-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 18 Apr 2024 18:26:58 BST Source: flatpak Architecture: source Version: 1.14.4-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Changes: flatpak (1.14.4-1+deb12u1) bookworm-security; urgency=high . * d/p/When-starting-non-static-command-using-bwrap-use.patch, d/p/test-run-Add-a-reproducer-for-CVE-2024-32462.patch: Don't allow an executable name to be misinterpreted as a command-line option for bwrap(1). This prevents a sandbox escape where a malicious or compromised app could ask xdg-desktop-portal to generate a .desktop file with access to files outside the sandbox. (CVE-2024-32462) * d/gbp.conf: Use debian/bookworm packaging branch Checksums-Sha256: 4d24771540c47fc79172311e1df3e6afa9e1878ea5d0be675d2052bf8d82c2bb 3566 flatpak_1.14.4-1+deb12u1.dsc 8a34dbd0b67c434e7598b98ec690953d046f0db26e480aeafb46d72aec716799 1637484 flatpak_1.14.4.orig.tar.xz 000ff7ff87d6ff8b66498dea87e0afa618a85bf0860137ebade46427e6f137f5 35992 flatpak_1.14.4-1+deb12u1.debian.tar.xz f887f41af67235b4deca08f061d032a8a358638841db52dbb016ee1ec041f65a 12176 flatpak_1.14.4-1+deb12u1_source.buildinfo Checksums-Sha1: fad9f4c2b63d0878b43d5075adbb3a206e23a1d5 3566 flatpak_1.14.4-1+deb12u1.dsc ce72230b06014ff8848904ada2caca8b423c8995 1637484 flatpak_1.14.4.orig.tar.xz d91157a2a2e2c368e821e04f54028ace7d35f47a 35992 flatpak_1.14.4-1+deb12u1.debian.tar.xz 7d515fb88b157b2db7284574e8f65b6d0bff5b80 12176 flatpak_1.14.4-1+deb12u1_source.buildinfo Files: 5d69069d3d80d604bd792c4e3a0b187d 3566 admin optional flatpak_1.14.4-1+deb12u1.dsc de04545ae7d547fdb65db93601591531 1637484 admin optional flatpak_1.14.4.orig.tar.xz 1fb581982793b2b09e1c31622c6ba474 35992 admin optional flatpak_1.14.4-1+deb12u1.debian.tar.xz e1db90bdb553e9f24e36d86f2f77932a 12176 admin optional flatpak_1.14.4-1+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmYhbWMACgkQ4FrhR4+B TE8qrQ/9GF7xiDL9BW3PwH6hSETzIs0uPMFhnXA6YBrSH8TMfoU4KRAJqFbxWwuu N4b23BxxdFbldwjXnmvak+9EHhw0oCyOZD2IP0CErK9mhHSwSoZxJUQAvgqsmrLb u7f7drGAHinzRuupi0JYVW4tP/3V5nlir1ZRtcg3AJbpgZfnOvhguSsWS3pz5DOw Fm90EcldUts4IZwqqrCCGbS/2i+uU0FVt0GAl+999eRwxznbb3MpyyaKeRfbonGn W1IngXsueULIuIb/onn+4hKg+X1QcohT16HANQMSH2X06Oqm9NLY9h3UfZKnJK2p yjPuAxUHPV45f4OvDa0opwveOISCALAB/FznToV1Psgqgzk1qPHjWE8VWS8tT5aj F/cYyLZouivdWjPJudOjOZR7JTrl6o9GnskuFBFirY6VNdBObIMxex1k5bjPfIZh KwSrM5CLfE4L2gtOGUpQ/g0fOeFfTaG+TtksS8q5yvQh1FoEeT6y/QENLPeRijQp WZN7Lt92Tm/KS8SRPCvB6ZHUoqDJUZHiVJEMtldZc2CKJuMNrljF4dEb8CIb4e+A RxvgEFLuv1M3ZnLjarSS7W2S1JBayJnnROs2Kh/aPQRvXij69OQbyk8PWZBEmqXx EWiVeDJMAPdpypx+h8QCpIjxmjCMA+4R2lqKMh3Ygma5pcDTbus= =btKX -----END PGP SIGNATURE-----