-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2026 14:05:43 +0100
Source: bubblewrap
Binary: bubblewrap bubblewrap-dbgsym
Architecture: riscv64
Version: 0.11.0-2+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: riscv64 Build Daemon (rv-osuosl-04) <buildd_riscv64-rv-osuosl-04@buildd.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 bubblewrap - utility for unprivileged chroot and namespace manipulation
Closes: 1134704
Changes:
 bubblewrap (0.11.0-2+deb13u1) trixie; urgency=medium
 .
   * d/control, d/gbp.conf: Branch for Debian 13 stable updates
   * d/patches: Fix privilege escalation if bubblewrap is setuid root.
     /usr/bin/bwrap has not been installed setuid-root by default since
     Debian 11, but if it was made setuid via a dpkg-statoverride set up
     by the local sysadmin (most likely in conjunction with turning off
     the ability for unprivileged users to create new user namespaces),
     then the version included in Debian 13.4 would be vulnerable.
     (CVE-2026-41163, Closes: #1134704)
     Note that the ability to install bubblewrap setuid-root has been
     deprecated upstream, and the version included in Debian 14 will
     refuse to run if it is setuid.
Checksums-Sha1:
 82efa755fbe7a86384db29a6dd1aaa1afe588e22 79284 bubblewrap-dbgsym_0.11.0-2+deb13u1_riscv64.deb
 f3e201115532d0e68c43e87424be6ad55d4569a3 7722 bubblewrap_0.11.0-2+deb13u1_riscv64-buildd.buildinfo
 7c65e9dafc3f3df8f1f97efd4f8645b4379f04f8 51392 bubblewrap_0.11.0-2+deb13u1_riscv64.deb
Checksums-Sha256:
 a49003165577e7b9ee7140a549edf54572a94e52cf94d765f28aad5eeec18589 79284 bubblewrap-dbgsym_0.11.0-2+deb13u1_riscv64.deb
 8623db0ff202c03f0ab63e1c43abec72af33ce0bd17ebad5850cfdc5460c05a7 7722 bubblewrap_0.11.0-2+deb13u1_riscv64-buildd.buildinfo
 2c4f47af4c5e02640e1c9d5c42834f012aab7f53229d318bda7c8a9b7ec97309 51392 bubblewrap_0.11.0-2+deb13u1_riscv64.deb
Files:
 289c51d621891d64900b82c79e651987 79284 debug optional bubblewrap-dbgsym_0.11.0-2+deb13u1_riscv64.deb
 dd3de701bad80332110db6666f38efd8 7722 admin optional bubblewrap_0.11.0-2+deb13u1_riscv64-buildd.buildinfo
 074162f0338b7ea69a4be1c286a31ed3 51392 admin optional bubblewrap_0.11.0-2+deb13u1_riscv64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgLDDByWcR07HDSHyNVgvumj7+mMFAmnzvuIACgkQNVgvumj7
+mO6jw//eoB/dh/MLy74dQNfGabEOf7qEGgh1/BS+qRi8lJ9hPHo6HQndizCaV1A
HBg0KzcEagVT3nBQJoVHVg9Cf6phUzubvOD90XHmwyJberklWgcoiD9040F8JBjx
uBjxJnU5zTwQdfXFPSiAarO00LHtnDNMAcx0vZ6iEIEjFbx5PPfv7BOsR7KAy7/5
j786EnkdTCd0zClCAnZXwtCUR+aiziWSmLGpuc3j++owjlD8pmIJJPs0wwdBPbtq
lU1b0gvDoqzQSFQH9dFhUE4+XVC6v3G9uGz9y6nHLxnS9IwDyBuzbF/NFmkuv6f9
acM7OCAfs3zsmT+aU7Lw6wwOasM3iCFBUz1JOkKHErrIXcKvEc6noI+Z0MGtG/cL
b6IkXboMB/pbIeQjzg283cLwmUR53hN8kEmxCFSZTUmlhtFW9xpK6jhbh+Zxwcvy
O7smHD2gcn7b/7DOU/bo9KIuzbg04aKQjK36VfGCbzsGW279LXO1hG0ZlPDTcmhj
hBCSkhhx3p+9hb2fAZ5drmUZ9Gjl03N5Ja1bfaly0EWrvezpIoMav7zAVUSFAXUF
1EFieICOz1dMUPFucjoIen69EqBUx0w89TqgsfXO7xMAtcUkwmuzpL07h6/Z0++B
wxmPueVwC1GX962xAyOSAhQAupV0kGozpKE6kE3PU/vMEXLr5ho=
=1MA8
-----END PGP SIGNATURE-----