[ubuntu/groovy-proposed] bubblewrap 0.4.1-1 (Accepted)

Jeremy Bicha jeremy at bicha.net
Thu Apr 30 23:48:47 UTC 2020

bubblewrap (0.4.1-1) unstable; urgency=high

  * New upstream release
    - Fixes a root privilege escalation vulnerability introduced in 0.4.0,
      in cases where the kernel allows creation of user namespaces by
      unprivileged users and bwrap is (unnecessarily) setuid root.
      Debian systems are vulnerable if
      /proc/sys/kernel/unprivileged_userns_clone (default 0) has been
      changed to 1, or if using an upstream kernel instead of a Debian
      Ubuntu systems are not normally vulnerable, because bwrap is not
      normally setuid there.
      (GHSA-j2qp-rvxj-43vj, CVE ID pending)
    - Fixes test failure with libcap >= 2.29 (Closes: #951577)
  * Update various URLs from https://github.com/projectatomic/bubblewrap
    to https://github.com/containers/bubblewrap
  * Set upstream metadata fields: Repository.
  * Remove obsolete field Name from debian/upstream/metadata (already
    present in machine-readable debian/copyright).
  * Standards-Version: 4.5.0 (no changes required)
  * d/tests/control: Qualify CLI tools with :native.
    Thanks to Steve Langasek (Closes: #948617)

Date: 2020-03-30 22:27:48.009103+00:00
Signed-By: Jeremy Bicha <jeremy at bicha.net>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Groovy-changes mailing list