1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted flatpak 1.14.10-1~deb12u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Fri Aug 16 21:20:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Wed, 14 Aug 2024 18:20:19 BST
    Source: flatpak
    Architecture: source
    Version: 1.14.10-1~deb12u1
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
    Changed-By: Simon McVittie <smcv@debian.org>
    Changes:
    flatpak (1.14.10-1~deb12u1) bookworm-security; urgency=high
    .
    * Backport upstream stable release into Debian 12 (CVE-2024-42472)
    * d/control: Relax required bubblewrap version to 0.8.0-2+deb12u1.
    This version has a backport of the required --bind-fd option.
    * Other changes relative to 1.14.10-1 in unstable:
    - Revert polkitd dependencies to polkitd | policykit-1 as previously
    used in bookworm
    - Revert pkgconf dependencies to pkg-config as previously used in
    bookworm
    - Revert location of systemd unit to /lib/systemd/system as previously
    used in bookworm, dropping versioned dependency on debhelper 13.11.6~
    - Revert changes related to Debian 13 GIR XML packaging policy
    .
    flatpak (1.14.10-1) unstable; urgency=high
    .
    * New upstream stable release
    - Don't follow symbolic links when mounting persistent directories
    (--persist option). This prevents a sandbox escape where a malicious
    or compromised app could edit the symlink to point to a directory
    that the app should not have been allowed to read or write.
    (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
    * d/control: Bump required bubblewrap version to 0.10.0.
    This adds the new --bind-fd option, required to solve CVE-2024-42472
    without introducing a race condition.
    Checksums-Sha256:
    09062fc52e7f89249a20a48d0e3267bd281182f7eea990744d371e342d2d4eaf 3884 flatpak_1.14.10-1~deb12u1.dsc
    873ae87d367557190e159c6f281ce82acc512f38743ca284e8785f89293add11 36600 flatpak_1.14.10-1~deb12u1.debian.tar.xz
    816fc85be5a6ce224077c8a08a2278852ae96cf690e98b1e62dcb862639feb73 12323 flatpak_1.14.10-1~deb12u1_source.buildinfo
    6bbdc7908127350ad85a4a47d70292ca2f4c46e977b32b1fd231c2a719d821cd 1647100 flatpak_1.14.10.orig.tar.xz
    86f596ae816c77b6ee2789df177cc194d0a86d5ebd127d2a5c5cf99a627641ca 833 flatpak_1.14.10.orig.tar.xz.asc
    Checksums-Sha1:
    618e4d802633d3dd0d10dbb79d8fcf076eca41f0 3884 flatpak_1.14.10-1~deb12u1.dsc
    0b0d0178c024823562ad3364add86fb13156d943 36600 flatpak_1.14.10-1~deb12u1.debian.tar.xz
    d9b515872c436d0e33a489037d57dfd0d3aba07a 12323 flatpak_1.14.10-1~deb12u1_source.buildinfo
    29eda29e492f82aeeb3b670a89d7636267e35cf0 1647100 flatpak_1.14.10.orig.tar.xz
    52fcc6407ed227ae632db6625398800d175de844 833 flatpak_1.14.10.orig.tar.xz.asc Files:
    46b68872d0323d2cb46a5b0b0cf60f1b 3884 admin optional flatpak_1.14.10-1~deb12u1.dsc
    31b70edb805de5f4796e2d8a7d4e886e 36600 admin optional flatpak_1.14.10-1~deb12u1.debian.tar.xz
    ab74924d680ec951d587d58cc7285fc9 12323 admin optional flatpak_1.14.10-1~deb12u1_source.buildinfo
    4eb3f96ab7a73b01b408e5bb15630106 1647100 admin optional flatpak_1.14.10.orig.tar.xz
    067ee69526edc3294dcfb3d43fd99de6 833 admin optional flatpak_1.14.10.orig.tar.xz.asc

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAma851kACgkQ4FrhR4+B TE8aexAAqKMSa7ccMGT9RPqvNgh8ruZ8ZQ4lLGTittl8nIchu0EQzEKqCYZOHpXO IoZKJ0yP7hYq2r1LWyoS/nazpuzwECk6vXnznVMGloaJ9JHnH+VBinIhG/YLiWBH 2uMnLU/lMx0gM823SEfnLqUqEP1GPp8HgkJOozbWcHIFZJGeFkOh06kZpjDNrg7r +yYGuTCnNzGdaeXUPw9DzFi24tHqXHapgM+pCyOhQbv9bydaMw/4Bg2HqbWGvyH1 HhUPwWqBw9lCJD97qRnabrtaaIHRO4cgkZhjQu+vyPcP1QRkoXPrQDHtld0eUiJm JtXadkM9Jkgft6gtGFHowFZFH878LW7YNQb/IqzkHrZCmp6UsU0v9zhwGHGW9eMY SRrMUYEwar/pi6qqGJA6w2vkCcFN7Yw6z9UZeS14QaND1eLOPYNNLEpo3jrfgLEW hEo/nBNHfC17gBiLiteZ+CwesXFAUJtyp/Ez8VSXLQSIscxqSufjTva5FlGvUTjG //4ttH8iYZj9SYnV9GpR3IakSLThS/EZRPR8ARFKBPYFxVyE1W6t4bGX8NMbIIol TaqC+LLVLjq4AHgWQz1BYGsod0mfUFfv5v9yrndsKSMf5x3AHrCyBelcFiV7LdGT s1nRHUDmcpfp5MhmqcXOii6QDB0wtc5qc0yKWi9+ocA6ybVtqYo=
    =RLB1
    -----END PGP SIGNATURE-----


    --==============æ78969900731775826=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZr+luAAKCRCb9qggYcy5 IafXAP9WtOeM/aXz4GSvOWe9skQfAuX3Myr+WRtc2puVRash0gD+IwORUY3TsiEH O6juYH1XsnizHRyHl7C77UieRBTx2wY=HskV
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)