Your message dated Wed, 17 Jun 2026 13:08:19 +0000
with message-id <[email protected]>
and subject line Bug#1140194: fixed in util-linux 2.42.2-1
has caused the Debian Bug report #1140194,
regarding util-linux: CVE-2026-53612
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1140194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140194
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: util-linux
Version: 2.42.1-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for util-linux.
CVE-2026-53612[0]:
| Local Privilege Escalation via TOCTOU in mount(8) hook_owner.c
| chmod/chown
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-53612
https://www.cve.org/CVERecord?id=CVE-2026-53612
[1]
https://github.com/util-linux/util-linux/security/advisories/GHSA-g8wm-75wr-g2vh
[2]
https://github.com/util-linux/util-linux/commit/d0c5adaeb3a3d823aba1377794de8f009b8152cc
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: util-linux
Source-Version: 2.42.2-1
Done: Chris Hofstaedtler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
util-linux, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <[email protected]> (supplier of updated util-linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Jun 2026 11:20:49 +0200
Source: util-linux
Architecture: source
Version: 2.42.2-1
Distribution: unstable
Urgency: medium
Maintainer: Chris Hofstaedtler <[email protected]>
Changed-By: Chris Hofstaedtler <[email protected]>
Closes: 1140194 1140195 1140196
Changes:
util-linux (2.42.2-1) unstable; urgency=medium
.
* New upstream version, fixing security issues
CVE-2026-53612, CVE-2026-53613, CVE-2026-53614 (Closes: #1140194,
#1140195, #1140196)
* Drop upstream-applied patch.
Checksums-Sha1:
55057771b17226651ee55f9d4819ad0eed6f4b35 5324 util-linux_2.42.2-1.dsc
bcdab8b86394bff5295219c2f1feb0e333d22a86 10658220 util-linux_2.42.2.orig.tar.xz
6581b68837068b6037cb7342dc470c345768737d 102288
util-linux_2.42.2-1.debian.tar.xz
15ea70fb031da8ffc6c0c91321d8985e7307e396 22886
util-linux_2.42.2-1_arm64.buildinfo
Checksums-Sha256:
62be4edd2da17f52351c8f55b76175ca98cef76faedfa2fada536a24c2bf5afa 5324
util-linux_2.42.2-1.dsc
03a05d3adf9602ef128f2da05b84b3205ce60c351e5737c0370f74000679ce8a 10658220
util-linux_2.42.2.orig.tar.xz
44227e4039d30a809ffa1714cbd697ebbc5d512abf8a1d2c81a1e336e0ae6b90 102288
util-linux_2.42.2-1.debian.tar.xz
f7d5c73e77d72a567364df2e205e2bd130edecc83bb0cbf4cb27bc35c5b7ad4e 22886
util-linux_2.42.2-1_arm64.buildinfo
Files:
89a92850a0a291f84a58202fa7d29c0b 5324 utils required util-linux_2.42.2-1.dsc
1d70131b70abda3dec3b37e282a20c96 10658220 utils required
util-linux_2.42.2.orig.tar.xz
cfdc4a96d0f62c1e71912ea11564377f 102288 utils required
util-linux_2.42.2-1.debian.tar.xz
09068e05d521bedb9a96068da369a84d 22886 utils required
util-linux_2.42.2-1_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmoyaYkACgkQXBPW25MF
LgNbfA/+IORCcUTkEgVENcLuamdrU/2CEY1Y8fx7UhAvjl9FfeavpuZtsFcCWx3S
UZI9kK0pTIDXy4nSGh2ytkS/9OJkIlwpbBv09ULZKC4CDCJmkKTcfTX7qQooC7fx
gBpGLBD2NSxcUB1iWF+PuCxNemT5WnSrkQSnGp3ASbBRt5uP/4EfHGbebNVS5JB9
BhhBQ/2dhpRq196alp3upp9Sh066tNN/i8HRD09ogcz5Fs/lTeBYraYz2b5pantx
mlCoxpzkI39KWaBSS5ZFtGpgCTJ0BODTy7r7hcYUUxN14AGprOF+GXnryK4hPIbC
/bgOaMscMlo+QJ0LDUaMI3juNVvK31sGmPkRyuRWp8PjX+BUw6XZhNmXRBXA6L0z
ds5LDV0qPpU2LQZ0xan9yPYyNPCm/NF++kH6Ni7u/E987V3C4iFOAgZ9WlKDfbTK
0RXhi9Yb/K0nWBIFiutHVz1k1GfIJYDE3Zy2S0HYTxJDhpX7nmb+WLszN+DeI4Ij
0uIdHqLWHTqUPZA1emV/GBTcUYkFl/oLrLkPdE4pO2yJXkat6KdBXBHt91FSm7p7
xmvSbqem62ERv/KUUELZ4e6eT2OdS41P3u7Z62C7Rd2F83jpMeyXojARk4vExJKR
gsHL0Fq2itZBh0yas6XytNauKYWHjebVVERmZACyJBX/oytecXY=
=UhC+
-----END PGP SIGNATURE-----
pgpZIV8Ux9795.pgp
Description: PGP signature
--- End Message ---
