Your message dated Wed, 08 Jun 2022 16:48:56 +0000 with message-id <e1nyyry-0006pv...@fasolo.debian.org> and subject line Bug#1012510: fixed in firejail 0.9.68-4 has caused the Debian Bug report #1012510, regarding firejail: CVE-2022-31214: local root exploit reachable via --join logic to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1012510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012510 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: firejail Version: 0.9.68-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for firejail. CVE-2022-31214[0]: | local root exploit reachable via --join logic If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31214 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31214 [1] https://www.openwall.com/lists/oss-security/2022/06/08/10 [2] https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 [3] https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7 [4] https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: firejail Source-Version: 0.9.68-4 Done: Reiner Herrmann <rei...@reiner-h.de> We believe that the bug you reported is fixed in the latest version of firejail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1012...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reiner Herrmann <rei...@reiner-h.de> (supplier of updated firejail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 08 Jun 2022 18:30:16 +0200 Source: firejail Architecture: source Version: 0.9.68-4 Distribution: unstable Urgency: high Maintainer: Reiner Herrmann <rei...@reiner-h.de> Changed-By: Reiner Herrmann <rei...@reiner-h.de> Closes: 1012510 Changes: firejail (0.9.68-4) unstable; urgency=high . * Fix local root exploit reachable via --join logic. (CVE-2022-31214) (Closes: #1012510) Checksums-Sha1: 6d6d8c5fbac8d54229c11e9319dcf747faf37753 2479 firejail_0.9.68-4.dsc 5b893ef3d4f22ae95354477c82bb14a2b12951d4 27784 firejail_0.9.68-4.debian.tar.xz 3410deba6eee72ac89b9dbb48169b12dec593458 6604 firejail_0.9.68-4_source.buildinfo Checksums-Sha256: fd95dadcbe29d880037f238dda070283b8748acd77b9701218686f7555df0019 2479 firejail_0.9.68-4.dsc 6ec8a433ea7a68061a639ef322e4721743c6110c0a09fd918e62f5c2030fe988 27784 firejail_0.9.68-4.debian.tar.xz 40b5b3d8f0f38175c64bdf7f4c8e2ca156b46c37bb7ccada96a927dcf307912f 6604 firejail_0.9.68-4_source.buildinfo Files: c883eb9d914f0dc200d3950853b13524 2479 utils optional firejail_0.9.68-4.dsc 6efe51c50d0f1745d8507729181e90e9 27784 utils optional firejail_0.9.68-4.debian.tar.xz 09e2e8d44639cf8d0370b5e7d4debcc1 6604 utils optional firejail_0.9.68-4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE2Pb6feok2Q1urHM7zPBJKNsO6qcFAmKg0CwACgkQzPBJKNsO 6qcAwg/+IVQyc0qtkXY3/9AOsq1fR+T17/1piHbhQv0DMdos0J+YchKnZ8jXVRLB M3plbaN6Y9Jg3XaWOjj2B6ACsZsTjjmSivf2eSEwXByAdXHEYfJeYniFpFz3ibJZ cEBxEsQTc4PU/lvfikbrWZIGCxPLLedjdfdbHsiXbZYyO+JP9c1LHn+mQ21UqKeO Y//8g3z+AzsLiQuPetBKALYWJMfOY6KQjZBZh5Qf3Dip25L8qDXiQx0vsccMqnP6 5RXOqpeewRfMo2NjCRVhQyAjcAH6pmjN6F9qI9pF8y2h+B0yT0Z9ruVaiO+MGlKL kpJ2iD0SIZLEWRKwQnfaH0NoXLeC65fDjssSuuWP9CN5w2JxraX2odRDQit9BINf vQ/hA6ly5WedhtGmWe7uszgf/D+ykBB5zjZ2HSqAICMKUVXVJ/KCJuS3ET0zJ0fd vRM54ZeqvBf7qnLh2jJBkgqcxSkwWgCQddFt7qbpNF2v0oJJUuhIc5Cxy7tga+W/ 0omh5e9s2kVs7KuiJ8rLrhA06uabBNuiHBrwBQQNgvwXf7Jer6oEMMBpL5fBe6BO A+wzxc3oGe0c1LFRnaJQPmvew5pw50j/YmdNAIpwk2kuFp3Gb8BRO9eNReRmOWGW pUUD8W9vsMHQnlr50H/jn8kB36Vhll7VaYKcK6/Z8RCK8VQeDHs= =hqMa -----END PGP SIGNATURE-----
--- End Message ---
