Debian Bug report logs -
#840605
bubblewrap: CVE-2016-8659
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#840605; Package src:bubblewrap.
(Thu, 13 Oct 2016 07:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>.
(Thu, 13 Oct 2016 07:42:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: bubblewrap
Version: 0.1.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
the following vulnerability was published for bubblewrap.
CVE-2016-8659[0].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8659
[1] http://www.openwall.com/lists/oss-security/2016/10/12/5
Regards,
Salvatore
Reply sent
to Simon McVittie <smcv@debian.org>:
You have taken responsibility.
(Thu, 13 Oct 2016 10:57:06 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 13 Oct 2016 10:57:06 GMT) (full text, mbox, link).
Message #12 received at 840605-close@bugs.debian.org (full text, mbox, reply):
Source: bubblewrap
Source-Version: 0.1.2-2
We believe that the bug you reported is fixed in the latest version of
bubblewrap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 840605@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated bubblewrap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 13 Oct 2016 11:12:38 +0100
Source: bubblewrap
Binary: bubblewrap
Architecture: source
Version: 0.1.2-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
bubblewrap - setuid wrapper for unprivileged chroot and namespace manipulation
Closes: 840605
Changes:
bubblewrap (0.1.2-2) unstable; urgency=high
.
* Revert addition of --set-hostname as a short-term fix for
CVE-2016-8659 (Closes: #840605)
Checksums-Sha1:
da87c8e0ba6e6984d4a8b4a94e9a909e8a6c590e 2071 bubblewrap_0.1.2-2.dsc
dfb31e8c478dc330a6a3d00a5899c46b1e606450 5676 bubblewrap_0.1.2-2.debian.tar.xz
Checksums-Sha256:
162b2e238f3f74797e94ee3dc6170e74799a1500991d4e96d1e33c3dd20640de 2071 bubblewrap_0.1.2-2.dsc
33de5ad850c2efeb5409636d8c230894444d8a00dd4dfe564457e8de59ff9a1d 5676 bubblewrap_0.1.2-2.debian.tar.xz
Files:
ab81b20f39f29fb4b9a74304d36ceb85 2071 admin optional bubblewrap_0.1.2-2.dsc
39c13d7833f8eb79e44bf756044f15d3 5676 admin optional bubblewrap_0.1.2-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJX/2B5AAoJEE3o/ypjx8yQJvMQAJtQyb0sWadxoQmPjoJ9MP7v
tkyZhqVWH5qPqZJYE23T2+1RyOSYrvt05UB5Lhvo7s2dE8PttxeUedO6YhAfBxjm
DbGPM39z+BzK+4hm5TJo2sDKQ5+by3678TAt3FKlQnrvjlc6WdYoGFiP3cLqGS5O
+lbiPJZOSsPNoOlVoGRmziLn5HRkn2rg9Mq2708mJxyxpDtkkq35ANFlaV4FrKKb
kQNbdpMQgSwijpQy7gQFj5O4d12bwz+V8+gHSlbjD7ua13nmGPgyuI0QA2wSbXQs
XCvolp/oXK4X9u7UTXcAHPq02TfdIGugCVDOQgkyOdbJT7oMMP2T2APON2ZzznaU
HCpUI+i/J4ZJYWdjbLIGPe0Wi5HkANokgrBpaW0qBkV3pzp+4qltRQiJgphrZqRT
YVD+AuVLF2Kq7gIqQ8h4Ges19YpCeGlgieBNSxt4Y0fTfHWf/1K9C+bfEAD2viH4
Wej0O79IXwBH/dBqUWP0qnCPp1t0eJnPj97NuqcM2KovipvWUaSH/DWNWECUIobT
dttd5uoCXrivae7hfC9cp+PcmsyaRprJ1J0TkvlS93Pm2k0e5iPku2YPD/qjQkAr
DNZQAtBL1Gs6Ya6IPyg5M/PZTz8bT0Y/Kz1eiASkREq3fhW2m+JwAwbBplnIiwc9
fLo8s8Gp1wudKENxI6sT
=ym9q
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 05 Dec 2016 07:39:14 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Don Armstrong <don@debian.org>
to control@bugs.debian.org.
(Wed, 07 Dec 2016 02:00:18 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 03 Mar 2017 07:25:12 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:51:46 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon