[Pkg-utopia-maintainers] Bug#1132943: CVE-2026-34078: Sandbox escape involving symlinks passed to flatpak-portal
Simon McVittie
smcv at debian.org
Sat Apr 11 16:52:04 BST 2026
On Sat, 11 Apr 2026 at 17:03:37 +0200, Alberto Garcia wrote:
>I'm not done yet but I wanted to share this already because I probably
>won't have a lot of time to debug it today: I noticed that flatpak
>prints a lot of "lseek error in child setup" messages when updating
>from the command line.
That code path is specific to "extra data", as you suspected.
Strictly speaking this is a regression, but I'm fairly sure it's
harmless: see https://github.com/flatpak/flatpak/issues/6608 for
analysis.
smcv
More information about the Pkg-utopia-maintainers
mailing list