[ubuntu/focal-proposed] bubblewrap 0.4.0-1ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Apr 3 13:33:23 UTC 2020 

bubblewrap (0.4.0-1ubuntu4) focal; urgency=medium

  * SECURITY UPDATE: privilege escalation when used in setuid mode
    - debian/patches/CVE-2020-5291.patch: don't rely on geteuid() to know
      when to switch back from setuid root in bubblewrap.c.
    - CVE-2020-5291

Date: Wed, 01 Apr 2020 08:25:00 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bubblewrap/0.4.0-1ubuntu4
-------------- next part --------------
Format: 1.8
Date: Wed, 01 Apr 2020 08:25:00 -0400
Source: bubblewrap
Architecture: source
Version: 0.4.0-1ubuntu4
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 bubblewrap (0.4.0-1ubuntu4) focal; urgency=medium
 .
   * SECURITY UPDATE: privilege escalation when used in setuid mode
     - debian/patches/CVE-2020-5291.patch: don't rely on geteuid() to know
       when to switch back from setuid root in bubblewrap.c.
     - CVE-2020-5291
Checksums-Sha1:
 95facc3f1da8905405c64b70fb561efb40e09b35 2273 bubblewrap_0.4.0-1ubuntu4.dsc
 c84514652be38c0455ec66b99b1c219e46f247d3 10360 bubblewrap_0.4.0-1ubuntu4.debian.tar.xz
 e1d81872cba5a7065a8e03816022f443e3e63a84 6766 bubblewrap_0.4.0-1ubuntu4_source.buildinfo
Checksums-Sha256:
 cc7174f2cd8837fb00a126be52e0b96381985f4a6fb883c9ec3a31f900d6f70d 2273 bubblewrap_0.4.0-1ubuntu4.dsc
 be03edaf2f46a83b0bb8706509ba66022c0011ce4c726b536902b1c89e551cd2 10360 bubblewrap_0.4.0-1ubuntu4.debian.tar.xz
 2612d4310785febf0966cb433364f1b793dc74ca165849a51d093a1fbaebd16e 6766 bubblewrap_0.4.0-1ubuntu4_source.buildinfo
Files:
 426312a17a4d8c9c2a1455a7be9d12b9 2273 admin optional bubblewrap_0.4.0-1ubuntu4.dsc
 0264e4c166e098af0b2a1bb3a6663410 10360 admin optional bubblewrap_0.4.0-1ubuntu4.debian.tar.xz
 5dbb689993c33bf357df92ce05ae686c 6766 admin optional bubblewrap_0.4.0-1ubuntu4_source.buildinfo
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>

More information about the Focal-changes mailing list