[Pkg-utopia-maintainers] Bug#1132968: flatpak: regression after fixing CVE-2026-34078 for users of Flatpak-packaged browsers
Simon McVittie
smcv at debian.org
Wed Apr 8 11:41:32 BST 2026
Package: flatpak
Version: 1.16.4-1
Severity: important
Tags: upstream
Forwarded: https://github.com/flatpak/flatpak/issues/6570
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
There appears to be another regression in the fix for CVE-2026-34078
affecting Chromium/CEF/Electron-based web browsers with internal
sandboxing that are packaged as Flatpak apps, such as Vivaldi and Brave.
Details at upstream bug link above. No solution is known yet, I will try
to upload a fix to unstable ASAP when one is available.
Probably there is a file descriptor leak or double-close, or some similar
file descriptor book-keeping problem.
smcv
More information about the Pkg-utopia-maintainers
mailing list