Package: release.debian.org Severity: normal X-Debbugs-Cc: [email protected], Utopia Maintenance Team <[email protected]>, Michael Biebl <[email protected]>, [email protected] Control: affects -1 + src:libblockdev User: [email protected] Usertags: unblock
Hi Release Team, Please unblock package libblockdev libblockdev is affected by CVE-2025-6019, a local privilege escalation to root which can be exploited via the udisks2 deamon. We have released DSA 5943-1 yesterday for it. unblock libblockdev/3.3.0-2.1 and if possible let it migrate rather soon into testing. Regards, Salvatore
diff -Nru libblockdev-3.3.0/debian/changelog libblockdev-3.3.0/debian/changelog --- libblockdev-3.3.0/debian/changelog 2025-02-27 22:12:11.000000000 +0100 +++ libblockdev-3.3.0/debian/changelog 2025-06-09 15:06:46.000000000 +0200 @@ -1,3 +1,10 @@ +libblockdev (3.3.0-2.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * dont allow suid and dev set on fs resize (CVE-2025-6019) + + -- Salvatore Bonaccorso <[email protected]> Mon, 09 Jun 2025 15:06:46 +0200 + libblockdev (3.3.0-2) unstable; urgency=medium * autopkgtest: Add dependency on vdo. diff -Nru libblockdev-3.3.0/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch libblockdev-3.3.0/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch --- libblockdev-3.3.0/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch 1970-01-01 01:00:00.000000000 +0100 +++ libblockdev-3.3.0/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch 2025-06-09 15:06:46.000000000 +0200 @@ -0,0 +1,27 @@ +From 8e072f794744bd17c57cceabb3884d3f0f6a1602 Mon Sep 17 00:00:00 2001 +From: Thomas Blume <[email protected]> +Date: Fri, 16 May 2025 14:27:10 +0200 +Subject: [PATCH] dont allow suid and dev set on fs resize + +--- + src/plugins/fs/generic.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c +index 69333944..1a6dd960 100644 +--- a/src/plugins/fs/generic.c ++++ b/src/plugins/fs/generic.c +@@ -683,7 +683,9 @@ static gchar* fs_mount (const gchar *device, gchar *fstype, gboolean read_only, + "Failed to create temporary directory for mounting '%s'.", device); + return NULL; + } +- ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "ro" : NULL, NULL, &l_error); ++ ++ ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "nosuid,nodev,ro" : "nosuid,nodev", NULL, &l_error); ++ + if (!ret) { + g_propagate_prefixed_error (error, l_error, "Failed to mount '%s': ", device); + g_rmdir (mountpoint); +-- +2.48.1 + diff -Nru libblockdev-3.3.0/debian/patches/series libblockdev-3.3.0/debian/patches/series --- libblockdev-3.3.0/debian/patches/series 2025-02-27 22:12:11.000000000 +0100 +++ libblockdev-3.3.0/debian/patches/series 2025-06-09 15:06:46.000000000 +0200 @@ -1 +1,2 @@ Skip-smartmontools-integration-test.patch +dont-allow-suid-and-dev-set-on-fs-resize.patch
_______________________________________________ Pkg-utopia-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
