Bug#1012510: marked as done (firejail: CVE-2022-31214: local root exploit reachable via --join logic)
Your message dated Fri, 01 Jul 2022 19:17:22 + with message-id and subject line Bug#1012510: fixed in firejail 0.9.58.2-2+deb10u3 has caused the Debian Bug report #1012510, regarding firejail: CVE-2022-31214: local root exploit reachable via --join logic to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1012510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012510 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: firejail Version: 0.9.68-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for firejail. CVE-2022-31214[0]: | local root exploit reachable via --join logic If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31214 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31214 [1] https://www.openwall.com/lists/oss-security/2022/06/08/10 [2] https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 [3] https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7 [4] https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: firejail Source-Version: 0.9.58.2-2+deb10u3 Done: Reiner Herrmann We believe that the bug you reported is fixed in the latest version of firejail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1012...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reiner Herrmann (supplier of updated firejail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 21 Jun 2022 19:54:44 +0200 Source: firejail Architecture: source Version: 0.9.58.2-2+deb10u3 Distribution: buster-security Urgency: medium Maintainer: Reiner Herrmann Changed-By: Reiner Herrmann Closes: 1012510 Changes: firejail (0.9.58.2-2+deb10u3) buster-security; urgency=medium . * Fix local root exploit reachable via --join logic. (CVE-2022-31214) (Closes: #1012510) Checksums-Sha1: aa5f2238915eaadc77dbc515fbaa99f7cb06c57e 2521 firejail_0.9.58.2-2+deb10u3.dsc 116a6bab8dd02f20c12d623aefffa260bc6ccf34 27444 firejail_0.9.58.2-2+deb10u3.debian.tar.xz 1ee64249ee5350e3d5ea26180ea2ca182c753d7d 5427 firejail_0.9.58.2-2+deb10u3_source.buildinfo Checksums-Sha256: 056081684a07e1e128b862ad52718aefc20b1a6bb16babfbaf1d655fe8baae16 2521 firejail_0.9.58.2-2+deb10u3.dsc f68b407eea33eefdf3a6b6d7f3e3b30c61b6c8c19de98143c7859177e9b89695 27444 firejail_0.9.58.2-2+deb10u3.debian.tar.xz d061c59444df49b73c1e52996faae8d1f073e7456b2d726fe15ae4a8f55d6d94 5427 firejail_0.9.58.2-2+deb10u3_source.buildinfo Files: d0395323782e87b4501466f38e0a4cf6 2521 utils optional firejail_0.9.58.2-2+deb10u3.dsc 5594bbd23576759061683b7ca8c548ce 27444 utils optional firejail_0.9.58.2-2+deb10u3.debian.tar.xz 889fda865ea38c516815b8c9425b52c7 5427 utils optional firejail_0.9.58.2-2+deb10u3_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKy4kkACgkQEMKTtsN8 TjazeRAAlbarFTWYGFf63Ckfphd8NljGhb9DHcD75hWXRSKAn/JdZNj3guXdzRZG yYbMDClcBW5fT68Rt9bNB9Pcm1uRCmtAbKPQJBXfT+hnwSOVgvOX4weVBvFvGGun Qh6Q+0A/sff8+P73VvAR2Z6xJ83Eh+MaqGLW2uURyNmXuTjK9ynZJIpfEZUgHFeW PP7ZeR6l/dIJtapzTqSv1Ni5eY818x2TnyJAPYpfF/ScOsNwTWPiSHVGuwSpb9Ai 65juD/fBG0DN13JJN5HBoL5lkVuTOuvJ28gRepLB+/wuQxlpcgee4foiLU8HLv6j ekGt9DIdtmbde145ZMalOqoIMxxdMcYdY7O0GG6Mz8+Efgv0XIjeNPewTcm4bhi6 O15/IH7WvAR/+l4TAxc2AVM9cC5A5reyyA0lK2ioZNUa6iHJA0OwVhBPKj7WiEbJ LZvp1IolrwM9RMytduZqxTOmUid84yWF49iBKTC/dRiBMBS5u9tVPEDEeCgtSR8B es2dGqRT4TRL5W8ANGbxfJt8VfyZs44GbDwh0015GliHUqVTcSsE/EdOmBIlUQAX fygoHR2OAjoVMzouaxlMoSZ7O3bu7ltRI/w9oTAEXQbBVFQaSYC98a44hLOXcJFK iyIQJny1XeGXiwYRzveGq3C2qkoaXKIyH6PwgZZcCpMeDHg3mAo= =YQce -END PGP SIGNATURE End Message ---
Bug#1012510: marked as done (firejail: CVE-2022-31214: local root exploit reachable via --join logic)
Your message dated Fri, 24 Jun 2022 14:45:13 + with message-id and subject line Bug#1012510: fixed in firejail 0.9.64.4-2+deb11u1 has caused the Debian Bug report #1012510, regarding firejail: CVE-2022-31214: local root exploit reachable via --join logic to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1012510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012510 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: firejail Version: 0.9.68-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for firejail. CVE-2022-31214[0]: | local root exploit reachable via --join logic If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31214 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31214 [1] https://www.openwall.com/lists/oss-security/2022/06/08/10 [2] https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 [3] https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7 [4] https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: firejail Source-Version: 0.9.64.4-2+deb11u1 Done: Reiner Herrmann We believe that the bug you reported is fixed in the latest version of firejail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1012...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reiner Herrmann (supplier of updated firejail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Jun 2022 21:54:51 +0200 Source: firejail Architecture: source Version: 0.9.64.4-2+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Reiner Herrmann Changed-By: Reiner Herrmann Closes: 1012510 Changes: firejail (0.9.64.4-2+deb11u1) bullseye-security; urgency=medium . * Fix local root exploit reachable via --join logic. (CVE-2022-31214) (Closes: #1012510) Checksums-Sha1: 11ff516e7ba0e7add0db635e67cbca42c3670854 2531 firejail_0.9.64.4-2+deb11u1.dsc 48317cba51090b65468e78a05ea2968da22b872f 431116 firejail_0.9.64.4.orig.tar.xz 68be2d714f40024da64c21c31e4335b5910d6008 488 firejail_0.9.64.4.orig.tar.xz.asc 41c3cd40c303b5c444165ad0327fe031525b3aa5 28856 firejail_0.9.64.4-2+deb11u1.debian.tar.xz d13e46005f9ed26ed9c335aa1cf99d58597512de 5837 firejail_0.9.64.4-2+deb11u1_source.buildinfo Checksums-Sha256: b4b661df00ef959d0c29366a5d1f2774257e36d2de1f867648ee40bfc0034713 2531 firejail_0.9.64.4-2+deb11u1.dsc 2bdaf71fff00d7551b6a4f584f3f7152821b6f9b9d416ee098f4aeaf3a02dff1 431116 firejail_0.9.64.4.orig.tar.xz 9c743e148f128295eb9fdf4176107f099063aed4b3a410f8e4f24ed18791f0d1 488 firejail_0.9.64.4.orig.tar.xz.asc 6aa768ee9b89b5668a0baaa1187c1d8ba376ef225beba3609071ebeab3d6b2dd 28856 firejail_0.9.64.4-2+deb11u1.debian.tar.xz 87b93204cb2681ec72212d87675afb1b4c65167655ca6e805bd8f1b928d256c4 5837 firejail_0.9.64.4-2+deb11u1_source.buildinfo Files: 3f09b8cc858732b27d63f9d8d2b07804 2531 utils optional firejail_0.9.64.4-2+deb11u1.dsc e3be55266472dc8ac373c9fcfba4f9f9 431116 utils optional firejail_0.9.64.4.orig.tar.xz 2fb8e73eff64ccbcd2126ca26f6f4966 488 utils optional firejail_0.9.64.4.orig.tar.xz.asc a39168f986fcb2e56ce5d2f954f9da64 28856 utils optional firejail_0.9.64.4-2+deb11u1.debian.tar.xz 102143bc85d6a9399ca22ff2af275726 5837 utils optional firejail_0.9.64.4-2+deb11u1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKwI70ACgkQEMKTtsN8 Tjblew/6A3ZjP5XRWIBQnrT3CJ1od1oMr6qw9/9G1CVqthV4iFZFvmxWIbX5X4At FgfbnHOMwwDGLRD3rJNs+QIEQj/xpRMGNty1xw1dOIoDrPoEn12OoD1q0D8ys/M5 d9GgC6KYfzGlxgcr8xagETi1Rs45igjR5vNjHWvpQOJ1HTba7arxgPDUYZruzwNT waj/6VxPVuiYVyTuS8iqb938we1eCPcqWx3GSi46Hr61Ih+ns0lEVxvayGTDg7ZR
Bug#1012510: marked as done (firejail: CVE-2022-31214: local root exploit reachable via --join logic)
Your message dated Wed, 08 Jun 2022 16:48:56 + with message-id and subject line Bug#1012510: fixed in firejail 0.9.68-4 has caused the Debian Bug report #1012510, regarding firejail: CVE-2022-31214: local root exploit reachable via --join logic to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1012510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012510 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: firejail Version: 0.9.68-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for firejail. CVE-2022-31214[0]: | local root exploit reachable via --join logic If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31214 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31214 [1] https://www.openwall.com/lists/oss-security/2022/06/08/10 [2] https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 [3] https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7 [4] https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: firejail Source-Version: 0.9.68-4 Done: Reiner Herrmann We believe that the bug you reported is fixed in the latest version of firejail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1012...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reiner Herrmann (supplier of updated firejail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 08 Jun 2022 18:30:16 +0200 Source: firejail Architecture: source Version: 0.9.68-4 Distribution: unstable Urgency: high Maintainer: Reiner Herrmann Changed-By: Reiner Herrmann Closes: 1012510 Changes: firejail (0.9.68-4) unstable; urgency=high . * Fix local root exploit reachable via --join logic. (CVE-2022-31214) (Closes: #1012510) Checksums-Sha1: 6d6d8c5fbac8d54229c11e9319dcf747faf37753 2479 firejail_0.9.68-4.dsc 5b893ef3d4f22ae95354477c82bb14a2b12951d4 27784 firejail_0.9.68-4.debian.tar.xz 3410deba6eee72ac89b9dbb48169b12dec593458 6604 firejail_0.9.68-4_source.buildinfo Checksums-Sha256: fd95dadcbe29d880037f238dda070283b8748acd77b9701218686f7555df0019 2479 firejail_0.9.68-4.dsc 6ec8a433ea7a68061a639ef322e4721743c6110c0a09fd918e62f5c2030fe988 27784 firejail_0.9.68-4.debian.tar.xz 40b5b3d8f0f38175c64bdf7f4c8e2ca156b46c37bb7ccada96a927dcf307912f 6604 firejail_0.9.68-4_source.buildinfo Files: c883eb9d914f0dc200d3950853b13524 2479 utils optional firejail_0.9.68-4.dsc 6efe51c50d0f1745d8507729181e90e9 27784 utils optional firejail_0.9.68-4.debian.tar.xz 09e2e8d44639cf8d0370b5e7d4debcc1 6604 utils optional firejail_0.9.68-4_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE2Pb6feok2Q1urHM7zPBJKNsO6qcFAmKg0CwACgkQzPBJKNsO 6qcAwg/+IVQyc0qtkXY3/9AOsq1fR+T17/1piHbhQv0DMdos0J+YchKnZ8jXVRLB M3plbaN6Y9Jg3XaWOjj2B6ACsZsTjjmSivf2eSEwXByAdXHEYfJeYniFpFz3ibJZ cEBxEsQTc4PU/lvfikbrWZIGCxPLLedjdfdbHsiXbZYyO+JP9c1LHn+mQ21UqKeO Y//8g3z+AzsLiQuPetBKALYWJMfOY6KQjZBZh5Qf3Dip25L8qDXiQx0vsccMqnP6 5RXOqpeewRfMo2NjCRVhQyAjcAH6pmjN6F9qI9pF8y2h+B0yT0Z9ruVaiO+MGlKL kpJ2iD0SIZLEWRKwQnfaH0NoXLeC65fDjssSuuWP9CN5w2JxraX2odRDQit9BINf vQ/hA6ly5WedhtGmWe7uszgf/D+ykBB5zjZ2HSqAICMKUVXVJ/KCJuS3ET0zJ0fd vRM54ZeqvBf7qnLh2jJBkgqcxSkwWgCQddFt7qbpNF2v0oJJUuhIc5Cxy7tga+W/ 0omh5e9s2kVs7KuiJ8rLrhA06uabBNuiHBrwBQQNgvwXf7Jer6oEMMBpL5fBe6BO A+wzxc3oGe0c1LFRnaJQPmvew5pw50j/YmdNAIpwk2kuFp3Gb8BRO9eNReRmOWGW pUUD8W9vsMHQnlr50H/jn8kB36Vhll7VaYKcK6/Z8RCK8VQeDHs= =hqMa -END PGP SIGNATURE End Message ---