[Pkg-utopia-maintainers] flatpak_1.16.6-1~deb13u1~bpo12+1_source.changes ACCEPTED into oldstable-backports

Debian FTP Masters ftpmaster at ftp-master.debian.org
Mon Apr 13 19:51:28 BST 2026 

Thank you for your contribution to Debian.

Mapping bookworm-backports to oldstable-backports.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 13 Apr 2026 10:29:00 +0100
Source: flatpak
Architecture: source
Version: 1.16.6-1~deb13u1~bpo12+1
Distribution: bookworm-backports
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Closes: 1132943 1132944 1132945 1132946
Changes:
 flatpak (1.16.6-1~deb13u1~bpo12+1) bookworm-backports; urgency=high
 .
   * Merge trixie security update 1.16.6-1~deb13u1
     - Fix a sandbox escape involving symlinks passed to flatpak-portal.
       A malicious or compromised Flatpak app could exploit this to achieve
       arbitrary code execution on the host.
       (CVE-2026-34078, GHSA-cc2q-qc34-jprg) (Closes: #1132943)
     - Prevent arbitrary file deletion outside the sandbox by a malicious or
       compromised Flatpak app
       (CVE-2026-34079, GHSA-p29x-r292-46pp) (Closes: #1132944)
     - Prevent a local user from reading any file that is readable by the
       _flatpak system user. A mitigation is that it would be very unusual
       for these files not to be readable by the original local user as well.
       (No CVE ID, GHSA-2fxp-43j9-pwvc) (Closes: #1132946)
     - Prevent a local user from making another local user unable to cancel
       an ongoing download of apps or runtimes installed system-wide
       via the system helper.
       (No CVE ID, GHSA-89xm-3m96-w3jg) (Closes: #1132945)
     - Various fixes for regressions caused when fixing CVE-2026-34078
   * Remaining changes for bookworm-backports:
     - d/control, d/gbp.conf: Branch for Debian 12 'bookworm' backports
     - d/control, d/p/debian/build-Relax-bubblewrap-dependency.patch:
       Relax bubblewrap dependency to the version from bookworm-security
     - Revert "d/control: Build-depend on required GIR XML files"
     - Revert "Install systemd system unit into /usr/lib/systemd/system"
Checksums-Sha1:
 e58c5ad2fa27804b75223bceb0942cc00495e42f 3854 flatpak_1.16.6-1~deb13u1~bpo12+1.dsc
 253c867f54bd88f9cf2204db3fb146b9c0130e7b 43132 flatpak_1.16.6-1~deb13u1~bpo12+1.debian.tar.xz
 ad7237c107f5bdd2b8245bf9acbdddba7738862f 13169 flatpak_1.16.6-1~deb13u1~bpo12+1_source.buildinfo
Checksums-Sha256:
 36a5171e8549c374b06bedb52893d5265dc24c720bdd6b50027748f8271be5b3 3854 flatpak_1.16.6-1~deb13u1~bpo12+1.dsc
 3129b8f0ae0ed85bd002515113dc47162be21a756d5e05777363174cf0d5986a 43132 flatpak_1.16.6-1~deb13u1~bpo12+1.debian.tar.xz
 3f524a27c73ea5ac9b4b56db47895c08a989efe18511eb88863e9c881260a443 13169 flatpak_1.16.6-1~deb13u1~bpo12+1_source.buildinfo
Files:
 c74ebea7f484146415b3563897098a81 3854 admin optional flatpak_1.16.6-1~deb13u1~bpo12+1.dsc
 fbf4a6da9241c49d660016961fef00e4 43132 admin optional flatpak_1.16.6-1~deb13u1~bpo12+1.debian.tar.xz
 3cccfc2b01de99e99aee3232aeb2b787 13169 admin optional flatpak_1.16.6-1~deb13u1~bpo12+1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmndNlYACgkQI1wJnT6z
MHbY9BAAnNVtSZqgXbGROOktt/bckoCAwyiNnoEC92fAI8X9uON//eD2+iujmb3C
FySTgDSRISO2+v1UWIxxCSNxg2MzKFCcfqRuuim4Jpb/+oEf+1VG2A9AUgnfk3rW
vfavv1jkCXjUnbKFedrKNkhXU+rejV5qx+iRRQFEXjc817px+4Cjwd3P8mPexBF2
TbDxwfFaR9HVMeltz4eR6sd82Mg7gJgkuEqLEtDiet2vJq6WQspwcPYyGd78uH4D
LL4p8GCU6jfBSK8e5Wearec9Hi4ULt/gjHEL1qUBJhNTZzvPp9oHxvcr5dIiuLx8
HRLLvci0OR8g1qJgxcvRgI6Orync0SMaPlTfcDAJpuMx2Zft0msyrkRSz+ZEjj6S
k5fTkYgUTT/2Eh2P2uPiiW/gnNIgV99rcmjLVQypXjgsuPyh07QHxmnaRyMXdOC1
QO/Mt5hHr7FX9orJAYtrPQclUbQGljVMy0Aal3j3g67vmaXVBmnbZUCAkjs6cCeW
EXvu/JdSzpgUwvB881AL89V6I3sOQ8omehX+lSxs6CJwvrXjplhSxOYmb5iTobyk
02uHQ2pQBLzsEMZSUZzYcXzcfvPm7Py7FOHT6seMLqvU/dL/c/JA7KyK0aTDs7iv
arX19AHV6OyckDwsjcGjQ+j+i9ukapXDesAHKFty6/7CxblGVK0=
=EeC/
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20260413/c1bfc4b8/attachment-0001.sig>

More information about the Pkg-utopia-maintainers mailing list