Your message dated Thu, 13 Oct 2016 10:54:32 +0000 with message-id <e1budei-0004jw...@franck.debian.org> and subject line Bug#840605: fixed in bubblewrap 0.1.2-2 has caused the Debian Bug report #840605, regarding bubblewrap: CVE-2016-8659 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 840605: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840605 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bubblewrap Version: 0.1.2-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for bubblewrap. CVE-2016-8659[0]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8659 [1] http://www.openwall.com/lists/oss-security/2016/10/12/5 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bubblewrap Source-Version: 0.1.2-2 We believe that the bug you reported is fixed in the latest version of bubblewrap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 840...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie <s...@debian.org> (supplier of updated bubblewrap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 13 Oct 2016 11:12:38 +0100 Source: bubblewrap Binary: bubblewrap Architecture: source Version: 0.1.2-2 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Simon McVittie <s...@debian.org> Description: bubblewrap - setuid wrapper for unprivileged chroot and namespace manipulation Closes: 840605 Changes: bubblewrap (0.1.2-2) unstable; urgency=high . * Revert addition of --set-hostname as a short-term fix for CVE-2016-8659 (Closes: #840605) Checksums-Sha1: da87c8e0ba6e6984d4a8b4a94e9a909e8a6c590e 2071 bubblewrap_0.1.2-2.dsc dfb31e8c478dc330a6a3d00a5899c46b1e606450 5676 bubblewrap_0.1.2-2.debian.tar.xz Checksums-Sha256: 162b2e238f3f74797e94ee3dc6170e74799a1500991d4e96d1e33c3dd20640de 2071 bubblewrap_0.1.2-2.dsc 33de5ad850c2efeb5409636d8c230894444d8a00dd4dfe564457e8de59ff9a1d 5676 bubblewrap_0.1.2-2.debian.tar.xz Files: ab81b20f39f29fb4b9a74304d36ceb85 2071 admin optional bubblewrap_0.1.2-2.dsc 39c13d7833f8eb79e44bf756044f15d3 5676 admin optional bubblewrap_0.1.2-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJX/2B5AAoJEE3o/ypjx8yQJvMQAJtQyb0sWadxoQmPjoJ9MP7v tkyZhqVWH5qPqZJYE23T2+1RyOSYrvt05UB5Lhvo7s2dE8PttxeUedO6YhAfBxjm DbGPM39z+BzK+4hm5TJo2sDKQ5+by3678TAt3FKlQnrvjlc6WdYoGFiP3cLqGS5O +lbiPJZOSsPNoOlVoGRmziLn5HRkn2rg9Mq2708mJxyxpDtkkq35ANFlaV4FrKKb kQNbdpMQgSwijpQy7gQFj5O4d12bwz+V8+gHSlbjD7ua13nmGPgyuI0QA2wSbXQs XCvolp/oXK4X9u7UTXcAHPq02TfdIGugCVDOQgkyOdbJT7oMMP2T2APON2ZzznaU HCpUI+i/J4ZJYWdjbLIGPe0Wi5HkANokgrBpaW0qBkV3pzp+4qltRQiJgphrZqRT YVD+AuVLF2Kq7gIqQ8h2Ges19YpCeGlgieBNSxt4Y0fTfHWf/1K9C+bfEAD2viH4 Wej0O79IXwBH/dBqUWP0qnCPp1t0eJnPj97NuqcM2KovipvWUaSH/DWNWECUIobT dttd5uoCXrivae7hfC9cp+PcmsyaRprJ1J0TkvlS93Pm2k0e5iPku2YPD/qjQkAr DNZQAtBL1Gs6Ya6IPyg5M/PZTz8bT0Y/Kz1eiASkREq3fhW2m+JwAwbBplnIiwc9 fLo8s8Gp1wudKENxI6sT =ym9q -----END PGP SIGNATURE-----
--- End Message ---
