[Pkg-utopia-maintainers] Bug#1132943: CVE-2026-34078: Sandbox escape involving symlinks passed to flatpak-portal
Simon McVittie
smcv at debian.org
Fri Apr 10 23:47:03 BST 2026
On Fri, 10 Apr 2026 at 23:00:00 +0100, Simon McVittie wrote:
>On Fri, 10 Apr 2026 at 23:27:16 +0200, Alberto Garcia wrote:
>>I can test the packages in trixie this weekend, thanks.
Would you mind trying xdg-dbus-proxy and xdg-desktop-portal as well? The
three probably make sense to test as a batch.
https://people.debian.org/~smcv/temp/2026/CVE-2026-34080/
(please report any regressions to #1132939)
https://people.debian.org/~smcv/temp/2026/GHSA-rqr9-jwwf-wxgj/
(please report any regressions to #1132958)
In each case there's a functionally equivalent source+binary test-build
with a slightly lower version number in the testbuild/ subdirectory.
Thanks,
smcv
More information about the Pkg-utopia-maintainers
mailing list