[From nobody Thu Apr 23 13:53:07 2026 Received: (at 1134704-close) by bugs.debian.org; 23 Apr 2026 12:51:59 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-114.1 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 102; hammy, 150; neutral, 158; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--HX-DAK:process-upload, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo. Return-path: <envelope@ftp-master.debian.org> Received: from muffat.debian.org ([2607:f8f0:614:1::1274:33]:51728) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wFtXD-00CvBu-2c for 1134704-close@bugs.debian.org; Thu, 23 Apr 2026 12:51:59 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by muffat.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wFtXD-00DQJd-2M for 1134704-close@bugs.debian.org; Thu, 23 Apr 2026 12:51:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=4QRj2his26Q+xz6f3eOV2OceKrH/6z3P7E4EqBKpBtQ=; b=HNhCUKASnD4K2foKhopnguCA4f SDrqdsqwq6Rxun+KKj66iAJMedXpFqvbf+b2tYqcT44g/W4tXNjWPJ7WyKCt/0BkUbW25Rk4BU2gI uvGjFFzfjmGhZr4tuNhMf2BiCggSTugwRt13H64bC6idaHRV+TUqJZQ3mWd9hwXpOx8WOxVUuYpZv Cfc0Y6zduea4M7yR8N/16dNRdOt1NRmmYMPXwO94WGbul7fuiRUlZ55YemKXwfEESJBM65sykQ5Zm bE2PVaw9C1v40yOyeiis99m0IMTeQP7NVEUtfvjbIg9ArN143D35fMBg2y34UIfWGdqQ2TkfMkypD 31AwboLA==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wFtXC-0000000282K-3mIQ; Thu, 23 Apr 2026 12:51:58 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Simon McVittie <smcv@debian.org> To: 1134704-close@bugs.debian.org X-DAK: dak process-upload X-Debian: DAK X-Debian-Package: bubblewrap Debian: DAK Debian-Changes: bubblewrap_0.11.2-1_source.changes Debian-Source: bubblewrap Debian-Version: 0.11.2-1 Debian-Architecture: source Debian-Suite: unstable Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1134704: fixed in bubblewrap 0.11.2-1 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============5782537483524233241==" Message-Id: <E1wFtXC-0000000282K-3mIQ@fasolo.debian.org> Date: Thu, 23 Apr 2026 12:51:58 +0000 --===============5782537483524233241== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: bubblewrap Source-Version: 0.11.2-1 Done: Simon McVittie <smcv@debian.org> We believe that the bug you reported is fixed in the latest version of bubblewrap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1134704@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie <smcv@debian.org> (supplier of updated bubblewrap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 23 Apr 2026 12:25:34 +0100 Source: bubblewrap Architecture: source Version: 0.11.2-1 Distribution: unstable Urgency: medium Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debi= an.org> Changed-By: Simon McVittie <smcv@debian.org> Closes: 1134704 Changes: bubblewrap (0.11.2-1) unstable; urgency=3Dmedium . * New upstream release - Fixes a root privilege escalation vulnerability if bwrap has been made setuid root locally (CVE-2026-41163, Closes: #1134704). Most Debian systems have a non-setuid bubblewrap and therefore are unaffected by this. * d/rules: Temporarily allow bubblewrap to be setuid root. This configuration is a security risk and rarely necessary, so the option is deprecated, and a future upstream version will unconditionally refuse to run if it detects that it has been run setuid root. * d/README.Debian: Update to reflect deprecation of setuid-root bwrap * d/NEWS: Mention deprecation of setuid-root mode Checksums-Sha1: fbc9e7a54ab37f026b282ab29559f222020f7acc 2427 bubblewrap_0.11.2-1.dsc ac91654c2d5563cb512f5f4f2963664e31d82d26 116336 bubblewrap_0.11.2.orig.tar.xz 2439262de549a5da4c584ed8320ceabd018b2250 13004 bubblewrap_0.11.2-1.debian.ta= r.xz de325b1460f4b143fa6418207022fa737ca29b8c 7300 bubblewrap_0.11.2-1_source.bui= ldinfo Checksums-Sha256: ffa604cd84eb4bd47e17c6369ca473816c5aab7f838f22b8fc5997ba780f7a4b 2427 bubble= wrap_0.11.2-1.dsc 69abc30005d2186baf7737feacd8da35633b93cf5af38838ecff17c5f8e924f6 116336 bubb= lewrap_0.11.2.orig.tar.xz ae5a41479277ebf5c893a75dfae9334aa57eba80cfc6aa21dfcd0981c70310ff 13004 bubbl= ewrap_0.11.2-1.debian.tar.xz 98be11bbcfd30fb0a6333940510ea76fc186d9a39f49fce1dfacc22fdd6a464a 7300 bubble= wrap_0.11.2-1_source.buildinfo Files: 3b37d9616a9b1bf83acfafcd6820277b 2427 admin optional bubblewrap_0.11.2-1.dsc 6376255e2e505100e01b20c2dafa7faf 116336 admin optional bubblewrap_0.11.2.ori= g.tar.xz cc43a86a8cf7f466622bf22260f3469e 13004 admin optional bubblewrap_0.11.2-1.de= bian.tar.xz 483dd999e248743b2c5c9b9d38ff4dd9 7300 admin optional bubblewrap_0.11.2-1_sou= rce.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmnqBVgACgkQI1wJnT6z MHanJA/9GTh/l+UI3FSd40tdAlFsz2ttCgE8NTwT5qDPeH8rtIuU95ER/NBNu42b trpRo0aPis1W7aT5a81zpMU+lOZUt/35LUKyOmms2pDMlIPGPa6fg/+z/+ZFxYw3 YaupR7bu/NGgxDqvwQffZte9JLZ6mrngpIEOxUpZtLQGrbTT39HjDQLzJ1oe/L/T u/kYzjS/PQJeR7Zbkt1YopkUBYf0KMejTSDA5ywYIZU6zCqOWakaeUN4TnX+HRjd YR+47sELGKDkxJeRAPGzE014o3f86CSvoeq8jFTHXIx4cF1iRYRIGmSXGr8NjdgL KKXifGLZAuPWE9U7iLIvT5hK1DQgD1rGPB4gb/5M+C7HTTtysINWX33Podrnlv4N 3pbRoaQqqI25zX5mShtODzPTBxnhrsusOn3I6hXNUotYIvrrt2FqnMle8nKN+vle mtsnuQS9MYIs9ydiNBKlzt6s6dNOpvlfin6dYyx/wvx608F5wIj7/NLn+OZmmlkr rTqIkV8kg7vkkUM8PaK/DbeO6Vi4sjR+gXaSYGnV2V5okbeDkdVuDWiTHbn+ZNo6 prIgVfg5px4dFYWIFn2PZL20yk3G5b1mX1nK0JiZCYFqWYUcq6abgpjU2xbkhJWt pBaFl+HHjVIzXCnX+DQjmKPofbcgtqB+dDP+GkuQuKq2y4/sdWw=3D =3DpwqS -----END PGP SIGNATURE----- --===============5782537483524233241== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaeoV7gAKCRCb9qggYcy5 IZLSAQDZo5ey3l4iADgO7coHliS4pkPPX5nYRaocAv6O1HBsGgD/cHzfHs+fgmPs pP9KfE9E50kBGb4T+qliv0r4XeI0ug0= =RbTV -----END PGP SIGNATURE----- --===============5782537483524233241==-- ]