-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2026 14:05:43 +0100
Source: bubblewrap
Architecture: source
Version: 0.11.0-2+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 1134704
Changes:
 bubblewrap (0.11.0-2+deb13u1) trixie; urgency=medium
 .
   * d/control, d/gbp.conf: Branch for Debian 13 stable updates
   * d/patches: Fix privilege escalation if bubblewrap is setuid root.
     /usr/bin/bwrap has not been installed setuid-root by default since
     Debian 11, but if it was made setuid via a dpkg-statoverride set up
     by the local sysadmin (most likely in conjunction with turning off
     the ability for unprivileged users to create new user namespaces),
     then the version included in Debian 13.4 would be vulnerable.
     (CVE-2026-41163, Closes: #1134704)
     Note that the ability to install bubblewrap setuid-root has been
     deprecated upstream, and the version included in Debian 14 will
     refuse to run if it is setuid.
Checksums-Sha1:
 2f2dca80192f1538468af06059fade7692f55b85 2742 bubblewrap_0.11.0-2+deb13u1.dsc
 0a67899ee6142ea5db6eade50e635c55489793ae 14468 bubblewrap_0.11.0-2+deb13u1.debian.tar.xz
 8eb2ea75172230ae0e3bbed1d88e4e9f700be0fe 7427 bubblewrap_0.11.0-2+deb13u1_source.buildinfo
Checksums-Sha256:
 556589d3abf471da3275635ed986689edb1f997648d0ceaa27625623e8241e00 2742 bubblewrap_0.11.0-2+deb13u1.dsc
 29019acc1d4ed84f1abed2b8a986c9c17010296a6becf4f450d953e527aeda01 14468 bubblewrap_0.11.0-2+deb13u1.debian.tar.xz
 3e04c13ba779e017384425d089b59da60cccc47742c89f61674f03e21fb18a84 7427 bubblewrap_0.11.0-2+deb13u1_source.buildinfo
Files:
 ad1415b860142e4e8a7f3f358621feba 2742 admin optional bubblewrap_0.11.0-2+deb13u1.dsc
 8cf97a652708913d8157003899f2ee1b 14468 admin optional bubblewrap_0.11.0-2+deb13u1.debian.tar.xz
 215105573fa76776cc6b95406536447a 7427 admin optional bubblewrap_0.11.0-2+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmnuFHwACgkQI1wJnT6z
MHZU7RAAjl9xZ5JwKyDhr21JV6i/Nsu3ECJgTygrECX51HM+8RcF2tocbgxJNCDa
YofeDQ2/1x6/D75S95LgfIHGYWkTgKbByWXiRjk9KYE+yye/J27xF8UZbE19vzw9
cX4HeoPJxKPjupr9Fhrfup3ZskU4Aa756isV/AA5rOosyefCmVhkh2/1dgwDYKiR
AM58EI5D0lReJNdwRsOBiHfGYFjFAWp/I1rplAi+bCeedIsAQrNerpWk+oEPl4JI
zSmb7loJXUCjhWx05xEU0LlLJqgrbfR7S9RmPzdoPCm/gjFSE+r59+ZDR/e+4hAZ
Pm+Dlqh8iSrzodsUDNxi6992CIOJw+R5k1D5AvyM90n4OWCMEFgBSVzWqztivp75
wN1y7/uZFAlohvVKU+IVi5O0IMVJPqhi9lxIEg6fQ6p4TDpiUiqkCQs1N5T1ZbMb
mfQWgVTeUffDRz90PzPD0SJvWt3BDQM9GbzaGC9tugmsDr+NhgfRk5+X871eWzu+
wIBMD1Rjy3oUpDwi7EL0bgdwFPyecijQ3PKVB/HFxOHFAAqNWBovJGHy9A3oxZCn
ZOzqMJjzsMRWvyK2KIlA8acMR+kkYT3C70IPZpmaAepowgCLG6BlDCXM/eoYl+eE
6PIcILGSkYPH/sIVYkwHC9OmqFLdbaJsbeJKrXjAKqqkaJFnDRs=
=tuF4
-----END PGP SIGNATURE-----