-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2026 14:05:43 +0100
Source: bubblewrap
Binary: bubblewrap bubblewrap-dbgsym
Architecture: armhf
Version: 0.11.0-2+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-02) <buildd_arm64-arm-ubc-02@buildd.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 bubblewrap - utility for unprivileged chroot and namespace manipulation
Closes: 1134704
Changes:
 bubblewrap (0.11.0-2+deb13u1) trixie; urgency=medium
 .
   * d/control, d/gbp.conf: Branch for Debian 13 stable updates
   * d/patches: Fix privilege escalation if bubblewrap is setuid root.
     /usr/bin/bwrap has not been installed setuid-root by default since
     Debian 11, but if it was made setuid via a dpkg-statoverride set up
     by the local sysadmin (most likely in conjunction with turning off
     the ability for unprivileged users to create new user namespaces),
     then the version included in Debian 13.4 would be vulnerable.
     (CVE-2026-41163, Closes: #1134704)
     Note that the ability to install bubblewrap setuid-root has been
     deprecated upstream, and the version included in Debian 14 will
     refuse to run if it is setuid.
Checksums-Sha1:
 2dab0a6df80193ebf57338985b95b7e4b673040b 82376 bubblewrap-dbgsym_0.11.0-2+deb13u1_armhf.deb
 6fead96e33671cbba0f3413a91d48589d630275e 7644 bubblewrap_0.11.0-2+deb13u1_armhf-buildd.buildinfo
 78905f09974e50e268685df85dc83f5ccc96f895 49752 bubblewrap_0.11.0-2+deb13u1_armhf.deb
Checksums-Sha256:
 8c20d24e9ba9760c535d1596abd2cb6b54591ecaaf9964026558704da60c158f 82376 bubblewrap-dbgsym_0.11.0-2+deb13u1_armhf.deb
 d8593ceae3ba5c3703a9e371ea8b04bbc644408e8947ebc5f8aae2bfb02b420e 7644 bubblewrap_0.11.0-2+deb13u1_armhf-buildd.buildinfo
 f0d54bfbd44aec9f5718855376522bbc21571977bbc548a285da191e7c3adeab 49752 bubblewrap_0.11.0-2+deb13u1_armhf.deb
Files:
 fa2e19e68afe4e1b6f6fd44e6cf6ca34 82376 debug optional bubblewrap-dbgsym_0.11.0-2+deb13u1_armhf.deb
 d19dc31c1201bd60f5f68a93454606a2 7644 admin optional bubblewrap_0.11.0-2+deb13u1_armhf-buildd.buildinfo
 efc7f445d9f1aabfad07a6e8acd5a87d 49752 admin optional bubblewrap_0.11.0-2+deb13u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEJkN0BnKzGWWW6tS+G5VHrWJmwgcFAmnzvKYACgkQG5VHrWJm
wgdxXBAAhQelPboe0xhrvFwk2P9x3z464agdiWBjs+oMaGLZO11QNZpPGa/q4GDy
yVotow7Cq+EfVAx012EWeZdb6GDmq8R4xySDXcDSUnN4SALszgw0TI/Pr72l6alo
Je6Ytmm2VNYiT7t5vNPD7QnNmu0OdMACEh3eS5gg7ErvIzp/7SvDEYBSwwo/vySu
LIg1nN2CJcRUOZYHjiuzP5GTzRs6iOFAAYniOWDko82KkPLVXbZ0NLogDc8SKcTH
zulkB6Rq/FQV2ngdTGMR1akVtyAcMKhxQMplccBs6NaEM9ufaMCF5MbAaWP0QmZy
M1Ju8KjinzWrAwjk0HJMvAM7CaxytipIuiNeWWmoDwoGpFD/DDsLoLUJUahBis7N
GPo+LM+Th1gFIM49CBPHOBst1mCxTDzcLPHkbUa3LPG3CCp6Vn+cfLwSyImX8Hrx
Y5u66HcRyBH4P+V0EWnl+SaFeMz4cqK2y+GDB6eVHtO4vLHal6e5wef1LduimKnH
ROdWqn2kqSl8hoVv6og4CrqxFbJ2IjKsDy0H5ar8caulJLVDr9f4OB1mXUlQysMd
ABxcIoLgeX02VwC9sR7e/Pg81j5v0zgjg7zbXVgmxewyWTKLV1ndXAtDyExIJwhR
HybruIcpIjVLbT72LFm3iBv0OYBNMFuzRIBbA2T8n8GUESQW/GM=
=BMg6
-----END PGP SIGNATURE-----