Your message dated Wed, 18 Jun 2025 10:34:06 +0000
with message-id <[email protected]>
and subject line unblock libblockdev
has caused the Debian Bug report #1107968,
regarding unblock: libblockdev/3.3.0-2.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1107968: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107968
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected], Utopia Maintenance Team
<[email protected]>, Michael Biebl
<[email protected]>, [email protected]
Control: affects -1 + src:libblockdev
User: [email protected]
Usertags: unblock
Hi Release Team,
Please unblock package libblockdev
libblockdev is affected by CVE-2025-6019, a local privilege escalation
to root which can be exploited via the udisks2 deamon. We have
released DSA 5943-1 yesterday for it.
unblock libblockdev/3.3.0-2.1
and if possible let it migrate rather soon into testing.
Regards,
Salvatore
diff -Nru libblockdev-3.3.0/debian/changelog libblockdev-3.3.0/debian/changelog
--- libblockdev-3.3.0/debian/changelog 2025-02-27 22:12:11.000000000 +0100
+++ libblockdev-3.3.0/debian/changelog 2025-06-09 15:06:46.000000000 +0200
@@ -1,3 +1,10 @@
+libblockdev (3.3.0-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * dont allow suid and dev set on fs resize (CVE-2025-6019)
+
+ -- Salvatore Bonaccorso <[email protected]> Mon, 09 Jun 2025 15:06:46 +0200
+
libblockdev (3.3.0-2) unstable; urgency=medium
* autopkgtest: Add dependency on vdo.
diff -Nru
libblockdev-3.3.0/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch
libblockdev-3.3.0/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch
---
libblockdev-3.3.0/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch
1970-01-01 01:00:00.000000000 +0100
+++
libblockdev-3.3.0/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch
2025-06-09 15:06:46.000000000 +0200
@@ -0,0 +1,27 @@
+From 8e072f794744bd17c57cceabb3884d3f0f6a1602 Mon Sep 17 00:00:00 2001
+From: Thomas Blume <[email protected]>
+Date: Fri, 16 May 2025 14:27:10 +0200
+Subject: [PATCH] dont allow suid and dev set on fs resize
+
+---
+ src/plugins/fs/generic.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c
+index 69333944..1a6dd960 100644
+--- a/src/plugins/fs/generic.c
++++ b/src/plugins/fs/generic.c
+@@ -683,7 +683,9 @@ static gchar* fs_mount (const gchar *device, gchar
*fstype, gboolean read_only,
+ "Failed to create temporary directory for
mounting '%s'.", device);
+ return NULL;
+ }
+- ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "ro" :
NULL, NULL, &l_error);
++
++ ret = bd_fs_mount (device, mountpoint, fstype, read_only ?
"nosuid,nodev,ro" : "nosuid,nodev", NULL, &l_error);
++
+ if (!ret) {
+ g_propagate_prefixed_error (error, l_error, "Failed to mount
'%s': ", device);
+ g_rmdir (mountpoint);
+--
+2.48.1
+
diff -Nru libblockdev-3.3.0/debian/patches/series
libblockdev-3.3.0/debian/patches/series
--- libblockdev-3.3.0/debian/patches/series 2025-02-27 22:12:11.000000000
+0100
+++ libblockdev-3.3.0/debian/patches/series 2025-06-09 15:06:46.000000000
+0200
@@ -1 +1,2 @@
Skip-smartmontools-integration-test.patch
+dont-allow-suid-and-dev-set-on-fs-resize.patch
--- End Message ---
--- Begin Message ---
Unblocked libblockdev.
--- End Message ---
