Your message dated Mon, 17 Nov 2025 15:59:11 +0000
with message-id <[email protected]>
and subject line Bug#1120140: fixed in runc 1.3.3+ds1-2
has caused the Debian Bug report #1120140,
regarding runc: CVE-2025-31133 CVE-2025-52565 CVE-2025-52881
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1120140: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120140
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: runc
Version: 1.3.2+ds1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1.1.15+ds1-2
Hi,
The following vulnerabilities were published for runc.
CVE-2025-31133[0], CVE-2025-52565[1] and CVE-2025-52881[2].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-31133
https://www.cve.org/CVERecord?id=CVE-2025-31133
[1] https://security-tracker.debian.org/tracker/CVE-2025-52565
https://www.cve.org/CVERecord?id=CVE-2025-52565
[2] https://security-tracker.debian.org/tracker/CVE-2025-52881
https://www.cve.org/CVERecord?id=CVE-2025-52881
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: runc
Source-Version: 1.3.3+ds1-2
Done: Reinhard Tartler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
runc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <[email protected]> (supplier of updated runc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 16 Nov 2025 11:28:16 -0500
Source: runc
Architecture: source
Version: 1.3.3+ds1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Reinhard Tartler <[email protected]>
Closes: 1120140
Changes:
runc (1.3.3+ds1-2) unstable; urgency=medium
.
* Upload to unstable
* debian/control: Drop redundant Rules-Requires-Root
.
runc (1.3.3+ds1-1) experimental; urgency=medium
.
* New upstream release:
- Fixes CVE-2025-31133, CVE-2025-52565, CVE-2025-52881,
Closes: #1120140
* refresh patches
* debian/control:
- tighten dependency on containerd/console
- build against golang-github-cyphar-filepath-securejoin-dev 0.5
* debian/copyright: clarify licensing terms of this package
* Backport upstream patches:
- libct: use manager.AddPid to add exec to cgroup
Checksums-Sha1:
07135a9d2c7490be1b6b4e2d28977f749720148e 3464 runc_1.3.3+ds1-2.dsc
ffd1497e74a7296d6ab402ccb30002d4464b6db9 13228 runc_1.3.3+ds1-2.debian.tar.xz
Checksums-Sha256:
9a3cd60645378508cc7a3950fd9de0238eccebd90da6829ba07bc2b77e20f120 3464
runc_1.3.3+ds1-2.dsc
8f3cec0870c902f1b76f65f8a1a25f314cd27ff539457fcd37cc23a4303ac016 13228
runc_1.3.3+ds1-2.debian.tar.xz
Files:
12ffb1858f369ee6a20102255f597955 3464 admin optional runc_1.3.3+ds1-2.dsc
59f23f8977fc03b5febbc61f3a580cb8 13228 admin optional
runc_1.3.3+ds1-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmkZ/kkUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJsudlA//UT8FQZ9pQlhmAGgjmjHrWStCkOm2
XFaM1sZSE7FVt6U2jyVzvlYmqBK9mV+scE3KlKuTW4bNpKRuLaaxqabd3AAKTMbs
X1bGZGdNsDqzPPAKcbAhV6Y70/warf7ikJCJH05g5/ZTtzAhi2xz+EyDztw4YRSa
8iMeDk0Fa9OsT9Wpzx59VR9dv0VJOAaqoE0r81CVkQPhBGUHjewoZIWaMjng4GCZ
R8pv4+F7PXynqrgM+vkcDnm0WWWSo1zxvTqoWtLDBtiPdYtPKkAcYmMEMVevnUwO
0r/JTUXN/P2W1c2pDHWY6MwThNrje8nUISuTOqOFMnBTCxAPz6SUKKE23+lHO6K+
ZkiFu/IVtHNFSwrWAjR2DGJHcJ77oO1th5cZOS8vuZnpfu+wxWKfQdqBAfl58+rk
KF1SifLauo7vdftyNy6GPUEWP0a04ePbDGw2HQcqJ6lo4Ka/HZDceRilUHwGT7hf
uX2F6kN2RO/B923n2AEUMxmSOtj0FPTepir4XCFqxkj/IDusxFbgx53nhqQNMeQm
SKlJuHbNrqFw33BDdtoMDtwpw5U4fs29kxTlBtgvJAamNRJYtA0jRG3lso+lRHIu
cE+jmZc+6iEz+M+9Ik4nlnPNeJzl432Kfm3BqTJaijz7IZ3zZoVLR3RoM+ia0+WZ
oCqsuVRXKlMuxxQ=
=BrsA
-----END PGP SIGNATURE-----
pgpZ1m4TFf0Pw.pgp
Description: PGP signature
--- End Message ---
