This bug was fixed in the package bubblewrap - 0.1.7-0ubuntu0.16.10.1
---
bubblewrap (0.1.7-0ubuntu0.16.10.1) yakkety-security; urgency=medium
* SECURITY UPDATE: bubblewrap escape via TIOCSTI ioctl (LP: #1657357)
- Fixed in new upstream release 0.1.7 by adding --new-session
This bug was fixed in the package flatpak - 0.6.11-1ubuntu0.16.10.0
---
flatpak (0.6.11-1ubuntu0.16.10.0) yakkety-security; urgency=medium
* SECURITY UPDATE: bubblewrap escape via TIOCSTI ioctl (LP: #1657357)
- Fixed in d/p/Use-seccomp-to-filter-out-TIOCSTI-ioctl.patch:
Ad
@jbicha Thanks for the debdiffs! sbeattie reviewed the flatpak debdiff
and I reviewed the bubblewrap debdiff. They've both built in the
security-proposed PPA.
As for the bubblewrap changes, I'm going to sponsor them but I do want
to say that I worry that we're getting in the habit of doing version
** Changed in: bubblewrap (Ubuntu)
Status: New => Confirmed
** Changed in: flatpak (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1657357
Title:
bubbl
I've added a second patch to the Flatpak debdiff. Another security-
related commit from 0.8.2. I had to refresh the last 3 hunks so the
patch would apply cleanly.
https://github.com/flatpak/flatpak/commit/7db0ac595c
** Patch removed: "flatpak-yakkety-lp1657357.debdiff"
https://bugs.launchpad.
** Description changed:
- Another bubblewrap security issue. This has been fixed in Debian and
- upstream in both bubblewrap and Flatpak which need to be updated at the
- same time.
+ Another bubblewrap security issue for yakkety. Changelogs are derived from
Debian's. This has already been fixed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1657357
Title:
bubblewrap escape via TIOCSTI ioctl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+b
** Patch added: "flatpak-yakkety-lp1657357.debdiff"
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1657357/+attachment/4806561/+files/flatpak-yakkety-lp1657357.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
http
** Patch removed: "flatpak-yakkety-lp1657357.debdiff"
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1657357/+attachment/4806063/+files/flatpak-yakkety-lp1657357.debdiff
** Patch removed: "bubblewrap-yakkety-lp1657357.debdiff"
https://bugs.launchpad.net/ubuntu/+source/bubblewrap
** Patch removed: "flatpak-yakkety-lp1657357.debdiff"
https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1657357/+attachment/4805728/+files/flatpak-yakkety-lp1657357.debdiff
** Patch removed: "bubblewrap-yakkety-lp1657357.debdiff"
https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/
** Patch added: "flatpak-yakkety-lp1657357.debdiff"
https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1657357/+attachment/4806063/+files/flatpak-yakkety-lp1657357.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
Thanks Mathew, I fixed that now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1657357
Title:
bubblewrap escape via TIOCSTI ioctl
To manage notifications about this bug go to:
https://bugs.launchpa
** Changed in: bubblewrap (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1657357
Title:
bubblewrap escape via TIOCSTI ioctl
To manage notifications ab
I noticed the changelog links to the wrong bug in the flatpak and
bubblewrap debdiffs.
It links to an older security bug not this one.
** Bug watch added: Debian Bug tracker #850702
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850702
** Also affects: bubblewrap (Debian) via
http://bugs
** Patch added: "bubblewrap-yakkety-lp1657357.debdiff"
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1657357/+attachment/4805726/+files/bubblewrap-yakkety-lp1657357.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu
** Patch added: "flatpak-yakkety-lp1657357.debdiff"
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1657357/+attachment/4805728/+files/flatpak-yakkety-lp1657357.debdiff
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-5226
** Information type changed from Public
** Patch added: "ostree-yakkety-lp1657357.debdiff"
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1657357/+attachment/4805727/+files/ostree-yakkety-lp1657357.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:
** Patch added: "bubblewrap-yakkety-lp1657357.debdiff"
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1657357/+attachment/4805729/+files/bubblewrap-yakkety-lp1657357.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu
18 matches
Mail list logo
