[Pkg-utopia-maintainers] flatpak_1.10.7-0+deb11u1~bpo10+1_source.changes ACCEPTED into buster-backports->backports-policy

[Debian FTP Masters]

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 19 Jan 2022 22:47:41 +0000
Source: flatpak
Architecture: source
Version: 1.10.7-0+deb11u1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Changes:
 flatpak (1.10.7-0+deb11u1~bpo10+1) buster-backports; urgency=medium
 .
   * Rebuild for buster-backports.
     - Revert "debian/control: Add libmalcontent-0-dev to the
       build-dependencies". It wasn't available in buster.
     - Revert "Add Suggests on malcontent-gui".
     - Downgrade dbus from Depends to Recommends.
       It only needed to be a Depends for the libmalcontent integration,
       but it is necessary for system-wide installations (without --user),
       so a Recommends still seems appropriate.
 .
 flatpak (1.10.7-0+deb11u1) bullseye-security; urgency=high
 .
   * New upstream stable release
   * Security fixes:
     - Prevent a malicious repository from arranging for permissions to be
       granted without being correctly displayed during installation
       (CVE-2021-43860, GHSA-qpjc-vq3c-572j)
     - Provide a new --nofilesystem=host:reset option which flatpak-builder
       can use to prevent malicious builds from creating directories
       outside the build directory (CVE-2022-21682, GHSA-8ch7-5j3h-g4fx)
   * Other bug fixes:
     - Fix error handling for syscalls that are only allowed with --devel
       (this change was already included in 1.10.5-0+deb11u1)
     - Improve diagnostic messages when seccomp rules cannot be applied
     - Update Polish translation
     - Clarify documentation related to CVE-2022-21682
     - Improve test coverage related to CVE-2022-21682
     - Be compatible with newer versions of python3-pyparsing
       (the version in Debian 11 generates identical code before and
       after this change)
   * d/p/Fix-handling-of-syscalls-only-allowed-by-devel.patch:
     Drop patch, included in 1.10.6
   * d/copyright: Update
Checksums-Sha1:
 17f2ca66f3064720c1cac275a474e4d45667b149 3701 flatpak_1.10.7-0+deb11u1~bpo10+1.dsc
 6b2df91c289ae563a53af16eb2f236c5b8df87e7 32488 flatpak_1.10.7-0+deb11u1~bpo10+1.debian.tar.xz
 f821321a72730fa8880f4082b56bb4ef80526968 13159 flatpak_1.10.7-0+deb11u1~bpo10+1_source.buildinfo
Checksums-Sha256:
 c19c84c154c10513385397c45da2e8e7506ed7373248bdf0457761c1d0f20fcf 3701 flatpak_1.10.7-0+deb11u1~bpo10+1.dsc
 b242453300fb260f5f251d9fe11c607b85537e32fb5cea9bf80ab70b88a6a229 32488 flatpak_1.10.7-0+deb11u1~bpo10+1.debian.tar.xz
 89718c9469b1aab136de99f26e07a652231f5b5cd12ea18b3e1dd482b13cf022 13159 flatpak_1.10.7-0+deb11u1~bpo10+1_source.buildinfo
Files:
 ef32911edfcd302dc7164ad0581b8da3 3701 admin optional flatpak_1.10.7-0+deb11u1~bpo10+1.dsc
 6358c7ae377c34eb256c5a57cf8c676d 32488 admin optional flatpak_1.10.7-0+deb11u1~bpo10+1.debian.tar.xz
 a76b7e694433984b33925696c9f3f222 13159 admin optional flatpak_1.10.7-0+deb11u1~bpo10+1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmHpzPgACgkQ4FrhR4+B
TE+bNg/+Kn23Tj99AoaR7afMdi0AqcBjboenCYj7UFLFy4nmYG5vz66q+IXCXb+r
xd84duxgz1Xg0fJ2kOlr8bZWjkeXODXqpllBT3UH5snQ/Trgf5YgeCU/Br943j7y
7/8TcYn+hGScgk/vDFJ/Za7ZR94qQ2cyIu45KpxV8hrmh2y+OyyNOZ4cQ6gwnMtu
3WdrubyT/gQIZQaHPy72s2/if/1CpzUFAj+uRREWR6G3ONN4JytTnbvc2UDMru68
LhtNRljSt0SFBzfmPvrwhBL+p+Dww/PfePOgDWboWLXFmZjJ2cS4YBD/6yh/AEs6
8FEnRuNIlUi9aBo/EY5+kgCO7xZi3AbUU3AL2RAQsRP82q03t6wNiN1lkAce47SW
wi9ao37F8uHy5DKHNjbg3lo4jmJcITBPN0pL+tBZSzBY327GE9twqgBsR47xl5Sx
QgYJfefc1E9LWs8j+TL1fSe6PiW3Rwq0Y136cl83wXPSNH0KYBH5VI4WH1u6Y7Vy
1bciqke2cOOD6uIE9wjf0ETWqLC4k3TS9yl/z0T2JWs9OoHhsqlqYI9nck3oC8e3
d+URqrlFS6fWoNfMKVJ5Thfx7xSFVnE/EE4/e9Y5sFcToAprZVj/NvvuOxu5cqx8
fcM1nns69f1AJd+jkJkvCmIpIhhrCWCXOQ2ymIWuflhW6hLrfuQ=
=jYjz
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.