-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 14 Aug 2024 10:04:08 +0100 Source: bubblewrap Binary: bubblewrap bubblewrap-dbgsym Architecture: amd64 Version: 0.8.0-2+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 Build Daemon (x86-grnet-03) Changed-By: Simon McVittie Description: bubblewrap - utility for unprivileged chroot and namespace manipulation Changes: bubblewrap (0.8.0-2+deb12u1) bookworm-security; urgency=high . * d/gbp.conf: Use debian/bookworm packaging branch for Debian 12 * d/p/Add-bind-fd-and-ro-bind-fd-to-let-you-bind-a-O_PATH-fd.patch: Backport new --[ro-]bind-fd feature from upstream release 0.10.0. This is necessary to resolve CVE-2024-42472 in Flatpak without introducing a potentially exploitable race condition. Checksums-Sha1: 849af0d7bf2472766d040d24950f303f11c03f2e 77840 bubblewrap-dbgsym_0.8.0-2+deb12u1_amd64.deb 4a138a172c4142e843868ec49a79e4e4b95bb597 7459 bubblewrap_0.8.0-2+deb12u1_amd64-buildd.buildinfo 75e7579318581f9d6633957a5482f63b7aa36c7c 47320 bubblewrap_0.8.0-2+deb12u1_amd64.deb Checksums-Sha256: 6ec567106c5351a5028f07a69c4f2bf48a96aa70151685d4e084be76012996f0 77840 bubblewrap-dbgsym_0.8.0-2+deb12u1_amd64.deb e16fc5ed90fdefddffa7ddf2df3d00f6b4ef7ce0e408206d49c1c35d40c2ea76 7459 bubblewrap_0.8.0-2+deb12u1_amd64-buildd.buildinfo 3cc9134a3286ad01a323dcd924ba123eb634cefaeec82d774257e06308aeaadb 47320 bubblewrap_0.8.0-2+deb12u1_amd64.deb Files: d1d6f8fe800be6828ab2c11434dfb26e 77840 debug optional bubblewrap-dbgsym_0.8.0-2+deb12u1_amd64.deb 6ad7024827fe58ea44b75ad780ca055a 7459 admin optional bubblewrap_0.8.0-2+deb12u1_amd64-buildd.buildinfo 940f4792ed59d95b29c728529060f494 47320 admin optional bubblewrap_0.8.0-2+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAma86+UACgkQgDm7h4zf CpKx4g//S8hyoomAssI7VTT6X9sHamnbHi+RdXF25GmwSxgeveL+5GWErXipwuh0 ei5d1otjcw+gjjd17rZW4M3yAJfmmj+qINxJIaX65zTW3tegeTBsUnkNdJ8MCPeh c52sn0FVR7mvKsapUXqm4eMZOPplh3yJ5/mUELfaPaAAKj98e+eHAyt07hTruSd6 qe13aItUzzSXMdNgndveHz6iDfHZ6RlIt7yuiTLj+MGMCX5WVHZRehxHc/kEPYFt sI78iylMElG9T1Ai5r4PAYmyuthPGLdfhF8A8iPTkHWkx65V8E/mB7c+zQg7F7Fj y7XEXCV6mB0gqzJoS1TerYE8+prtZtIN5yI6YRnAsoLTMd911JftoXzPmMFBNKEe 04I3t196A45Ayh0pZpbI990xC/vjJ25eSG5e9A2zwqa1+Wcg/QQQASfgRVGexGsJ 99WQCZndK5wQPM/VQN0DLlCp+EzCqa3+ZDXxTN+d80buHVtO6Kgb1z4Up/Nv1+vn yI+endQUA1We/o0zCT/C9BIPMpAJHRczvh7tZVzD9X69mJURQ1sXzlv/5V5VsU8Q aB18UzdRZ4M5C/YzaHzHJlEYtd3EMyctXDUBruevJsre/skxSEHaY8KL21CtkOk/ fGRa4XmO1OnV2QC0AQqh1vZYcJ/04OroxUFw/kT/UnuY3BJ5mdc= =p02o -----END PGP SIGNATURE-----