-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 11 Feb 2019 16:17:09 +0000 Source: flatpak Architecture: source Version: 1.2.3-1 Distribution: unstable Urgency: high Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Closes: 922059 Changes: flatpak (1.2.3-1) unstable; urgency=high . * New upstream stable release - Security update: do not let the apply_extra script for a system installation modify the host-side executable via /proc/self/exe, similar to CVE-2019-5736 in runc (Closes: #922059) Checksums-Sha1: f3ad5c1ff838a1301e0da3c704dafbafd0f57a90 3330 flatpak_1.2.3-1.dsc 824abb949e540acaaee6a4122321467abcdc8b3b 1166820 flatpak_1.2.3.orig.tar.xz f43aa084c491d82f71ad56f6650e998fc2dc6b07 24796 flatpak_1.2.3-1.debian.tar.xz 5e043c6e1a5634f87458571ad314f4de79b292b0 11925 flatpak_1.2.3-1_source.buildinfo Checksums-Sha256: e6340ce8807c214d9a1ebf313a0479506b4e989b392a3f35ae8f113648a6cb2b 3330 flatpak_1.2.3-1.dsc bb4720307fc10465660e37bb9489c1d9a349c19143e24f65ddb49032f8b00d44 1166820 flatpak_1.2.3.orig.tar.xz 18dd7c78fefd2b9cdfc258a5410c25cf65f945cbc9398e3ee5043424b352b926 24796 flatpak_1.2.3-1.debian.tar.xz 3a86e01ac8104a6f27c42fa508e07fabaaad8e0d39f7fe9ce105831ebe64d860 11925 flatpak_1.2.3-1_source.buildinfo Files: 11aa721694e81efae8d061442016033f 3330 admin optional flatpak_1.2.3-1.dsc 6ce8069ba5bb027fa7fbe84db209464e 1166820 admin optional flatpak_1.2.3.orig.tar.xz f11bde09a4bd81ca0728de799f28d443 24796 admin optional flatpak_1.2.3-1.debian.tar.xz 678a19200588a7aafc9bd90bae4a9d3a 11925 admin optional flatpak_1.2.3-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlxhv3IACgkQ4FrhR4+B TE9svxAAqQ7bRTUiqhwNRaVzt7JhHEbqd0DiTRDPcoMe34du7DDh2dyTrW9+haSk Kf6K90vw103jXpk/+H8mRIl1Xy7zoRk2TQBhFsz3mdFGhXLFjr/IrdduNb4A53l7 r1K/LXAlH3rbZBGkVXemj71cT824RXFS7vGq8fnD0/c6wEUvTG1eWjlIv1Zowsfa 9btSxdvUR31UB/BX5qM0U09jhUjlqBvwljCKLzxKAXNsHa6jGS5oXLmCM5Z/tfVy hc8ko+4TxLarSS0UsNYQkf/aFnroslGCe1a5m8/WQVMhlYoocez3wzmCYwgAcTGB 9v+mmplaIRXXV8tx3djKbd2BYtHYGFdbxDKC4JVLZU/rEitQqlp2AhF2zA+UXrdq Gavizno23LWq5tw/acxKYxHt3AfKUSnvjYJkV1WkWHtkm9AqGsH+Al8NxVdT4Rcs rvcyh/3XGo/WybZWK6Bqb3BJdrqrQoHWCUkUOgFIz+h2jJ2uBTIKE+3P/l3HUJaS VS0u4GeontlGhEgMF4DjKXSjn9R3LlzCBsm+PhOwQl+n95tRzTyz8iE6C00YIfKw 3oySCuP9szOLtRItG/mxX8Pep1IvUg0JTkWnIn5LgzvZB6wViTwfZbB4KH9dritH TshkaaY83Y19C4B/gb4/lgGOmHw6gK1ZF9cWNrXOcSGBVY+uX4c= =jLaS -----END PGP SIGNATURE-----