| 2017-08-07 19:44:16 |
Jeremy Bícha |
bug |
|
|
added bug |
| 2017-08-07 19:44:44 |
Jeremy Bícha |
bug |
|
|
added subscriber MIR approval team |
| 2017-08-23 12:17:45 |
Launchpad Janitor |
bubblewrap (Ubuntu): status |
New |
Confirmed |
|
| 2017-09-04 09:50:07 |
amano |
bug |
|
|
added subscriber Ubuntu Release Team |
| 2017-09-04 09:50:51 |
amano |
summary |
[MIR] bubblewrap |
[FFe][MIR] bubblewrap |
|
| 2017-09-04 10:38:46 |
amano |
summary |
[FFe][MIR] bubblewrap |
FFe: [MIR] bubblewrap |
|
| 2017-10-28 02:38:35 |
Jeremy Bícha |
summary |
FFe: [MIR] bubblewrap |
[MIR] bubblewrap |
|
| 2017-10-28 02:41:03 |
Jeremy Bícha |
description |
Availability
============
Built for all supported architectures.
In sync with Debian.
Rationale
=========
The gnome-desktop3 library 3.25.90 requires bubblewrap. bubblewrap is most commonly used as part of Flatpak's security isolation feature. Here it's being used to sandbox the thumbnailers.
See https://git.gnome.org/browse/gnome-desktop/log (changes from 3.25.4 to 3.25.90)
Security
========
No known open security vulnerabilities in any Ubuntu releases.
https://security-tracker.debian.org/tracker/source-package/bubblewrap
I helped prepare a security update (LP: #1657357) (CVE-2017-5226) for bubblewrap/flatpak several months ago.
Quality assurance
=================
Bug subscriber: should be Ubuntu Desktop Bugs
https://bugs.launchpad.net/ubuntu/+source/bubblewrap
https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=bubblewrap
https://github.com/projectatomic/bubblewrap/issues
dh_auto_test runs the build tests but they appear to be set as SKIP upstream.
Multiple autopkgtests passing on all Ubuntu architectures. Because the tests require machine isolation, the autopkgtests don't run on Debian's infrastructure currently.
Dependencies
============
check-mir reports all other binary dependencies are in main
Standards compliance
====================
4.0.0
Maintenance
===========
- Actively developed upstream
https://github.com/projectatomic/bubblewrap
- Maintained in Debian by the pkg-utopia team but more specifically, it is maintained by Simon McVittie (smcv) who also maintains Flatpak and ostree in Debian and Ubuntu.
short dh7 style rules, dh compat 10
Background information
======================
William Hua (attente) had been working last year on a snapcraft plugin that used bubblewrap.
So maybe more stuff will use bubblewrap in the future. |
Availability
============
Built for all supported architectures.
In sync with Debian.
Rationale
=========
The gnome-desktop3 library 3.25.90+ requires bubblewrap. bubblewrap is most commonly used as part of Flatpak's security isolation feature. Here it's being used to sandbox the thumbnailers.
See https://git.gnome.org/browse/gnome-desktop/log (changes from 3.25.4 to 3.25.90)
The bubblewrap feature was disabled in Ubuntu 17.10's gnome-desktop3 package because this MIR was not processed.
Security
========
No known open security vulnerabilities in any Ubuntu releases.
https://security-tracker.debian.org/tracker/source-package/bubblewrap
I helped prepare a security update (LP: #1657357) (CVE-2017-5226) for bubblewrap/flatpak several months ago.
Quality assurance
=================
Bug subscriber: should be Ubuntu Desktop Bugs
https://bugs.launchpad.net/ubuntu/+source/bubblewrap
https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=bubblewrap
https://github.com/projectatomic/bubblewrap/issues
dh_auto_test runs the build tests but they appear to be set as SKIP upstream. (See comment #4)
Multiple autopkgtests passing on all Ubuntu architectures. Because the tests require machine isolation, the autopkgtests don't run on Debian's infrastructure currently.
Dependencies
============
check-mir reports all other binary dependencies are in main
Standards compliance
====================
4.0.0
Maintenance
===========
- Actively developed upstream
https://github.com/projectatomic/bubblewrap
- Maintained in Debian by the pkg-utopia team but more specifically, it is maintained by Simon McVittie (smcv) who also maintains Flatpak and ostree in Debian and Ubuntu.
short dh7 style rules, dh compat 10
Background information
======================
William Hua (attente) had been working last year on a snapcraft plugin that used bubblewrap.
So maybe more stuff will use bubblewrap in the future. |
|
| 2017-12-08 14:57:40 |
Jeremy Bícha |
description |
Availability
============
Built for all supported architectures.
In sync with Debian.
Rationale
=========
The gnome-desktop3 library 3.25.90+ requires bubblewrap. bubblewrap is most commonly used as part of Flatpak's security isolation feature. Here it's being used to sandbox the thumbnailers.
See https://git.gnome.org/browse/gnome-desktop/log (changes from 3.25.4 to 3.25.90)
The bubblewrap feature was disabled in Ubuntu 17.10's gnome-desktop3 package because this MIR was not processed.
Security
========
No known open security vulnerabilities in any Ubuntu releases.
https://security-tracker.debian.org/tracker/source-package/bubblewrap
I helped prepare a security update (LP: #1657357) (CVE-2017-5226) for bubblewrap/flatpak several months ago.
Quality assurance
=================
Bug subscriber: should be Ubuntu Desktop Bugs
https://bugs.launchpad.net/ubuntu/+source/bubblewrap
https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=bubblewrap
https://github.com/projectatomic/bubblewrap/issues
dh_auto_test runs the build tests but they appear to be set as SKIP upstream. (See comment #4)
Multiple autopkgtests passing on all Ubuntu architectures. Because the tests require machine isolation, the autopkgtests don't run on Debian's infrastructure currently.
Dependencies
============
check-mir reports all other binary dependencies are in main
Standards compliance
====================
4.0.0
Maintenance
===========
- Actively developed upstream
https://github.com/projectatomic/bubblewrap
- Maintained in Debian by the pkg-utopia team but more specifically, it is maintained by Simon McVittie (smcv) who also maintains Flatpak and ostree in Debian and Ubuntu.
short dh7 style rules, dh compat 10
Background information
======================
William Hua (attente) had been working last year on a snapcraft plugin that used bubblewrap.
So maybe more stuff will use bubblewrap in the future. |
Availability
============
Built for all supported architectures.
In sync with Debian.
Rationale
=========
The gnome-desktop3 library 3.25.90+ requires bubblewrap. bubblewrap is most commonly used as part of Flatpak's security isolation feature. Here it's being used to sandbox the thumbnailers.
See https://git.gnome.org/browse/gnome-desktop/log (changes from 3.25.4 to 3.25.90)
The bubblewrap feature was disabled in Ubuntu 17.10's gnome-desktop3 package because this MIR was not processed.
Security
========
No known open security vulnerabilities in any Ubuntu releases.
https://security-tracker.debian.org/tracker/source-package/bubblewrap
I helped prepare a security update (LP: #1657357) (CVE-2017-5226) for bubblewrap/flatpak several months ago.
Security-sensitive package.
Quality assurance
=================
Bug subscriber: should be Ubuntu Desktop Bugs
https://bugs.launchpad.net/ubuntu/+source/bubblewrap
https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=bubblewrap
https://github.com/projectatomic/bubblewrap/issues
dh_auto_test runs the build tests but they appear to be set as SKIP upstream. (See comment #4)
Multiple autopkgtests passing on all Ubuntu architectures. Because the tests require machine isolation, the autopkgtests don't run on Debian's infrastructure currently.
Dependencies
============
check-mir reports all other binary dependencies are in main
Standards compliance
====================
4.0.0
Maintenance
===========
- Actively developed upstream
https://github.com/projectatomic/bubblewrap
- Maintained in Debian by the pkg-utopia team but more specifically, it is maintained by Simon McVittie (smcv) who also maintains Flatpak and ostree in Debian and Ubuntu.
short dh7 style rules, dh compat 10
Background information
======================
William Hua (attente) had been working last year on a snapcraft plugin that used bubblewrap.
So maybe more stuff will use bubblewrap in the future. |
|
| 2018-01-31 12:03:54 |
Didier Roche-Tolomelli |
bubblewrap (Ubuntu): assignee |
|
Canonical Security Team (canonical-security) |
|
| 2018-01-31 21:53:01 |
Jeremy Bícha |
bug watch added |
|
https://github.com/projectatomic/bubblewrap/issues/250 |
|
| 2018-04-05 17:07:32 |
Iain Lane |
bubblewrap (Ubuntu): assignee |
Canonical Security Team (canonical-security) |
Ubuntu Security Team (ubuntu-security) |
|
| 2018-04-05 17:07:51 |
Iain Lane |
removed subscriber Ubuntu Release Team |
|
|
|
| 2018-08-23 16:48:02 |
Jamie Strandboge |
bubblewrap (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
Seth Arnold (seth-arnold) |
|
| 2018-08-23 16:48:05 |
Jamie Strandboge |
bubblewrap (Ubuntu): status |
Confirmed |
Triaged |
|
| 2018-08-23 16:48:10 |
Jamie Strandboge |
bubblewrap (Ubuntu): importance |
Undecided |
High |
|
| 2018-08-24 03:24:54 |
Jed Davis |
bug watch added |
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1434528 |
|
| 2018-09-04 13:49:34 |
Jamie Strandboge |
bubblewrap (Ubuntu): assignee |
Seth Arnold (seth-arnold) |
Alex Murray (alexmurray) |
|
| 2018-09-14 11:25:29 |
Alex Murray |
cve linked |
|
2017-5226 |
|
| 2018-09-14 11:25:41 |
Alex Murray |
bubblewrap (Ubuntu): assignee |
Alex Murray (alexmurray) |
|
|
| 2018-09-14 13:43:00 |
Jeremy Bícha |
bug |
|
|
added subscriber Alex Murray |
| 2018-09-26 20:20:07 |
Andrew Hayzen |
bug |
|
|
added subscriber Andrew Hayzen |
| 2018-10-01 10:37:49 |
Iain Lane |
bubblewrap (Ubuntu): status |
Triaged |
Fix Released |
|
