Package: flatpak
Version: 1.16.4-1
Severity: important
Tags: upstream
Forwarded: https://github.com/flatpak/flatpak/issues/6570
X-Debbugs-Cc: Debian Security Team <[email protected]>
There appears to be another regression in the fix for CVE-2026-34078
affecting Chromium/CEF/Electron-based web browsers with internal
sandboxing that are packaged as Flatpak apps, such as Vivaldi and Brave.
Details at upstream bug link above. No solution is known yet, I will try
to upload a fix to unstable ASAP when one is available.
Probably there is a file descriptor leak or double-close, or some similar
file descriptor book-keeping problem.
smcv
