[Pkg-utopia-maintainers] flatpak_1.14.10-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Aug 14 17:04:30 BST 2024
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 14 Aug 2024 15:03:33 +0100
Source: flatpak
Architecture: source
Version: 1.14.10-1
Distribution: unstable
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Changes:
flatpak (1.14.10-1) unstable; urgency=high
.
* New upstream stable release
- Don't follow symbolic links when mounting persistent directories
(--persist option). This prevents a sandbox escape where a malicious
or compromised app could edit the symlink to point to a directory
that the app should not have been allowed to read or write.
(CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
* d/control: Bump required bubblewrap version to 0.10.0.
This adds the new --bind-fd option, required to solve CVE-2024-42472
without introducing a race condition.
Checksums-Sha1:
33768747ab9c4f2566ed8d606ebe51b9458a8f6f 3960 flatpak_1.14.10-1.dsc
29eda29e492f82aeeb3b670a89d7636267e35cf0 1647100 flatpak_1.14.10.orig.tar.xz
52fcc6407ed227ae632db6625398800d175de844 833 flatpak_1.14.10.orig.tar.xz.asc
7ec460a084ae7314fc99cda8bacda5adad7ec6ce 35852 flatpak_1.14.10-1.debian.tar.xz
19f0b551b796f053853434c5efa29eadac1599ac 13449 flatpak_1.14.10-1_source.buildinfo
Checksums-Sha256:
a3ef7f0cc4b7c85f25d617fa6b31315eed1712b9b4b4ea42cd1389467f880f58 3960 flatpak_1.14.10-1.dsc
6bbdc7908127350ad85a4a47d70292ca2f4c46e977b32b1fd231c2a719d821cd 1647100 flatpak_1.14.10.orig.tar.xz
86f596ae816c77b6ee2789df177cc194d0a86d5ebd127d2a5c5cf99a627641ca 833 flatpak_1.14.10.orig.tar.xz.asc
4e435d6e76cf150bbf6021ce5546553238941bd35d2a158443fae6482cf64573 35852 flatpak_1.14.10-1.debian.tar.xz
38d4abb02ad79f4b37d9d9e5fb7f81ed99a0b9fc2377c3c98bc7c23608dea6f3 13449 flatpak_1.14.10-1_source.buildinfo
Files:
d44e78a09056ecbd3308df5906bba165 3960 admin optional flatpak_1.14.10-1.dsc
4eb3f96ab7a73b01b408e5bb15630106 1647100 admin optional flatpak_1.14.10.orig.tar.xz
067ee69526edc3294dcfb3d43fd99de6 833 admin optional flatpak_1.14.10.orig.tar.xz.asc
c24675cce3515bf4564460cd0f29e371 35852 admin optional flatpak_1.14.10-1.debian.tar.xz
3e4e2802ecccde24191ff27f500765fd 13449 admin optional flatpak_1.14.10-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAma81PIACgkQ4FrhR4+B
TE+e+g//WYJeKV+3/o9/xdMBbZrsJBzaVqfVkja/7+TCf2M2C7/9Tq+PP+WpapDK
v7GuzJqOkNEI1DzL7cQIN9qfjowQLt/DEkFUvC2h/Yb3x+fPAKAEwM5qWu/86FT5
nr2MwO09Z0S5p9l5pm28zkqj7WxPDetd2o/++n9iVOLML6sJeuJQoMEZzxXQ85ns
7uFzVCVXGgDgeFV5Ty9/rEWTlIsLAJ/EMoQkDLc3J+O33N5RFLlL+OgOvVXYHK9L
9iVi7oCWhMEOwYSta7I6hGtizyZX+X9738UCCOdgQYlmImtjryRlb9uVl9M2fv3l
oZv9UT859J7Q+rYrgWzb04ihwTwb3asaJpfHKLbMWoe4LE9EqO8Aq1/sh5BnXSBk
CqdLLLWczPJ/6t08Z4cTE7M7Fo4nLO4JG/nYP426+i6jHXFU0kvMQMmntrGmK2uN
PeyyUsoZOFVKmN+5fglYqyreKO4mt6VkQH60nOdIQyL9SC9qEuDzW5x+FMJYfKhr
qXwRxmWVwGqb91JT8iWZTdKAqHaSo4uw4CeOP5oxVlQd2vPU8vK/gqxAnYiUEovo
C+HV1Q9EUN4x1cNxSoPE+PKGKSec9dAsEcUuOdL9RGSzpD5xlnYKrlHJ1bm50lte
dNYeR8aOtnrlwY6sg54TeqRsNNqziJq7ZporNsY3MwATMeSvnCQ=
=p0tK
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20240814/ac3720ef/attachment.sig>
More information about the Pkg-utopia-maintainers
mailing list