-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2026 14:05:43 +0100
Source: bubblewrap
Binary: bubblewrap bubblewrap-dbgsym
Architecture: s390x
Version: 0.11.0-2+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: s390x Build Daemon (zani) <buildd_s390x-zani@buildd.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 bubblewrap - utility for unprivileged chroot and namespace manipulation
Closes: 1134704
Changes:
 bubblewrap (0.11.0-2+deb13u1) trixie; urgency=medium
 .
   * d/control, d/gbp.conf: Branch for Debian 13 stable updates
   * d/patches: Fix privilege escalation if bubblewrap is setuid root.
     /usr/bin/bwrap has not been installed setuid-root by default since
     Debian 11, but if it was made setuid via a dpkg-statoverride set up
     by the local sysadmin (most likely in conjunction with turning off
     the ability for unprivileged users to create new user namespaces),
     then the version included in Debian 13.4 would be vulnerable.
     (CVE-2026-41163, Closes: #1134704)
     Note that the ability to install bubblewrap setuid-root has been
     deprecated upstream, and the version included in Debian 14 will
     refuse to run if it is setuid.
Checksums-Sha1:
 75d773ce9a856087b42c39ff3e02df90978c77bf 82588 bubblewrap-dbgsym_0.11.0-2+deb13u1_s390x.deb
 966d7f2c353241c62ed20926442c141ac4deab47 7640 bubblewrap_0.11.0-2+deb13u1_s390x-buildd.buildinfo
 26113840e25d636bc69b21b9f70321a59a1213e4 51320 bubblewrap_0.11.0-2+deb13u1_s390x.deb
Checksums-Sha256:
 f247d204939e82678572663241b29be1ccf3d407d9f83b5fd22b50e3cd86c830 82588 bubblewrap-dbgsym_0.11.0-2+deb13u1_s390x.deb
 29fdf81b11548f026c8d6f462ee398b04aed98b60c1ca9c7a896f1cae6e604fc 7640 bubblewrap_0.11.0-2+deb13u1_s390x-buildd.buildinfo
 47c1f43b0a4c5db045b58fd3f158854b00dd0f3fd7ffac20cf1e5b77cac9b261 51320 bubblewrap_0.11.0-2+deb13u1_s390x.deb
Files:
 b1b17fed40fa0db43feb0a29444f62bb 82588 debug optional bubblewrap-dbgsym_0.11.0-2+deb13u1_s390x.deb
 474827b3080eb3111408ecdd1d10747d 7640 admin optional bubblewrap_0.11.0-2+deb13u1_s390x-buildd.buildinfo
 15b2a46fdc2a7a68d84675118514ca1d 51320 admin optional bubblewrap_0.11.0-2+deb13u1_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmnzvG8ACgkQkaCrxAR3
BY3kyg//WqdfgOaxUqEvkr9TSDq5Lgq0bQI8qjo8ELNGQtyDZ6nSFEvsl6mJoKNW
m4A50Ocuv3VTcPL+Sp9bN+1R4IVGpNnzbCauS6sd7ovpHFvptHFmRoy/p2BcWa0b
kshPUqTsHGS5YYQdJyrQ1iqVZc9n9apDQ9Z78PiNxyiewaPkStB5JcDEwa/89zaL
rJYSDCQk1eD6/ko3p4O6RpuanlK48jwi3EANEeeHS70gTz0tFGItRgcHNNXH0XCv
rGz0Mxs/PfIGu7+8UXnDbzxR6Hf127zm8veHjnFN4f8+PRfwY8mDyTDNWjdipf6Q
P1b2YU6agS1DHgyWh0TmL2Xs2w3rIs5PvN7V3uem0J+X0fiAzS+3AUrUG8KV7Z/V
CcZTEBSlLPscNO+m7PrASGtBcEYPRfOWfzcl9I7AJv00njLn5fv2aQ+z5a2NYaDd
mvSJgiASzvH+fNcJazKGrXm42pR2QVk8XJ9q9Pi6hRZNWyGB8bMXG1ZptmLRT0E8
OydC6fD1yPgdn+4Lam5t9PyH4a+s8ZkwsN1RrtTbncOqtgDfh32pjzW0jyCBBJXI
6oe+iBVvTCp8RQ4CYYu3OqqJLwQYiBzX8/wMTkao4Fi9fwup0/7GbcXLs3dIk71i
9AcaB8awFtrR9rr3KH5aCETwTxLkCe37mEjNzYzstXZ0/l+8yYk=
=6Zf6
-----END PGP SIGNATURE-----