Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-experimental-changes@lists.debian.org> , <debian-devel-changes@lists.debian.org>
Subject: Accepted flatpak 1.15.10-1 (source) into experimental
Date: Wed, 14 Aug 2024 16:19:27 +0000
Signed by: Simon McVittie <smcv@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 14 Aug 2024 11:00:52 +0100
Source: flatpak
Architecture: source
Version: 1.15.10-1
Distribution: experimental
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Changes:
 flatpak (1.15.10-1) experimental; urgency=high
 .
   * New upstream development release
     - Don't follow symbolic links when mounting persistent directories
       (--persist option). This prevents a sandbox escape where a malicious
       or compromised app could edit the symlink to point to a directory
       that the app should not have been allowed to read or write.
       (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
   * d/control: Bump required bubblewrap version to 0.10.0.
     This adds the new --bind-fd option, required to solve CVE-2024-42472
     without introducing a race condition.
Checksums-Sha1:
 85a947ff23ad71ad47a465379903becfe2221926 3918 flatpak_1.15.10-1.dsc
 e9c55c430e1df51ff2a1ab21705801cc661770a7 1169908 flatpak_1.15.10.orig.tar.xz
 8c56ef07ac7f8a0fdd9944ed992d3df4f3e8350a 833 flatpak_1.15.10.orig.tar.xz.asc
 2d243a342ddfdca06d2148043eb2be9763984c39 35884 flatpak_1.15.10-1.debian.tar.xz
 ef3b9f9150e2ff10fd33a61c4e54e17cd3208803 13629 flatpak_1.15.10-1_source.buildinfo
Checksums-Sha256:
 8210f156974e230e46073a4b676d886ae764428dd6e0524115499bd56535e42c 3918 flatpak_1.15.10-1.dsc
 6aa67ca29b4f4da74654888446710b16c9fcfe640c324a51c5025087eecbf42f 1169908 flatpak_1.15.10.orig.tar.xz
 a88775d4dcdaf87bb8b5ddb93bf38a80fbd84a26a6fa524211cb8598ffa664e2 833 flatpak_1.15.10.orig.tar.xz.asc
 09c12df065af8220173cbe9233bdc366cff390b2d1d36c4e6db4f2b2f190ceab 35884 flatpak_1.15.10-1.debian.tar.xz
 cfd35b86619ef7206b5a4fa822df911370d0ba177afd5920a0f4d2b6709c2277 13629 flatpak_1.15.10-1_source.buildinfo
Files:
 877e8e9cd494626f1e82d8c587e549c3 3918 admin optional flatpak_1.15.10-1.dsc
 13dd64af1a315b7c07a0612097b43337 1169908 admin optional flatpak_1.15.10.orig.tar.xz
 e831783bf6cf2b06f30cda04d1039212 833 admin optional flatpak_1.15.10.orig.tar.xz.asc
 44493ce56461b13587bcd61959e3aead 35884 admin optional flatpak_1.15.10-1.debian.tar.xz
 0f8ec72ac8f948542c8b6d648764138b 13629 admin optional flatpak_1.15.10-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAma80r8ACgkQ4FrhR4+B
TE+0Qw/+IA54fBO7FsPMb23F/MfNsGcAZR1AXmacW0+5VXLP7Ka19tW/VTUEPuJO
wmk0nszmDR7PN2f7C4qhl2MxK7JhJZeqUw5CX1Xvk0YSMyYBbD539dPbVBCVi83G
QhuR3WWaiYPGWMvg0uRf4180sSRTWK0C9tUCaqeg4ddyglUaaZqbYQby4+UQt4Ps
NbOnWST5nQdBGu9Agtmf42x6NzKyEwbmhRn0i/umbnn60AeQztgWWdmVU/ibFOAF
jgaAb3CR+FjhTqOe2ENUF5oGRXxaE5KYasjZQ4pfGADK+CgQSqEiSIBbfZvJhgKZ
y74Z/iiWFux7+8BA8dMtYg5zc1/egde3kFAkYkt/wOaGDNGU0UF3WYu8APw9Xb2G
IP3j4rrrPri1/1bSs7VlbRrIpPFv08FDzzxjHX1RQV+Xk8H9Mp1+Ntyx+Luc7/mj
aHjduB/TGwE6MCaiyHXmb4jjwOioJJO1fZVQtvIjN2/tWTqsZCN3+sNX2KR6U1P0
1k8Htr+K+w5a4RJbiOCk8MFQrOWRcVlvS9V8zjAPDnD2QOAieZv+FiUh+YvcdVTN
ee70pRu6aDAeHAHwmBTr9eIF9sZav/8k+nv5auDbP2WUBniVK/1tjFADDRv1S46J
tdkbz9BfGpvmbVADcOUlM9XzzrwUZQKdy8lZix0wt+9nv+sHcgc=
=1Cf/
-----END PGP SIGNATURE-----

News for package flatpak