-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 17 Apr 2024 19:34:28 +0100 Source: flatpak Architecture: source Version: 1.14.6-1 Distribution: unstable Urgency: high Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Changes: flatpak (1.14.6-1) unstable; urgency=high . * New upstream stable release 1.14.6 - Don't allow an executable name to be misinterpreted as a command-line option for bwrap(1). This prevents a sandbox escape where a malicious or compromised app could ask xdg-desktop-portal to generate a .desktop file with access to files outside the sandbox. (CVE-2024-32462) - Don't parse `<developer><name/></developer>` as the application name * d/control: Drop alternative dependencies on transitional policykit-1. polkitd was released in Debian 12 and Ubuntu 22.04. Checksums-Sha1: 5dbdb0f5088699c195f51fefe29703eef33cd613 3947 flatpak_1.14.6-1.dsc 4b188203f922b2058a068acde1c7ff1be2b7c907 1644056 flatpak_1.14.6.orig.tar.xz f35f25faf791811fe2cc8f9a37325c4f0b00a9a7 833 flatpak_1.14.6.orig.tar.xz.asc cca9f9429e8994bb461b4411ce3da9fa65002deb 35100 flatpak_1.14.6-1.debian.tar.xz 6aedf80851dc426bb50c17dad16493171bfb7ac8 13260 flatpak_1.14.6-1_source.buildinfo Checksums-Sha256: df11177d6d6e31f1665764e7a8a6f8fbde73ace65d93901009491741f402efc1 3947 flatpak_1.14.6-1.dsc 538f36b2c6f8c70eefd12d13ad5b1ad830820106a8bd3a9f6b8e4d9de81e4946 1644056 flatpak_1.14.6.orig.tar.xz cea823b8b03abcdc07c92912f8795e046912ad616c9ade4149abf10703d37ec7 833 flatpak_1.14.6.orig.tar.xz.asc 81bd91e50df8f8d1430823fbce06dee13d5ec789a6bd908069b87cf8445eaad2 35100 flatpak_1.14.6-1.debian.tar.xz 638fc2349786baa5e881d73ee81a3c52d8663005859da3937ac1a7f48c37eae0 13260 flatpak_1.14.6-1_source.buildinfo Files: 1b92a239add2460af327d3a87ffec2e2 3947 admin optional flatpak_1.14.6-1.dsc 9ac68b1521067c400b3be401e533d20e 1644056 admin optional flatpak_1.14.6.orig.tar.xz 5b164168c9c4ee18596523c05010fc93 833 admin optional flatpak_1.14.6.orig.tar.xz.asc 732349da8dad445cf76b7a2a56bd50df 35100 admin optional flatpak_1.14.6-1.debian.tar.xz 6b2ffd3083644145010800dd1b42ac28 13260 admin optional flatpak_1.14.6-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmYhSdcACgkQ4FrhR4+B TE9t6BAAsDWOR6NOq+28uhgSFa0LxncnhCSzGzhphAtZOWN17VXCBFcDTTwNehZx xjzzb0oodqFmElFlQtLsEJt2WMIbFup8yLy8gzFyr2ivRbhZ3HPpAKc2FW5sBT85 XIyRKRX/WI7nyy8cN+l9nKbo9gks+/K9XatZTqyRfgL/Po13paFjmPZMN/ifPPAl /73MjuSUkdRRcU23MtQkGDMiDGLat3hFNJcfd513854Z4NgpGkWdyeQoHT48IwfX fY1te+DYBn/ZBMFJqJTiduionDHCoVEiE4KZQY5aot1H+McRUDpnQqFD2xDuEMJE DblpE0t0QzEwqzDIIc9D0kqYWwWl6sOxPzFbvQP/bYQVZeTa1Zc0wtVNqnHLKjq3 /qA2z/d8muWiLDr8hpScG6N4/xBdi8O/nnpwes1hZvExoxqspIw5tpXHcx5ApVQx KiiVj9LAnvJjPY7WdM92aW7LLw0UDUjFP71+D7wOIrC5vbIg15SMpwvhlDrivzMZ 9j2fbyr0G/ed1A1ntvGjnAW4a3tUio9i1ihWYoCLRlxQRCjgkVaibh1YOJOAPOGs ULJBc6OCyveEgPANDWZyV7D8JOueta/S8BNAkpNEr2+hpFk6KQ0RZ9LFfne0AZ+b kCNgPi9UJq2Ote8+F62zildc/rnru1TyaD7Glni/lYE+q1kqwmQ= =NH3v -----END PGP SIGNATURE-----