=== added file 'bubblewrap-yakkety-lp1657357.debdiff'
=== added file 'debian/bubblewrap.examples'
--- debian/bubblewrap.examples	1970-01-01 00:00:00 +0000
+++ debian/bubblewrap.examples	2017-01-20 02:55:30 +0000
@@ -0,0 +1,3 @@
+demos/bubblewrap-shell.sh
+demos/flatpak-run.sh
+demos/flatpak.bpf

=== modified file 'debian/changelog'
--- debian/changelog	2017-01-18 07:45:07 +0000
+++ debian/changelog	2017-01-20 02:58:09 +0000
@@ -1,3 +1,19 @@
+bubblewrap (0.1.7-0ubuntu0.16.10.1) yakkety-security; urgency=medium
+
+  * SECURITY UPDATE: bubblewrap escape via TIOCSTI ioctl (LP: #1657357)
+    - Fixed in new upstream release 0.1.7 by adding --new-session
+      option that use setsid() before executing sandboxed code.
+      Users of bubblewrap to confine untrusted programs should either
+      add --new-session to the bwrap command line, or prevent the
+      TIOCSTI ioctl with a seccomp filter instead (as Flatpak does).
+    - New upstream release also adds --unshare-all option to easily
+      sandbox all namespaces. A --share-net option can be used with
+      --unshare-all to retain the network namespace.
+    - CVE-2017-5226
+  * debian/bubblewrap.examples: install upstream examples
+
+ -- Jeremy Bicha <jbicha@ubuntu.com>  Thu, 19 Jan 2017 21:31:11 -0500
+
 bubblewrap (0.1.5-1~ubuntu16.10.0) yakkety-security; urgency=medium
 
   * SECURITY UPDATE: privilege escalation via ptrace (LP: #1643734)