 5v3xIGanj/qijg/uwEPhIbneU2x6pSDUKDwokROgKoOYfpcgonVGLAFrQ/c8/ik5 FOcVGjU/kSMorpUXS5+A3CZ5mPhCog7ArW0kDACxAq2KOJToYYg= =JXdb -----END PGP SIGNATURE-----