-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 26 Apr 2026 14:05:43 +0100 Source: bubblewrap Binary: bubblewrap bubblewrap-dbgsym Architecture: i386 Version: 0.11.0-2+deb13u1 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Simon McVittie Description: bubblewrap - utility for unprivileged chroot and namespace manipulation Closes: 1134704 Changes: bubblewrap (0.11.0-2+deb13u1) trixie; urgency=medium . * d/control, d/gbp.conf: Branch for Debian 13 stable updates * d/patches: Fix privilege escalation if bubblewrap is setuid root. /usr/bin/bwrap has not been installed setuid-root by default since Debian 11, but if it was made setuid via a dpkg-statoverride set up by the local sysadmin (most likely in conjunction with turning off the ability for unprivileged users to create new user namespaces), then the version included in Debian 13.4 would be vulnerable. (CVE-2026-41163, Closes: #1134704) Note that the ability to install bubblewrap setuid-root has been deprecated upstream, and the version included in Debian 14 will refuse to run if it is setuid. Checksums-Sha1: c56b0576f7bfe8450b380e2da9947eaa5b535c74 76960 bubblewrap-dbgsym_0.11.0-2+deb13u1_i386.deb 9515852b2b9431cbf6f810f70b2dfe0ddab6bdad 7679 bubblewrap_0.11.0-2+deb13u1_i386-buildd.buildinfo 9c3409845a7187e0352f3648f823827be04a3233 54272 bubblewrap_0.11.0-2+deb13u1_i386.deb Checksums-Sha256: cbdd721410f817ef80a4a274f35815d13d6b13ff60696e71a260dd710049808a 76960 bubblewrap-dbgsym_0.11.0-2+deb13u1_i386.deb d6e4bb9510c8c41403b59e793019e50e40d9cbed47de68430161d69d6ec0a423 7679 bubblewrap_0.11.0-2+deb13u1_i386-buildd.buildinfo 4c68b69255c0f09a4d0c757f93c49059997f669546a93e7228cf7f964478320c 54272 bubblewrap_0.11.0-2+deb13u1_i386.deb Files: 9fc5be063f885143aaacfc84fdf2e05c 76960 debug optional bubblewrap-dbgsym_0.11.0-2+deb13u1_i386.deb 0a9d6302fc8f9ce62dd5da0a24722739 7679 admin optional bubblewrap_0.11.0-2+deb13u1_i386-buildd.buildinfo d59cb4f10c42c7f6fb9eb9637f7f1c88 54272 admin optional bubblewrap_0.11.0-2+deb13u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmnzvPoACgkQPkCWRKsh 20cIsw/9EfP+IHzC6jq5B/eIWH2+FTruA+wkqFz4K/41HBUruT/NjGJNj+P9NlHJ yxx2OrIz70lUxkB2UKlLyIxj9akqHd46W26fhyxcPagHlHYHqBxyw1nOjKyk1a4u AQ0+eJYaRfvbvtvwXqEHdbiq8pSJ/5bxr+gVqqjJ4n/M5PL6iZMpb6IzRhAD06rm PioaadyL+2PIkp6pNeWiFa8DBXIfh6COa7gDYsGlrwW9AckzpBdRnAPS1uZ7yckK 2sgiTXk854mCL2ME6dUikcc0Zauxg6RTi+VaM5LMlfIs1ivaf+apzlz9TJzjVrRF VrknUYji2w1p8DODrtyw2EElDVALDWLvNygwJWYHpNw5vIsfYd8yxD8MQEnlydWu 4w7+NvSscX16za+reyF+aZporvbHAmtdSxMEeZIdJcVBDdbDJK0bFPNk74k1EeMd 9nTAz0DDZIy5dP6hyeStCPWfCNhrb2mGt4pTEhTwangmr2DPmfh5UEkXoZte7Qxb Dt9rDYc/68IHaevNhVXNWaic7CUIhjhoDo9sxC5SmLRhineCHv/baz8GfFxSOW/3 w1fNXMmLZNYJ94oXb1Y4mX0fCKF3ZMjnsB+m2vbjuJPbuz4sXyDtxzQxhABp4t3A 8cu5iU7tlXK33Ndvw7XYFXri2z9Pdi+InVEYq5cfO0wp0En580I= =dPVm -----END PGP SIGNATURE-----