Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted flatpak 1.14.10-1 (source) into unstable
Date: Wed, 14 Aug 2024 16:04:30 +0000
Signed by: Simon McVittie <smcv@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 14 Aug 2024 15:03:33 +0100
Source: flatpak
Architecture: source
Version: 1.14.10-1
Distribution: unstable
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Changes:
 flatpak (1.14.10-1) unstable; urgency=high
 .
   * New upstream stable release
     - Don't follow symbolic links when mounting persistent directories
       (--persist option). This prevents a sandbox escape where a malicious
       or compromised app could edit the symlink to point to a directory
       that the app should not have been allowed to read or write.
       (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
   * d/control: Bump required bubblewrap version to 0.10.0.
     This adds the new --bind-fd option, required to solve CVE-2024-42472
     without introducing a race condition.
Checksums-Sha1:
 33768747ab9c4f2566ed8d606ebe51b9458a8f6f 3960 flatpak_1.14.10-1.dsc
 29eda29e492f82aeeb3b670a89d7636267e35cf0 1647100 flatpak_1.14.10.orig.tar.xz
 52fcc6407ed227ae632db6625398800d175de844 833 flatpak_1.14.10.orig.tar.xz.asc
 7ec460a084ae7314fc99cda8bacda5adad7ec6ce 35852 flatpak_1.14.10-1.debian.tar.xz
 19f0b551b796f053853434c5efa29eadac1599ac 13449 flatpak_1.14.10-1_source.buildinfo
Checksums-Sha256:
 a3ef7f0cc4b7c85f25d617fa6b31315eed1712b9b4b4ea42cd1389467f880f58 3960 flatpak_1.14.10-1.dsc
 6bbdc7908127350ad85a4a47d70292ca2f4c46e977b32b1fd231c2a719d821cd 1647100 flatpak_1.14.10.orig.tar.xz
 86f596ae816c77b6ee2789df177cc194d0a86d5ebd127d2a5c5cf99a627641ca 833 flatpak_1.14.10.orig.tar.xz.asc
 4e435d6e76cf150bbf6021ce5546553238941bd35d2a158443fae6482cf64573 35852 flatpak_1.14.10-1.debian.tar.xz
 38d4abb02ad79f4b37d9d9e5fb7f81ed99a0b9fc2377c3c98bc7c23608dea6f3 13449 flatpak_1.14.10-1_source.buildinfo
Files:
 d44e78a09056ecbd3308df5906bba165 3960 admin optional flatpak_1.14.10-1.dsc
 4eb3f96ab7a73b01b408e5bb15630106 1647100 admin optional flatpak_1.14.10.orig.tar.xz
 067ee69526edc3294dcfb3d43fd99de6 833 admin optional flatpak_1.14.10.orig.tar.xz.asc
 c24675cce3515bf4564460cd0f29e371 35852 admin optional flatpak_1.14.10-1.debian.tar.xz
 3e4e2802ecccde24191ff27f500765fd 13449 admin optional flatpak_1.14.10-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAma81PIACgkQ4FrhR4+B
TE+e+g//WYJeKV+3/o9/xdMBbZrsJBzaVqfVkja/7+TCf2M2C7/9Tq+PP+WpapDK
v7GuzJqOkNEI1DzL7cQIN9qfjowQLt/DEkFUvC2h/Yb3x+fPAKAEwM5qWu/86FT5
nr2MwO09Z0S5p9l5pm28zkqj7WxPDetd2o/++n9iVOLML6sJeuJQoMEZzxXQ85ns
7uFzVCVXGgDgeFV5Ty9/rEWTlIsLAJ/EMoQkDLc3J+O33N5RFLlL+OgOvVXYHK9L
9iVi7oCWhMEOwYSta7I6hGtizyZX+X9738UCCOdgQYlmImtjryRlb9uVl9M2fv3l
oZv9UT859J7Q+rYrgWzb04ihwTwb3asaJpfHKLbMWoe4LE9EqO8Aq1/sh5BnXSBk
CqdLLLWczPJ/6t08Z4cTE7M7Fo4nLO4JG/nYP426+i6jHXFU0kvMQMmntrGmK2uN
PeyyUsoZOFVKmN+5fglYqyreKO4mt6VkQH60nOdIQyL9SC9qEuDzW5x+FMJYfKhr
qXwRxmWVwGqb91JT8iWZTdKAqHaSo4uw4CeOP5oxVlQd2vPU8vK/gqxAnYiUEovo
C+HV1Q9EUN4x1cNxSoPE+PKGKSec9dAsEcUuOdL9RGSzpD5xlnYKrlHJ1bm50lte
dNYeR8aOtnrlwY6sg54TeqRsNNqziJq7ZporNsY3MwATMeSvnCQ=
=p0tK
-----END PGP SIGNATURE-----
News for package flatpak
