[Pkg-utopia-maintainers] flatpak_1.10.7-0+deb11u1~bpo10+1_source.changes ACCEPTED into buster-backports->backports-policy, buster-backports
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Jan 21 09:47:51 GMT 2022
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 19 Jan 2022 22:47:41 +0000
Source: flatpak
Architecture: source
Version: 1.10.7-0+deb11u1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Changes:
flatpak (1.10.7-0+deb11u1~bpo10+1) buster-backports; urgency=medium
.
* Rebuild for buster-backports.
- Revert "debian/control: Add libmalcontent-0-dev to the
build-dependencies". It wasn't available in buster.
- Revert "Add Suggests on malcontent-gui".
- Downgrade dbus from Depends to Recommends.
It only needed to be a Depends for the libmalcontent integration,
but it is necessary for system-wide installations (without --user),
so a Recommends still seems appropriate.
.
flatpak (1.10.7-0+deb11u1) bullseye-security; urgency=high
.
* New upstream stable release
* Security fixes:
- Prevent a malicious repository from arranging for permissions to be
granted without being correctly displayed during installation
(CVE-2021-43860, GHSA-qpjc-vq3c-572j)
- Provide a new --nofilesystem=host:reset option which flatpak-builder
can use to prevent malicious builds from creating directories
outside the build directory (CVE-2022-21682, GHSA-8ch7-5j3h-g4fx)
* Other bug fixes:
- Fix error handling for syscalls that are only allowed with --devel
(this change was already included in 1.10.5-0+deb11u1)
- Improve diagnostic messages when seccomp rules cannot be applied
- Update Polish translation
- Clarify documentation related to CVE-2022-21682
- Improve test coverage related to CVE-2022-21682
- Be compatible with newer versions of python3-pyparsing
(the version in Debian 11 generates identical code before and
after this change)
* d/p/Fix-handling-of-syscalls-only-allowed-by-devel.patch:
Drop patch, included in 1.10.6
* d/copyright: Update
Checksums-Sha1:
17f2ca66f3064720c1cac275a474e4d45667b149 3701 flatpak_1.10.7-0+deb11u1~bpo10+1.dsc
6b2df91c289ae563a53af16eb2f236c5b8df87e7 32488 flatpak_1.10.7-0+deb11u1~bpo10+1.debian.tar.xz
f821321a72730fa8880f4082b56bb4ef80526968 13159 flatpak_1.10.7-0+deb11u1~bpo10+1_source.buildinfo
Checksums-Sha256:
c19c84c154c10513385397c45da2e8e7506ed7373248bdf0457761c1d0f20fcf 3701 flatpak_1.10.7-0+deb11u1~bpo10+1.dsc
b242453300fb260f5f251d9fe11c607b85537e32fb5cea9bf80ab70b88a6a229 32488 flatpak_1.10.7-0+deb11u1~bpo10+1.debian.tar.xz
89718c9469b1aab136de99f26e07a652231f5b5cd12ea18b3e1dd482b13cf022 13159 flatpak_1.10.7-0+deb11u1~bpo10+1_source.buildinfo
Files:
ef32911edfcd302dc7164ad0581b8da3 3701 admin optional flatpak_1.10.7-0+deb11u1~bpo10+1.dsc
6358c7ae377c34eb256c5a57cf8c676d 32488 admin optional flatpak_1.10.7-0+deb11u1~bpo10+1.debian.tar.xz
a76b7e694433984b33925696c9f3f222 13159 admin optional flatpak_1.10.7-0+deb11u1~bpo10+1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmHpzPgACgkQ4FrhR4+B
TE+bNg/+Kn23Tj99AoaR7afMdi0AqcBjboenCYj7UFLFy4nmYG5vz66q+IXCXb+r
xd84duxgz1Xg0fJ2kOlr8bZWjkeXODXqpllBT3UH5snQ/Trgf5YgeCU/Br943j7y
7/8TcYn+hGScgk/vDFJ/Za7ZR94qQ2cyIu45KpxV8hrmh2y+OyyNOZ4cQ6gwnMtu
3WdrubyT/gQIZQaHPy72s2/if/1CpzUFAj+uRREWR6G3ONN4JytTnbvc2UDMru68
LhtNRljSt0SFBzfmPvrwhBL+p+Dww/PfePOgDWboWLXFmZjJ2cS4YBD/6yh/AEs6
8FEnRuNIlUi9aBo/EY5+kgCO7xZi3AbUU3AL2RAQsRP82q03t6wNiN1lkAce47SW
wi9ao37F8uHy5DKHNjbg3lo4jmJcITBPN0pL+tBZSzBY327GE9twqgBsR47xl5Sx
QgYJfefc1E9LWs8j+TL1fSe6PiW3Rwq0Y136cl83wXPSNH0KYBH5VI4WH1u6Y7Vy
1bciqke2cOOD6uIE9wjf0ETWqLC4k3TS9yl/z0T2JWs9OoHhsqlqYI9nck3oC8e3
d+URqrlFS6fWoNfMKVJ5Thfx7xSFVnE/EE4/e9Y5sFcToAprZVj/NvvuOxu5cqx8
fcM1nns69f1AJd+jkJkvCmIpIhhrCWCXOQ2ymIWuflhW6hLrfuQ=
=jYjz
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-utopia-maintainers
mailing list