Your message dated Fri, 01 Jul 2022 19:17:22 +0000 with message-id <e1o7m8o-000cdp...@fasolo.debian.org> and subject line Bug#1012510: fixed in firejail 0.9.58.2-2+deb10u3 has caused the Debian Bug report #1012510, regarding firejail: CVE-2022-31214: local root exploit reachable via --join logic to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1012510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012510 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: firejail Version: 0.9.68-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for firejail. CVE-2022-31214[0]: | local root exploit reachable via --join logic If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31214 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31214 [1] https://www.openwall.com/lists/oss-security/2022/06/08/10 [2] https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 [3] https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7 [4] https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: firejail Source-Version: 0.9.58.2-2+deb10u3 Done: Reiner Herrmann <rei...@reiner-h.de> We believe that the bug you reported is fixed in the latest version of firejail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1012...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reiner Herrmann <rei...@reiner-h.de> (supplier of updated firejail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 21 Jun 2022 19:54:44 +0200 Source: firejail Architecture: source Version: 0.9.58.2-2+deb10u3 Distribution: buster-security Urgency: medium Maintainer: Reiner Herrmann <rei...@reiner-h.de> Changed-By: Reiner Herrmann <rei...@reiner-h.de> Closes: 1012510 Changes: firejail (0.9.58.2-2+deb10u3) buster-security; urgency=medium . * Fix local root exploit reachable via --join logic. (CVE-2022-31214) (Closes: #1012510) Checksums-Sha1: aa5f2238915eaadc77dbc515fbaa99f7cb06c57e 2521 firejail_0.9.58.2-2+deb10u3.dsc 116a6bab8dd02f20c12d623aefffa260bc6ccf34 27444 firejail_0.9.58.2-2+deb10u3.debian.tar.xz 1ee64249ee5350e3d5ea26180ea2ca182c753d7d 5427 firejail_0.9.58.2-2+deb10u3_source.buildinfo Checksums-Sha256: 056081684a07e1e128b862ad52718aefc20b1a6bb16babfbaf1d655fe8baae16 2521 firejail_0.9.58.2-2+deb10u3.dsc f68b407eea33eefdf3a6b6d7f3e3b30c61b6c8c19de98143c7859177e9b89695 27444 firejail_0.9.58.2-2+deb10u3.debian.tar.xz d061c59444df49b73c1e52996faae8d1f073e7456b2d726fe15ae4a8f55d6d94 5427 firejail_0.9.58.2-2+deb10u3_source.buildinfo Files: d0395323782e87b4501466f38e0a4cf6 2521 utils optional firejail_0.9.58.2-2+deb10u3.dsc 5594bbd23576759061683b7ca8c548ce 27444 utils optional firejail_0.9.58.2-2+deb10u3.debian.tar.xz 889fda865ea38c516815b8c9425b52c7 5427 utils optional firejail_0.9.58.2-2+deb10u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKy4kkACgkQEMKTtsN8 TjazeRAAlbarFTWYGFf63Ckfphd8NljGhb9DHcD75hWXRSKAn/JdZNj3guXdzRZG yYbMDClcBW5fT68Rt9bNB9Pcm1uRCmtAbKPQJBXfT+hnwSOVgvOX4weVBvFvGGun Qh6Q+0A/sff8+P73VvAR2Z6xJ83Eh+MaqGLW2uURyNmXuTjK9ynZJIpfEZUgHFeW PP7ZeR6l/dIJtapzTqSv1Ni5eY818x2TnyJAPYpfF/ScOsNwTWPiSHVGuwSpb9Ai 65juD/fBG0DN13JJN5HBoL5lkVuTOuvJ28gRepLB+/wuQxlpcgee4foiLU8HLv6j ekGt9DIdtmbde145ZMalOqoIMxxdMcYdY7O0GG6Mz8+Efgv0XIjeNPewTcm4bhi6 O15/IH7WvAR/+l4TAxc2AVM9cC5A5reyyA0lK2ioZNUa6iHJA0OwVhBPKj7WiEbJ LZvp1IolrwM9RMytduZqxTOmUid84yWF49iBKTC/dRiBMBS5u9tVPEDEeCgtSR8B es2dGqRT4TRL5W8ANGbxfJt8VfyZs44GbDwh0015GliHUqVTcSsE/EdOmBIlUQAX fygoHR2OAjoVMzouaxlMoSZ7O3bu7ltRI/w9oTAEXQbBVFQaSYC98a44hLOXcJFK iyIQJny1XeGXiwYRzveGq3C2qkoaXKIyH6PwgZZcCpMeDHg3mAo= =YQce -----END PGP SIGNATURE-----
--- End Message ---
