[Pkg-utopia-maintainers] bubblewrap_0.4.1-1~bpo10+1_source.changes ACCEPTED into buster-backports
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Mar 31 17:48:23 BST 2020
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 30 Mar 2020 14:46:40 +0100
Source: bubblewrap
Architecture: source
Version: 0.4.1-1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Closes: 948617 951577
Changes:
bubblewrap (0.4.1-1~bpo10+1) buster-backports; urgency=high
.
* Rebuild for buster-backports.
.
bubblewrap (0.4.1-1) unstable; urgency=high
.
* New upstream release
- Fixes a root privilege escalation vulnerability introduced in 0.4.0,
in cases where the kernel allows creation of user namespaces by
unprivileged users and bwrap is (unnecessarily) setuid root.
Debian systems are vulnerable if
/proc/sys/kernel/unprivileged_userns_clone (default 0) has been
changed to 1, or if using an upstream kernel instead of a Debian
kernel.
Ubuntu systems are not normally vulnerable, because bwrap is not
normally setuid there.
(GHSA-j2qp-rvxj-43vj, CVE ID pending)
- Fixes test failure with libcap >= 2.29 (Closes: #951577)
* Update various URLs from https://github.com/projectatomic/bubblewrap
to https://github.com/containers/bubblewrap
* Set upstream metadata fields: Repository.
* Remove obsolete field Name from debian/upstream/metadata (already
present in machine-readable debian/copyright).
* Standards-Version: 4.5.0 (no changes required)
* d/tests/control: Qualify CLI tools with :native.
Thanks to Steve Langasek (Closes: #948617)
Checksums-Sha1:
1384286a43b7ac3a298a40b5e65a61f6fd75e06e 2367 bubblewrap_0.4.1-1~bpo10+1.dsc
c84085291b4b25d1537d41e735591475bf5ce23f 8672 bubblewrap_0.4.1-1~bpo10+1.debian.tar.xz
abe69894e170b2e71ff5e930addc883560ba1eae 6096 bubblewrap_0.4.1-1~bpo10+1_source.buildinfo
00e121950ea494fcd9cfbe23971c0938d6be6755 214496 bubblewrap_0.4.1.orig.tar.xz
Checksums-Sha256:
0f72f1d18070aa6f90a5cb6f07356f436bdba9e4b3d579590a4070f22f65ca74 2367 bubblewrap_0.4.1-1~bpo10+1.dsc
d6fd94f4b1ea4b455bd9235dfdbb7e85051bbad568e823bfc87fe2632f696d21 8672 bubblewrap_0.4.1-1~bpo10+1.debian.tar.xz
bfbbe7ec9082eea5082da46e15b6f4139a978e40320ad25ed8eb65d8ba276736 6096 bubblewrap_0.4.1-1~bpo10+1_source.buildinfo
b9c69b9b1c61a608f34325c8e1a495229bacf6e4a07cbb0c80cf7a814d7ccc03 214496 bubblewrap_0.4.1.orig.tar.xz
Files:
e9eaf51d031f7303ad72c592f7a228b1 2367 admin optional bubblewrap_0.4.1-1~bpo10+1.dsc
fefa399e90443eab12b80efc82396bef 8672 admin optional bubblewrap_0.4.1-1~bpo10+1.debian.tar.xz
496673b0b7219d528d26c7920f00e883 6096 admin optional bubblewrap_0.4.1-1~bpo10+1_source.buildinfo
1104b0e43006f22076b5057c129939c8 214496 admin optional bubblewrap_0.4.1.orig.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl6B+hEQHHNtY3ZAZGVi
aWFuLm9yZwAKCRDgWuFHj4FMT+pzD/94hUjKwRIswfdDHVpPxp8gaLAWB1d9lvgR
cD3t0bWajmQvwjyKBVUjjl6VP4rOYwzAKRNC7PONnI5QjPb0UGX1yCKzOsiCQWvt
hxB73j69lZqPetP4SpHoE549l0pfUc2GWp45/tLlVvWXmmRTE+r+005YADGS96G0
2TWLwfHfZ94s15UNjcRsP4VFhi3Rmnb5XcLdeGpxSJ8DQmqyqwJw2FsgyX3ny4Mw
V0tC8V6+SNubnkbcoydAnEI3OAY67KJfPV+6d7QgsspcGhgqA6zr9k6bBbwT10cu
6V7HKt06sYJjdxwGPeouxvAh6jTTyOQyIF9TTAfoCFHf24WfOocxwURZ5kVcVIOj
IMU4mK5rKWmTsIzPytFNDzDVjc4bhq4C4GeDwSrckG/klxG3lCiyE+q1YkUxldWe
urIPp9yivPTyuVL/YObqE55VQ87VcZX9jCvTl51LwDNxC1lgMqkW5Fhgy23Q4aJb
Z3JNZUy6XT4anIRouAVJXuMjAwK2PODfs6AykG6Sl4Ehq0TVZf6ZK9IBAY7kYX5S
r4aeapnfC3ba6SBme/EU/iKNubXVLN46Kf9RFkwWMEbiIqlYLxaY8tG/q9qxRwh1
kihA8Fol4mRcKPHSyFIRQX8xlC4QBvHdOWewyAnG6MDFwIee35Z1aLyJC0Mp3Wjh
sTZb0Z0asQ==
=OLtE
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-utopia-maintainers
mailing list