[Pkg-utopia-maintainers] flatpak_1.15.10-1_source.changes ACCEPTED into experimental
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Aug 14 17:19:26 BST 2024
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 14 Aug 2024 11:00:52 +0100
Source: flatpak
Architecture: source
Version: 1.15.10-1
Distribution: experimental
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Changes:
flatpak (1.15.10-1) experimental; urgency=high
.
* New upstream development release
- Don't follow symbolic links when mounting persistent directories
(--persist option). This prevents a sandbox escape where a malicious
or compromised app could edit the symlink to point to a directory
that the app should not have been allowed to read or write.
(CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
* d/control: Bump required bubblewrap version to 0.10.0.
This adds the new --bind-fd option, required to solve CVE-2024-42472
without introducing a race condition.
Checksums-Sha1:
85a947ff23ad71ad47a465379903becfe2221926 3918 flatpak_1.15.10-1.dsc
e9c55c430e1df51ff2a1ab21705801cc661770a7 1169908 flatpak_1.15.10.orig.tar.xz
8c56ef07ac7f8a0fdd9944ed992d3df4f3e8350a 833 flatpak_1.15.10.orig.tar.xz.asc
2d243a342ddfdca06d2148043eb2be9763984c39 35884 flatpak_1.15.10-1.debian.tar.xz
ef3b9f9150e2ff10fd33a61c4e54e17cd3208803 13629 flatpak_1.15.10-1_source.buildinfo
Checksums-Sha256:
8210f156974e230e46073a4b676d886ae764428dd6e0524115499bd56535e42c 3918 flatpak_1.15.10-1.dsc
6aa67ca29b4f4da74654888446710b16c9fcfe640c324a51c5025087eecbf42f 1169908 flatpak_1.15.10.orig.tar.xz
a88775d4dcdaf87bb8b5ddb93bf38a80fbd84a26a6fa524211cb8598ffa664e2 833 flatpak_1.15.10.orig.tar.xz.asc
09c12df065af8220173cbe9233bdc366cff390b2d1d36c4e6db4f2b2f190ceab 35884 flatpak_1.15.10-1.debian.tar.xz
cfd35b86619ef7206b5a4fa822df911370d0ba177afd5920a0f4d2b6709c2277 13629 flatpak_1.15.10-1_source.buildinfo
Files:
877e8e9cd494626f1e82d8c587e549c3 3918 admin optional flatpak_1.15.10-1.dsc
13dd64af1a315b7c07a0612097b43337 1169908 admin optional flatpak_1.15.10.orig.tar.xz
e831783bf6cf2b06f30cda04d1039212 833 admin optional flatpak_1.15.10.orig.tar.xz.asc
44493ce56461b13587bcd61959e3aead 35884 admin optional flatpak_1.15.10-1.debian.tar.xz
0f8ec72ac8f948542c8b6d648764138b 13629 admin optional flatpak_1.15.10-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAma80r8ACgkQ4FrhR4+B
TE+0Qw/+IA54fBO7FsPMb23F/MfNsGcAZR1AXmacW0+5VXLP7Ka19tW/VTUEPuJO
wmk0nszmDR7PN2f7C4qhl2MxK7JhJZeqUw5CX1Xvk0YSMyYBbD539dPbVBCVi83G
QhuR3WWaiYPGWMvg0uRf4180sSRTWK0C9tUCaqeg4ddyglUaaZqbYQby4+UQt4Ps
NbOnWST5nQdBGu9Agtmf42x6NzKyEwbmhRn0i/umbnn60AeQztgWWdmVU/ibFOAF
jgaAb3CR+FjhTqOe2ENUF5oGRXxaE5KYasjZQ4pfGADK+CgQSqEiSIBbfZvJhgKZ
y74Z/iiWFux7+8BA8dMtYg5zc1/egde3kFAkYkt/wOaGDNGU0UF3WYu8APw9Xb2G
IP3j4rrrPri1/1bSs7VlbRrIpPFv08FDzzxjHX1RQV+Xk8H9Mp1+Ntyx+Luc7/mj
aHjduB/TGwE6MCaiyHXmb4jjwOioJJO1fZVQtvIjN2/tWTqsZCN3+sNX2KR6U1P0
1k8Htr+K+w5a4RJbiOCk8MFQrOWRcVlvS9V8zjAPDnD2QOAieZv+FiUh+YvcdVTN
ee70pRu6aDAeHAHwmBTr9eIF9sZav/8k+nv5auDbP2WUBniVK/1tjFADDRv1S46J
tdkbz9BfGpvmbVADcOUlM9XzzrwUZQKdy8lZix0wt+9nv+sHcgc=
=1Cf/
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20240814/7b75cdce/attachment.sig>
More information about the Pkg-utopia-maintainers
mailing list