Your message dated Fri, 24 Jun 2022 14:45:13 +0000 with message-id <e1o4kyb-0008yt...@fasolo.debian.org> and subject line Bug#1012510: fixed in firejail 0.9.64.4-2+deb11u1 has caused the Debian Bug report #1012510, regarding firejail: CVE-2022-31214: local root exploit reachable via --join logic to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1012510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012510 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: firejail Version: 0.9.68-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for firejail. CVE-2022-31214[0]: | local root exploit reachable via --join logic If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31214 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31214 [1] https://www.openwall.com/lists/oss-security/2022/06/08/10 [2] https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 [3] https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7 [4] https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: firejail Source-Version: 0.9.64.4-2+deb11u1 Done: Reiner Herrmann <rei...@reiner-h.de> We believe that the bug you reported is fixed in the latest version of firejail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1012...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reiner Herrmann <rei...@reiner-h.de> (supplier of updated firejail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 16 Jun 2022 21:54:51 +0200 Source: firejail Architecture: source Version: 0.9.64.4-2+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Reiner Herrmann <rei...@reiner-h.de> Changed-By: Reiner Herrmann <rei...@reiner-h.de> Closes: 1012510 Changes: firejail (0.9.64.4-2+deb11u1) bullseye-security; urgency=medium . * Fix local root exploit reachable via --join logic. (CVE-2022-31214) (Closes: #1012510) Checksums-Sha1: 11ff516e7ba0e7add0db635e67cbca42c3670854 2531 firejail_0.9.64.4-2+deb11u1.dsc 48317cba51090b65468e78a05ea2968da22b872f 431116 firejail_0.9.64.4.orig.tar.xz 68be2d714f40024da64c21c31e4335b5910d6008 488 firejail_0.9.64.4.orig.tar.xz.asc 41c3cd40c303b5c444165ad0327fe031525b3aa5 28856 firejail_0.9.64.4-2+deb11u1.debian.tar.xz d13e46005f9ed26ed9c335aa1cf99d58597512de 5837 firejail_0.9.64.4-2+deb11u1_source.buildinfo Checksums-Sha256: b4b661df00ef959d0c29366a5d1f2774257e36d2de1f867648ee40bfc0034713 2531 firejail_0.9.64.4-2+deb11u1.dsc 2bdaf71fff00d7551b6a4f584f3f7152821b6f9b9d416ee098f4aeaf3a02dff1 431116 firejail_0.9.64.4.orig.tar.xz 9c743e148f128295eb9fdf4176107f099063aed4b3a410f8e4f24ed18791f0d1 488 firejail_0.9.64.4.orig.tar.xz.asc 6aa768ee9b89b5668a0baaa1187c1d8ba376ef225beba3609071ebeab3d6b2dd 28856 firejail_0.9.64.4-2+deb11u1.debian.tar.xz 87b93204cb2681ec72212d87675afb1b4c65167655ca6e805bd8f1b928d256c4 5837 firejail_0.9.64.4-2+deb11u1_source.buildinfo Files: 3f09b8cc858732b27d63f9d8d2b07804 2531 utils optional firejail_0.9.64.4-2+deb11u1.dsc e3be55266472dc8ac373c9fcfba4f9f9 431116 utils optional firejail_0.9.64.4.orig.tar.xz 2fb8e73eff64ccbcd2126ca26f6f4966 488 utils optional firejail_0.9.64.4.orig.tar.xz.asc a39168f986fcb2e56ce5d2f954f9da64 28856 utils optional firejail_0.9.64.4-2+deb11u1.debian.tar.xz 102143bc85d6a9399ca22ff2af275726 5837 utils optional firejail_0.9.64.4-2+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKwI70ACgkQEMKTtsN8 Tjblew/6A3ZjP5XRWIBQnrT3CJ1od1oMr6qw9/9G1CVqthV4iFZFvmxWIbX5X4At FgfbnHOMwwDGLRD3rJNs+QIEQj/xpRMGNty1xw1dOIoDrPoEn12OoD1q0D8ys/M5 d9GgC6KYfzGlxgcr8xagETi1Rs45igjR5vNjHWvpQOJ1HTba7arxgPDUYZruzwNT waj/6VxPVuiYVyTuS8iqb938we1eCPcqWx3GSi46Hr61Ih+ns0lEVxvayGTDg7ZR qvQs0eA5MfgrOcI5F0xKmmvhbhqngAXEFSxKGoXIAj1yuiLkPP4z//C5QblNOKRX 0xoqksJbzVGZhCFRTqFgcqtCovMavOsL+Zx/G4Zr/kAkPwS4ks9lMCANdanmBNxK JjIikIXz60zlf0H35ZxFr1ETN5TSwooffFRUyZTwr3Vd5ztsITZZFLTPhkbR+6Om BR/+BR2ENJMEkjHjBLPmJNBCisawvFhSKJhRPqTs/mr+tfQYOBxwDyYICWq5Lwol ZfGb+CkyktSYfIZB/TRHTxxd5ptTGqQFvDHJ0OEIMmu+ka4OH16PdVavg4/6q0mq WaoaHviPiqH8/ogqXCWtkwQnqmlN+8lNCxLOQq9eI4Vjp4PIB5Fi2KXqbwWeQr5h xPK2vBy7HPN7QQyuJ6o14dzt6Yb4coBhmDEryTSEZVQwUjIezpg= =9Mx2 -----END PGP SIGNATURE-----
--- End Message ---
