[Pkg-utopia-maintainers] Bug#865413: flatpak: Flatpak security issue #845 involving setuid/world-writable files
Simon McVittie
smcv at debian.org
Wed Jun 21 11:35:43 UTC 2017
On Wed, 21 Jun 2017 at 09:46:21 +0100, Simon McVittie wrote:
> Security team: do you want a backport/DSA for stretch-security, or do
> you consider the mitigations to be sufficient to fix this through
> a stable update instead? I am hoping to get 0.8.7 into stretch r1 as a
> stable update, but 0.8.6 contains unrelated bug fixes that I realise
> you won't necessarily want in stretch-security (proposed-update tracked
> at <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864028>).
Here is a proposed minimal backport for stretch in case you want one.
I have source and binaries for this ready for upload. Does the security
archive still want source packages built with debuild -sa, and do you
accept source-only uploads for stretch-security?
Thanks,
S
-------------- next part --------------
A non-text attachment was scrubbed...
Name: flatpak_0.8.5-2+deb9u1.diff
Type: text/x-diff
Size: 11687 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20170621/aaca0867/attachment.diff>
More information about the Pkg-utopia-maintainers
mailing list