-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 17 Apr 2024 20:17:44 +0100 Source: flatpak Architecture: source Version: 1.15.8-1 Distribution: experimental Urgency: high Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Changes: flatpak (1.15.8-1) experimental; urgency=high . * New upstream development release - Don't allow an executable name to be misinterpreted as a command-line option for bwrap(1). This prevents a sandbox escape where a malicious or compromised app could ask xdg-desktop-portal to generate a .desktop file with access to files outside the sandbox. (CVE-2024-32462) * Merge packaging from unstable Checksums-Sha1: b6543dc9a393dcc4f2faf70a7333785ddc51fcdd 4019 flatpak_1.15.8-1.dsc b72524c06a83314b975ef618f63ee33506989e39 1300484 flatpak_1.15.8.orig.tar.xz 9694c94dd58d9533a244da2c5cab642b4b5eb504 833 flatpak_1.15.8.orig.tar.xz.asc 26075d0f64a69e91458e57d2e5a22ee207bb7b3d 35148 flatpak_1.15.8-1.debian.tar.xz 447d1deb4b1cea09d61d7aa7d88763bad7855bd4 13260 flatpak_1.15.8-1_source.buildinfo Checksums-Sha256: 2b78f1bf780d461b3b9ca615a23f421bd03fd7354f9d0e9225551bce787a5bb9 4019 flatpak_1.15.8-1.dsc e89bcf42fd1eb0fadf14c8b5845bc31cb78a2624f3bdc9bcdd007cc75022e4d3 1300484 flatpak_1.15.8.orig.tar.xz b4db97fcb8cd6be3225f9041c674ce81b5aa7938df96887f2c413553424c947f 833 flatpak_1.15.8.orig.tar.xz.asc cf5109510892c215f3690589c85b9ce8d8127861d637899d44152419e25424e4 35148 flatpak_1.15.8-1.debian.tar.xz 01536b09e98e1811f0c4ff33c305abb16a7a273c626b0dc01253e56cc5a155df 13260 flatpak_1.15.8-1_source.buildinfo Files: c20e7759135243c6a9e2b32475b25164 4019 admin optional flatpak_1.15.8-1.dsc f75a4521736981d74361dbb3a833c278 1300484 admin optional flatpak_1.15.8.orig.tar.xz 2f27272e76c41e150346e019d2e9869e 833 admin optional flatpak_1.15.8.orig.tar.xz.asc 8cdcb7dc515eb5925871e666cdf6e0c5 35148 admin optional flatpak_1.15.8-1.debian.tar.xz c9f5e21300c09a039541d0325937b895 13260 admin optional flatpak_1.15.8-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmYhSfYACgkQ4FrhR4+B TE+5yg//S4Hr3sHxgr3LEJo75vuz97kYGbwMIr053P5e1Z9SF8yWy1mlUGTDpX1p 1qXA55ei2JF60hDSkM9PGKoS/ZBXJayVJ7np8g0wxGo/+G6t2+cTQdSaPI6nBH59 66tzBOhgv1llPtl2Nwt8nDEAhy2Cs2PyruGkGv56v7EzY0yv3vB5h+KArck1ReO8 F99Jplg3C8+NNr8KpAeYnV4gpCzcTZsVpd2k8q/MgnIdjR+HqcjmRNiibYflg75C orXWctsAdTQL2hDJy+Z9cXxsmWNNGmCR0yQ0TWq/a2rG9nYeGFgZs4BJ/Bqg/TwC koPJY9+zSGW4cOmGqb+BpMWhPxB+OwceFCNrYL5e4cu2Ga7sxJxaldtAXKkOCNB8 jj1KatmDKR775XD1xnVvy2vp7Mf9H23vytlepER454bNke/uriuTWOjjZvhST61f nLebAPfqJdH2ZYzyNOQRybsKwy4AC7a4R81E1wQa3mYZBqp5uMXjs6mR64c2wotK A67GaLJDGpYo6rdkwLXbrQOndypXKrYAmGOWTNitpyZ2GLNJU+mwwDG+70Qx4RBG 8C2iRAb8IiyufL8ZPdOy0A2Uy94pQNXfERU68XNY4iWOCTghZCqeTWlIjp42pVus VFE2E3COyp8rBlnJaiycWgGJxA5V34EuYB+VHON1txXNIt7XFRo= =AHNd -----END PGP SIGNATURE-----