On Fri, Apr 10, 2026 at 09:43:05PM +0100, Simon McVittie wrote:
> On Tue, 07 Apr 2026 at 23:31:37 +0100, Simon McVittie wrote:
> > On Tue, 07 Apr 2026 at 22:27:52 +0100, Simon McVittie wrote:
> > > For testing/unstable, I am about to upload the new upstream release
> > > 1.16.4. This fixes CVE-2026-34078 and some other, less serious security
> > > issues for which I will report separate bugs.
>
> Unfortunately this had regressions for several popular apps, including Steam
> and Chromium-based web browsers. I've now uploaded 1.16.6, which we believe
> fixes all the regressions.
>
> > > For trixie, I would like to address this by uploading the new upstream
> > > release to trixie-security.
>
> I'd still prefer to do this, rather than applying 99% of it as patches and
> having a subtly different version that hasn't been tested upstream.
>
> Updated merge request:
> https://salsa.debian.org/debian/flatpak/-/merge_requests/6
Thanks, please update to security-master.
Cheers,
Moritz
