[Pkg-utopia-maintainers] Bug#1132939: xdg-dbus-proxy CVE-2026-34080: Eavesdrop filter bypass allows message interception
Simon McVittie
smcv at debian.org
Wed Apr 15 22:10:28 BST 2026
On Mon, 13 Apr 2026 at 20:48:21 +0000, Moritz Mühlenhoff wrote:
>On Mon, Apr 13, 2026 at 10:19:06AM +0100, Simon McVittie wrote:
>> I'll try to get to the bookworm backport at some point
>
>Thanks, we can release/test these together whenever ready.
Here's a proposed bookworm backport:
https://salsa.debian.org/debian/xdg-dbus-proxy/-/merge_requests/2
https://people.debian.org/~smcv/temp/2026/CVE-2026-34080/bookworm/
(includes debdiff)
I had to backport a memory-leak fix as well so that the security fix
would apply cleanly, but I assume that isn't a problem.
I'll follow up on the most serious of the flatpak bugs, #1132943, with
the equivalent for flatpak.
smcv
More information about the Pkg-utopia-maintainers
mailing list