-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 26 Apr 2026 14:05:43 +0100 Source: bubblewrap Binary: bubblewrap bubblewrap-dbgsym Architecture: armel Version: 0.11.0-2+deb13u1 Distribution: trixie Urgency: medium Maintainer: arm Build Daemon (arm-ubc-06) Changed-By: Simon McVittie Description: bubblewrap - utility for unprivileged chroot and namespace manipulation Closes: 1134704 Changes: bubblewrap (0.11.0-2+deb13u1) trixie; urgency=medium . * d/control, d/gbp.conf: Branch for Debian 13 stable updates * d/patches: Fix privilege escalation if bubblewrap is setuid root. /usr/bin/bwrap has not been installed setuid-root by default since Debian 11, but if it was made setuid via a dpkg-statoverride set up by the local sysadmin (most likely in conjunction with turning off the ability for unprivileged users to create new user namespaces), then the version included in Debian 13.4 would be vulnerable. (CVE-2026-41163, Closes: #1134704) Note that the ability to install bubblewrap setuid-root has been deprecated upstream, and the version included in Debian 14 will refuse to run if it is setuid. Checksums-Sha1: a5c1de144c37360a67d90c5e7b1c7a8c627d6dee 81024 bubblewrap-dbgsym_0.11.0-2+deb13u1_armel.deb b865dfc7da0599047145074de3f651f8ecb74173 7630 bubblewrap_0.11.0-2+deb13u1_armel-buildd.buildinfo a12dc545bbc2ad6e6b0bc5bc1d04f3c40323eb80 49316 bubblewrap_0.11.0-2+deb13u1_armel.deb Checksums-Sha256: 10c3ff86cc0d38e6ab5ee504e60f98b3fd269552657933a9f6c19d20fc312bab 81024 bubblewrap-dbgsym_0.11.0-2+deb13u1_armel.deb 3e499a7af1a652743e5086128231a42b6861949baef9f9715b3c9626cbda2054 7630 bubblewrap_0.11.0-2+deb13u1_armel-buildd.buildinfo 695586c1694ca740d32834bb7081c1aee8a4b6c0b49ee70c6d99b80ed13c01bc 49316 bubblewrap_0.11.0-2+deb13u1_armel.deb Files: e11dfa8f52055a9b86934478b248a205 81024 debug optional bubblewrap-dbgsym_0.11.0-2+deb13u1_armel.deb ce4ac98faf7f688c63ef99ecd128bbd9 7630 admin optional bubblewrap_0.11.0-2+deb13u1_armel-buildd.buildinfo 9b45577b317a9572fd2746fccbab34bc 49316 admin optional bubblewrap_0.11.0-2+deb13u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpxWVfktWxVoKRwGgJ7tNDw2WyRsFAmnzvMEACgkQJ7tNDw2W yRtT0xAAlVeznG37CGzznzLyqhromNIXwk3rbJUOjJRR8yUW+YGKFlTb7//EfoHA vwIEH4sTEjHn557xp7Vzsut9BGZhhlX1ybM8qsbCcvpW/INCEu9NZtV4J1m4VFgQ ZuLN/FNW9AYW19chbgrrhh2dNxHyHsu8lfli3eOXuMuw/2cA/E1KrlQMZbB89z90 +Q35llnkkfJCpFUn6JlJ/fAbqwyVwaCDoMJgMOD9p5kMetQ5LONCS20duu6UrjJm GCCO/3cRC954uZhsGR2IpwkbpjB9Bszgs0wpqteufoe0671DxAIoZ4gw6FN3FI4i 7pVR3l2W/8SqkVtLnm2Wpwd7YRdTYjThX+82nNO+uoj2W86nLrd6n8SR0nL8zZfN riw5YUlH26FJaAdq2qi69asQtp7DZH8FTkIBElJRI49g9dY0Q4G8wfdvM7K538mO c70U+dBfctLSPN45oCXL2SukA1mxFlWfSk8beUUYaCb/8/evpm1OzY8w76sAn3Dr KNYjXF35O0ztBzUjvzciTE3fvnOHF03mruBAAT+4TsNGJxmiFX+tFAhCHEm9fcE6 LG8TGVMdDm+kBd5xrZx+hdIEERzp+VCxgE2szgcgrAH7pkgwVwNTerpr9HvwdOTP BgoO1Z815HQes8uy6c9JghUbC6LoN+DRIRgySNG7qOb0caL85xg= =SKw0 -----END PGP SIGNATURE-----