-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 26 Apr 2026 14:05:43 +0100 Source: bubblewrap Binary: bubblewrap bubblewrap-dbgsym Architecture: ppc64el Version: 0.11.0-2+deb13u1 Distribution: trixie Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-conova-01) Changed-By: Simon McVittie Description: bubblewrap - utility for unprivileged chroot and namespace manipulation Closes: 1134704 Changes: bubblewrap (0.11.0-2+deb13u1) trixie; urgency=medium . * d/control, d/gbp.conf: Branch for Debian 13 stable updates * d/patches: Fix privilege escalation if bubblewrap is setuid root. /usr/bin/bwrap has not been installed setuid-root by default since Debian 11, but if it was made setuid via a dpkg-statoverride set up by the local sysadmin (most likely in conjunction with turning off the ability for unprivileged users to create new user namespaces), then the version included in Debian 13.4 would be vulnerable. (CVE-2026-41163, Closes: #1134704) Note that the ability to install bubblewrap setuid-root has been deprecated upstream, and the version included in Debian 14 will refuse to run if it is setuid. Checksums-Sha1: c52ce4750b5b8af7e22159e177595d4e1b07cb35 85288 bubblewrap-dbgsym_0.11.0-2+deb13u1_ppc64el.deb 11ca2ee206679c81b199092ee8cf15851e16f59f 7777 bubblewrap_0.11.0-2+deb13u1_ppc64el-buildd.buildinfo ff4aaea2263e57b09d7c9c57621fecdff7eaed58 53876 bubblewrap_0.11.0-2+deb13u1_ppc64el.deb Checksums-Sha256: f10d1d576f8f6e4aa75d1300d341010cf6a994a317280f1b9d7f1bd85b53a9ad 85288 bubblewrap-dbgsym_0.11.0-2+deb13u1_ppc64el.deb ad389185fc0b2dba3517e58c802cd34324f311ac0e2b0b466dfe8a5ed4e2b5f2 7777 bubblewrap_0.11.0-2+deb13u1_ppc64el-buildd.buildinfo 2ed88819abbb79c28662d7ae3b3e5b6c39af8687fadb5617652a1aa6e7ba9b20 53876 bubblewrap_0.11.0-2+deb13u1_ppc64el.deb Files: 3dad045db51cea0012de5930b38d9028 85288 debug optional bubblewrap-dbgsym_0.11.0-2+deb13u1_ppc64el.deb 2daa9ef1a932ac874db2a689cd28ecad 7777 admin optional bubblewrap_0.11.0-2+deb13u1_ppc64el-buildd.buildinfo 395e05efe7c8df48c85f327866ebce3d 53876 admin optional bubblewrap_0.11.0-2+deb13u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEDoRc43uRWMOoIqIgDNLUPhbmg7MFAmnzvJ0ACgkQDNLUPhbm g7MemA//Y+fSRPGfMtrturlb3moeg+sPWx/lT9ImZg3ECXavri+LCv4tt+eaU+S3 pnlZHKCQMhczMtOhGK2/WUBKU62v/m614y8aqGlsvgIXRIoKipvZi0pDDU0ADwkI VOe/HxJyxAACnpL3ZckQGa5rUYiKy8DVZNsg6IXukgJkRP+SPWOiVhILC1ANVqH+ rUwhdHkIl89WuoQlUrpQANWFKjSKcC+Qit1q59iKduU86nJIiD0J+MbMXlIxGioO 0cppjsDz0tHpgd01l8TXrxVQRHS7o5xvLAYuyrCPCGQ5Kp1F+H9wkG7Jelg2gBkF Hx7IbeDT+2OSe4cTs7QHKX4DerEKYbUMUqMygqWgh4B2JDYw77JFgAD91T3Av9a1 NPKKM+wxtOaOA35Hp5Gxvbkf+9uA5YzgfNgFZs9ooX0YltJuntxZUSUVbBMF8sqg SYhHuqTuLFlKJGkJ9yFWAB1DXyguf9VMwge/Wj8z4edFQ9+MoXcdhFqC5nJXIBLS nyUE+b+UnZ2np+sZlxXJnyUFXlR3h+NU6XN17C++ncr0za7t5j12rwl0eU0v76P0 7zDLJAclM5COjeQqXfxy392xB/fbw/TpXm2cQcJt/4Qoj1pHbC5Ut1ft6QLnE3U7 63+488bHAyMBnVyNP8ddcGkRxmORB/UAD4boVxm5LNLRrRXUWXY= =UzAF -----END PGP SIGNATURE-----