[Pkg-utopia-maintainers] flatpak_1.14.10-1~deb12u1_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Aug 14 23:26:53 BST 2024
Thank you for your contribution to Debian.
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 14 Aug 2024 18:20:19 BST
Source: flatpak
Architecture: source
Version: 1.14.10-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Changes:
flatpak (1.14.10-1~deb12u1) bookworm-security; urgency=high
.
* Backport upstream stable release into Debian 12 (CVE-2024-42472)
* d/control: Relax required bubblewrap version to 0.8.0-2+deb12u1.
This version has a backport of the required --bind-fd option.
* Other changes relative to 1.14.10-1 in unstable:
- Revert polkitd dependencies to polkitd | policykit-1 as previously
used in bookworm
- Revert pkgconf dependencies to pkg-config as previously used in
bookworm
- Revert location of systemd unit to /lib/systemd/system as previously
used in bookworm, dropping versioned dependency on debhelper 13.11.6~
- Revert changes related to Debian 13 GIR XML packaging policy
.
flatpak (1.14.10-1) unstable; urgency=high
.
* New upstream stable release
- Don't follow symbolic links when mounting persistent directories
(--persist option). This prevents a sandbox escape where a malicious
or compromised app could edit the symlink to point to a directory
that the app should not have been allowed to read or write.
(CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
* d/control: Bump required bubblewrap version to 0.10.0.
This adds the new --bind-fd option, required to solve CVE-2024-42472
without introducing a race condition.
Checksums-Sha256:
09062fc52e7f89249a20a48d0e3267bd281182f7eea990744d371e342d2d4eaf 3884 flatpak_1.14.10-1~deb12u1.dsc
873ae87d367557190e159c6f281ce82acc512f38743ca284e8785f89293add11 36600 flatpak_1.14.10-1~deb12u1.debian.tar.xz
816fc85be5a6ce224077c8a08a2278852ae96cf690e98b1e62dcb862639feb73 12323 flatpak_1.14.10-1~deb12u1_source.buildinfo
6bbdc7908127350ad85a4a47d70292ca2f4c46e977b32b1fd231c2a719d821cd 1647100 flatpak_1.14.10.orig.tar.xz
86f596ae816c77b6ee2789df177cc194d0a86d5ebd127d2a5c5cf99a627641ca 833 flatpak_1.14.10.orig.tar.xz.asc
Checksums-Sha1:
618e4d802633d3dd0d10dbb79d8fcf076eca41f0 3884 flatpak_1.14.10-1~deb12u1.dsc
0b0d0178c024823562ad3364add86fb13156d943 36600 flatpak_1.14.10-1~deb12u1.debian.tar.xz
d9b515872c436d0e33a489037d57dfd0d3aba07a 12323 flatpak_1.14.10-1~deb12u1_source.buildinfo
29eda29e492f82aeeb3b670a89d7636267e35cf0 1647100 flatpak_1.14.10.orig.tar.xz
52fcc6407ed227ae632db6625398800d175de844 833 flatpak_1.14.10.orig.tar.xz.asc
Files:
46b68872d0323d2cb46a5b0b0cf60f1b 3884 admin optional flatpak_1.14.10-1~deb12u1.dsc
31b70edb805de5f4796e2d8a7d4e886e 36600 admin optional flatpak_1.14.10-1~deb12u1.debian.tar.xz
ab74924d680ec951d587d58cc7285fc9 12323 admin optional flatpak_1.14.10-1~deb12u1_source.buildinfo
4eb3f96ab7a73b01b408e5bb15630106 1647100 admin optional flatpak_1.14.10.orig.tar.xz
067ee69526edc3294dcfb3d43fd99de6 833 admin optional flatpak_1.14.10.orig.tar.xz.asc
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAma851kACgkQ4FrhR4+B
TE8aexAAqKMSa7ccMGT9RPqvNgh8ruZ8ZQ4lLGTittl8nIchu0EQzEKqCYZOHpXO
IoZKJ0yP7hYq2r1LWyoS/nazpuzwECk6vXnznVMGloaJ9JHnH+VBinIhG/YLiWBH
2uMnLU/lMx0gM823SEfnLqUqEP1GPp8HgkJOozbWcHIFZJGeFkOh06kZpjDNrg7r
+yYGuTCnNzGdaeXUPw9DzFi24tHqXHapgM+pCyOhQbv9bydaMw/4Bg2HqbWGvyH1
HhUPwWqBw9lCJD97qRnabrtaaIHRO4cgkZhjQu+vyPcP1QRkoXPrQDHtld0eUiJm
JtXadkM9Jkgft6gtGFHowFZFH878LW7YNQb/IqzkHrZCmp6UsU0v9zhwGHGW9eMY
SRrMUYEwar/pi6qqGJA6w2vkCcFN7Yw6z9UZeS14QaND1eLOPYNNLEpo3jrfgLEW
hEo/nBNHfC17gBiLiteZ+CwesXFAUJtyp/Ez8VSXLQSIscxqSufjTva5FlGvUTjG
//4ttH8iYZj9SYnV9GpR3IakSLThS/EZRPR8ARFKBPYFxVyE1W6t4bGX8NMbIIol
TaqC+LLVLjq4AHgWQz1BYGsod0mfUFfv5v9yrndsKSMf5x3AHrCyBelcFiV7LdGT
s1nRHUDmcpfp5MhmqcXOii6QDB0wtc5qc0yKWi9+ocA6ybVtqYo=
=RLB1
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20240814/9f789e67/attachment.sig>
More information about the Pkg-utopia-maintainers
mailing list