Your message dated Sun, 16 Nov 2025 11:20:28 +0000
with message-id <[email protected]>
and subject line Bug#1120140: fixed in runc 1.3.3+ds1-1
has caused the Debian Bug report #1120140,
regarding runc: CVE-2025-31133 CVE-2025-52565 CVE-2025-52881
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1120140: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120140
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: runc
Version: 1.3.2+ds1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1.1.15+ds1-2
Hi,
The following vulnerabilities were published for runc.
CVE-2025-31133[0], CVE-2025-52565[1] and CVE-2025-52881[2].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-31133
https://www.cve.org/CVERecord?id=CVE-2025-31133
[1] https://security-tracker.debian.org/tracker/CVE-2025-52565
https://www.cve.org/CVERecord?id=CVE-2025-52565
[2] https://security-tracker.debian.org/tracker/CVE-2025-52881
https://www.cve.org/CVERecord?id=CVE-2025-52881
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: runc
Source-Version: 1.3.3+ds1-1
Done: Reinhard Tartler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
runc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <[email protected]> (supplier of updated runc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 15 Nov 2025 18:28:40 -0500
Source: runc
Architecture: source
Version: 1.3.3+ds1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Reinhard Tartler <[email protected]>
Closes: 1120140
Changes:
runc (1.3.3+ds1-1) experimental; urgency=medium
.
* New upstream release:
- Fixes CVE-2025-31133, CVE-2025-52565, CVE-2025-52881,
Closes: #1120140
* refresh patches
* debian/control:
- tighten dependency on containerd/console
- build against golang-github-cyphar-filepath-securejoin-dev 0.5
* debian/copyright: clarify license: Apache-2.0 & MPL-2.0
* Backport upstream patches:
- libct: use manager.AddPid to add exec to cgroup
Checksums-Sha1:
0f4ee10d0b93ef187b05df575fcf194e2222740c 3464 runc_1.3.3+ds1-1.dsc
e0b28fe85f746d199ba08ed3b68ada28cad2e627 542300 runc_1.3.3+ds1.orig.tar.xz
f1b0dec782e960cfe7f2e9d41b7505add1b80dce 13188 runc_1.3.3+ds1-1.debian.tar.xz
Checksums-Sha256:
4a85d34ea47873d694e2708fb45be6d51986db20b945d8e5b14216426b212770 3464
runc_1.3.3+ds1-1.dsc
b5c86ad372d1b08f762a978efda6cca6eb806aa60641e792e864007c7c871d45 542300
runc_1.3.3+ds1.orig.tar.xz
d04f8dc3f5bb5d8723a26ab3b65b32306c9f11e26f347e1fe271b301b98affcd 13188
runc_1.3.3+ds1-1.debian.tar.xz
Files:
3db34c9521fffa71cbd35c80c16aa4ea 3464 admin optional runc_1.3.3+ds1-1.dsc
2cbd46dac9598fcaa9e7c096b5eb6908 542300 admin optional
runc_1.3.3+ds1.orig.tar.xz
4aad993161676ab18a13b775fc2ab99e 13188 admin optional
runc_1.3.3+ds1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmkZsCMUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJssLwg/7BYTLiH3XgcKKzPrLjyEJhmZ9B6ox
dQX09287da65Wn8J7tAs+yOiSICZjVA6SCrmk7d5JvmWnL1Tjx1Yvwaw9tUC9z1y
YVm8nhClmrvUsJdfzV+ljocnVVSkCIbbsEZNRR7DyDfFwccb6RyZiUG7fB3Wz9xT
3jVDIvEu2UL1M02Z0/THsWYrKTl3eAbp5v6n2dSjQmqB5Fe/YTynseLy82Hq/lHR
wRUKpnUa3QAXDDRvEjmnxgB/53dfH8+DdOXmgNGiQxFwP+AdLb8CLQHWx2HFp1iV
bRxfCAo+hskuq1ZIlR5LAJYguxNWtVSSh020EwznxOyaqobaeQuQV2ZH04O0xNsF
jM6s+NLbUk5FMaRClid10FZrzT1sY1TeFsYG+2eOn/HXjcBqTWZVftgV4SzY+XAV
FkCRK/9nbJaRpi43sU5gS+mIHjqivPA/s/VPPdVbCPYnKeD8S10oh/+Sch5CbVPO
VjlVRVVxzQOlZszExnp7k0WQ6aN/SOBxoEHCGYlTWPvNlEBBkaqkdsW45KQJESYc
5utMZnNHOHIuSDrzHQHk6S7kzAz5oJlyEMg0wvUFfU6RIElra3Ndywndq6ZPUeZY
spnTTk/r2nwk1J+uk+CUYY5foRvpWn+p9JSzrwNXUx707F5Lb+asKExzIvL/o88x
CjcHlxHM/Wr523c=
=Kjjo
-----END PGP SIGNATURE-----
pgpVSf9j_GwSG.pgp
Description: PGP signature
--- End Message ---
