github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #5191] Backports for CVE-2022-31214 fix #2908

New issue

Closed

opened 2026-05-05 09:34:21 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 09:34:21 -06:00

Owner

Originally created by @reinerh on GitHub (Jun 11, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5191

Hi,

Debian currently ships firejail 0.9.64.4 in stable and 0.9.58.2 in oldstable.
stable-backports will get a backported 0.9.70 that contains the fix, but not every stable user has the backports repository enabled.
I tried to apply the patch to 0.9.64.4, but there are several conflicts.

Is someone planning on backporting the fixes to other versions as well?

Originally created by @reinerh on GitHub (Jun 11, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5191 Hi, Debian currently ships firejail 0.9.64.4 in stable and 0.9.58.2 in oldstable. stable-backports will get a backported 0.9.70 that contains the fix, but not every stable user has the backports repository enabled. I tried to apply the patch to 0.9.64.4, but there are several conflicts. Is someone planning on backporting the fixes to other versions as well?

gitea-mirror

2026-05-05 09:34:21 -06:00

closed this issue
added the
packaging

security
labels

gitea-mirror commented

2026-05-05 09:34:24 -06:00

Author

Owner

@smitsohu commented on GitHub (Jun 12, 2022):

I can backport the patch to 0.9.66, 0.9.64.4 and 0.9.58

It will take a bit of time, I'll report back on Monday.

@smitsohu commented on GitHub (Jun 12, 2022): I can backport the patch to 0.9.66, 0.9.64.4 and 0.9.58 It will take a bit of time, I'll report back on Monday.

gitea-mirror commented

2026-05-05 09:34:25 -06:00

Author

Owner

@smitsohu commented on GitHub (Jun 13, 2022):

Sorry, it is not finished yet.

But it should be ready later today.

@smitsohu commented on GitHub (Jun 13, 2022): Sorry, it is not finished yet. But it should be ready later today.

gitea-mirror commented

2026-05-05 09:34:26 -06:00

Author

Owner

@smitsohu commented on GitHub (Jun 14, 2022):

Alright, I'm providing early patch versions, but they are still undertested.

I understand that time is in short supply here, but it will take me probably one more day to get a more appropriate level of confidence.

CVE-2022-31214.zip

@smitsohu commented on GitHub (Jun 14, 2022): Alright, I'm providing early patch versions, but they are still undertested. I understand that time is in short supply here, but it will take me probably one more day to get a more appropriate level of confidence. [CVE-2022-31214.zip](https://github.com/netblue30/firejail/files/8904437/CVE-2022-31214.zip)

gitea-mirror commented

2026-05-05 09:34:27 -06:00

Author

Owner

@smitsohu commented on GitHub (Jun 15, 2022):

Didn't find any issues ...

Should be good!

@smitsohu commented on GitHub (Jun 15, 2022): Didn't find any issues ... Should be good!

gitea-mirror commented

2026-05-05 09:34:28 -06:00

Author

Owner

@reinerh commented on GitHub (Jun 18, 2022):

Thanks @smitsohu!
I've prepared an update for 0.9.64.4 in stable, which should soon get accepted as a security update. I will also do the 0.9.58.2 update in oldstable.

@reinerh commented on GitHub (Jun 18, 2022): Thanks @smitsohu! I've prepared an update for 0.9.64.4 in stable, which should soon get accepted as a security update. I will also do the 0.9.58.2 update in oldstable.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2908

No description provided.

Rows
Columns