-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 03 Apr 2017 16:35:44 +0100 Source: flatpak Binary: flatpak flatpak-builder flatpak-tests gir1.2-flatpak-1.0 libflatpak-dev libflatpak-doc libflatpak0 Architecture: source Version: 0.8.5-1 Distribution: unstable Urgency: medium Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Description: flatpak - Application deployment framework for desktop apps flatpak-builder - Flatpak application building helper flatpak-tests - Application deployment framework for desktop apps (tests) gir1.2-flatpak-1.0 - Application deployment framework for desktop apps (introspection) libflatpak0 - Application deployment framework for desktop apps (library) libflatpak-dev - Application deployment framework for desktop apps (development) libflatpak-doc - Application deployment framework for desktop apps (documentation) Changes: flatpak (0.8.5-1) unstable; urgency=medium . * New upstream bugfix release * Upstream security fixes: - dbus-proxy: Fix a use-after-free (no specific exploit is known) and several memory leaks - system-helper: Correct the check that was meant to prevent unprivileged users from downgrading system-wide-installed apps - Do not allow downgrading apps to validly-signed older versions unless a specific older version is requested, so that a man-in-the-middle cannot cause a downgrade to an older app version with a vulnerability * Other upstream fixes: - Increase GLib build-dependency to 2.44 (in practice this was already required, there is a patch in jessie-backports to relax this) - Collect system extension references from all system directories, not just the first that exists (upstream issue 654) - Stop using ostree trivial-httpd, which is not available in post-stretch ostree (upstream issues 658, 723) - Be build-time compatible with post-stretch ostree (upstream issue 756) - Strip ?query suffix before detecting whether a URI points to a .flatpakref or .flatpakrepo file (upstream issue 659) - Fix a typo in help output * d/tests/control: most tests now require python, for the ostree-trivial-httpd replacement Checksums-Sha1: bda842de1e522c6318e6f3a9439e79d4e981a759 3022 flatpak_0.8.5-1.dsc 89d0784b27123ec61e2efa36febfdbe2f2edb009 744808 flatpak_0.8.5.orig.tar.xz 3e81a298067ebbb9efd83066c5311203f2d2233a 16640 flatpak_0.8.5-1.debian.tar.xz Checksums-Sha256: c9a0516db03c2d6f01d337a3c1a5335bc81e8578b7ee7a3a346b1905b6cf8237 3022 flatpak_0.8.5-1.dsc fd31bc23e5b62a187fa9eaed937aadac2ab48911c338005b39ed889b2ebf95e5 744808 flatpak_0.8.5.orig.tar.xz d2fd175af4af9aa077d435f0681a2551f483602fd2e407937710910260ff2ab4 16640 flatpak_0.8.5-1.debian.tar.xz Files: 7e9b81c26b186885bd4a56a6294cd035 3022 admin optional flatpak_0.8.5-1.dsc d160b96fdee4be1f9b0ecf60641899f8 744808 admin optional flatpak_0.8.5.orig.tar.xz 3cf266d7d43504d1117ea0a5a2de3351 16640 admin optional flatpak_0.8.5-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAljif5UACgkQTej/KmPH zJAPzhAAibKhyvTANegvQsgOEKkINyojU2JZl00ev4gv5hLcCaw+GD5mGakGUa5D Fms3U8iL+rNgHHDDleALyfh0W9/VjSFqBSjIbJZ2DnCyket3BGBgZ9D1V4sR9WED NahV68L9kJf0vEXGNuzQO0WDn10oTU4zr9K3kpBOvTz5xADZHvdwIM+7/WrNKxZH bRUX97BtWlgozMEjS5D9n5q2jt5wA4FiNBsjmIwkd2isN2rGPUTTkjDAMtBzB/6G yRT70QYkeJWoqnX9WKLWiLF67OrAhplrS177DHMKiHJ5GDQN2NgRGDNwgLPceoda 3wbNk605v2r1tawKFHD9Vpm3QJBTGBGdzEs+4PYW8mL4XdKYf5miH+gKJeDpGBET yDO68oAH8onyQNIvyjg+2dwpgD0P6HegwZRhA5CkkRH/J+9RTVobojJsnrWzWy6r HUoTZpXcCv5b3g5Ea81ngtKhidcnCHZAZxCSrOLjVVGgGotP82LLimHlrPE66rQu KiUeZHgO6sqcXRiuVIixVWQqHwHMwdDZ95w8DnB2FbYBIfbH+KMaDZdhY175QsuS iHlm+fSmyrz8MDZytRBuigwkg8itc7b0QrbC5gioHt+8HY9P/m0e7Wq3xWRRyJPb BwdS03Js4M+Ep81Rh7jJAsVyFxmGYmihKvLOGWiua+97eGApNSk= =acpa -----END PGP SIGNATURE-----