-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2026 14:05:43 +0100
Source: bubblewrap
Binary: bubblewrap bubblewrap-dbgsym
Architecture: arm64
Version: 0.11.0-2+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-01) <buildd_arm64-arm-ubc-01@buildd.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 bubblewrap - utility for unprivileged chroot and namespace manipulation
Closes: 1134704
Changes:
 bubblewrap (0.11.0-2+deb13u1) trixie; urgency=medium
 .
   * d/control, d/gbp.conf: Branch for Debian 13 stable updates
   * d/patches: Fix privilege escalation if bubblewrap is setuid root.
     /usr/bin/bwrap has not been installed setuid-root by default since
     Debian 11, but if it was made setuid via a dpkg-statoverride set up
     by the local sysadmin (most likely in conjunction with turning off
     the ability for unprivileged users to create new user namespaces),
     then the version included in Debian 13.4 would be vulnerable.
     (CVE-2026-41163, Closes: #1134704)
     Note that the ability to install bubblewrap setuid-root has been
     deprecated upstream, and the version included in Debian 14 will
     refuse to run if it is setuid.
Checksums-Sha1:
 995f32479ced83af84a611ff9d1c4520dc22627d 83264 bubblewrap-dbgsym_0.11.0-2+deb13u1_arm64.deb
 109d247299483804df50d594ce9d59982dd3bb62 7768 bubblewrap_0.11.0-2+deb13u1_arm64-buildd.buildinfo
 ef2d83d8c40c740e00a7dde0ffffff41e5f855ee 50132 bubblewrap_0.11.0-2+deb13u1_arm64.deb
Checksums-Sha256:
 a938e714bde029224ac23b629fd07a751f1fa3ce226ae6e17935b6b148f6d73c 83264 bubblewrap-dbgsym_0.11.0-2+deb13u1_arm64.deb
 8158325e8caa7b80dcabf51b6b41e3fbfb545f3dd86b01af79d7b6aa39f3911d 7768 bubblewrap_0.11.0-2+deb13u1_arm64-buildd.buildinfo
 c838daebddb7fe169ebb461612e90b1fcb981de838f81bfbecf26d45ab5a71ee 50132 bubblewrap_0.11.0-2+deb13u1_arm64.deb
Files:
 0f76fe6a850af48fe0a3a5c3e3282a34 83264 debug optional bubblewrap-dbgsym_0.11.0-2+deb13u1_arm64.deb
 4e2d81b7e82ab5c0d97ce58e37c09ea8 7768 admin optional bubblewrap_0.11.0-2+deb13u1_arm64-buildd.buildinfo
 d6e0a575f91d3215954dc7ee531a47e9 50132 admin optional bubblewrap_0.11.0-2+deb13u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0Ha//LlsGOpbQ/H4xqCFmsOWgoYFAmnzvIwACgkQxqCFmsOW
goaV4BAAlaM4atq3qKF5BmmWlp16i5xqniluo2/szSsyO0f3R1BULYOIV6fglKRU
T92yXAcE52w3bGY2n7w9c+o01NT3Xf+8XBAZpNtBFVERy8dr5w2ZE/hY5wKtc4uu
BufpBKn8+liWHyqQNpcm6F4pJu5RQqWwI7NkiiGKSEjotOzHSdb0TyauADMPiY+3
EiysuKBGY+XfPnm+NMbtr5fpqZNefWYtXZeInzsTEeKIW05/5WuHFU+giKD3d0YU
YtLjH3bnMbupmjKEYtKl8boPf9WLoEHH4l1d5GiirZB7LLG5pJbYaFoXb+9BK4MO
urZpd2PuuXyHlgIDbum0wonddLOwMWwOjTSqaiwpIM0CHks6dG2Uo9Z1wkaBPa5b
QsyNFcSc1FUmQblKYjOrZg15a6KCph1+T49Y1kupNw7Na8mEtN5er2RTna8KflLJ
wc+/SEUSjNVmRXA1X//7wgJsAeFMGT9GxFeEqaMrHaPrPbLFykZmCwHJoOzh/Hv4
GN0cLRD48IDeo7QuklbmvtZVNhcdfQ8OBd98B90t4dBuf75ccxCFfeEpEhi1zXZd
dzR2jY6D64ekfumN1azFZIYXKjoZ2Bqp8Hbj9gYDC6YbIJcMebPvQ/+S3ZfLi4yN
hvgzTyKoO7yWhqiZYI2gBulsOhcUyC0d3yEPXPcInlsIIupJ8iI=
=ajj7
-----END PGP SIGNATURE-----