Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted flatpak-builder 1.4.8-1 (source) into unstable
Date: Thu, 09 Apr 2026 22:19:05 +0000
Signed by: Simon McVittie <smcv@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Apr 2026 22:43:46 +0100
Source: flatpak-builder
Architecture: source
Version: 1.4.8-1
Distribution: unstable
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 1133099
Changes:
 flatpak-builder (1.4.8-1) unstable; urgency=high
 .
   * New upstream security fix release
     - Fix arbitrary file read if building a Flatpak app from a
       malicious manifest or source code
       (CVE-2026-39977, GHSA-6gm9-3g7m-3965) (Closes: #1133099)
   * d/copyright: Update
Checksums-Sha1:
 46687664c1bbcb7ca9019d0498d16ee6c45e638c 2747 flatpak-builder_1.4.8-1.dsc
 680401bf389b85f91d79bd58ac56b5ceb0437a82 629584 flatpak-builder_1.4.8.orig.tar.xz
 cdd1b5fc3d85cdb4112da367d8733253470af0ca 8880 flatpak-builder_1.4.8-1.debian.tar.xz
 e81d759c9ac83886156608cd4e789497d46e1d87 13358 flatpak-builder_1.4.8-1_source.buildinfo
Checksums-Sha256:
 9b353e465fdf6a63ec05dce1fe3dbe69f40c367f60e44fc56cf286a5b6aa7599 2747 flatpak-builder_1.4.8-1.dsc
 66900a8ad194623297cba210b821438ed26a189f908dbe3ae8af6e1d2666337f 629584 flatpak-builder_1.4.8.orig.tar.xz
 8511513c711f5d720938858c099773a2d918ff69a11bc4415e13effa8cc4ae1e 8880 flatpak-builder_1.4.8-1.debian.tar.xz
 0edadc043fda8e179b6880c90cf22b157c1427fa45f5651c7e1fd3d86028f67e 13358 flatpak-builder_1.4.8-1_source.buildinfo
Files:
 7e74210ea09c7bce6b05630fcbb3d5b0 2747 devel optional flatpak-builder_1.4.8-1.dsc
 bb909194b0f58edcd7451f532eb286bd 629584 devel optional flatpak-builder_1.4.8.orig.tar.xz
 88ed016f594f6c7e18b197805af513d6 8880 devel optional flatpak-builder_1.4.8-1.debian.tar.xz
 caab0e176e55827d3ab99a469d4cc0fd 13358 devel optional flatpak-builder_1.4.8-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmnYI5UACgkQI1wJnT6z
MHYHWBAArLL4hpW3MJCESEmZAjW3/aJxG3pYUBrZKM8+8ENuISCkuuCSxr2oWH0y
Iz6dbUybuIJXySq2Zy2FzYUOyC1ldreZSBxlJ4fw0CrbDkQxDng5mnOhLeicUPgW
FguvA6PayiEFMHQcTEavX4zWmx4M69WTq57lya6dT2RK4yQuaDGKWP+KHknl0jod
mpTQuL9H3eQIJNOuc9j6ZStfuqx1+3+RG0fs59eX9dHQLkHcIfathCDLYkPGU1pF
pksjtELC498xomWlXESAbJZ/lR3gAN2hqIKDszG6VARBeS4Jv4Ebt/fRyKQHXhKO
PvXAgjEfv8kVYSLK+mAoYfPJLogDKb+e/2o3fC40q3L/ViT1x+Hnl56emfA+Vox5
PYIoSnPPOaaYdPIB9T54oCyZ7V6OQc48Z54SaAx+yTcwfsV+VDlO9IYp0D7Z4Nb0
w7d8dFccC3SJtrPhcOzCilqNahtqrGlbBUmuzuTtVnsX2alNE8MDCbmd2VWB1qUm
Z0ApoDfQtTayr2Gw4s0zXwrBOZNJNfqYI3sOFCQQ8Bo0cY75+hvt8kZjRIl4SULN
Y0+CvmTg85xlhHs1VKt4yX6I0R6+mi7AQLkLmR94eJRgXnJKRO4dGVFXlnpudSli
sL3Qy7YpGsxmMvhTRkdLZHoulff8QGYT9D9wYCiHrxS93n6+UtE=
=7grk
-----END PGP SIGNATURE-----

News for package flatpak-builder