Thank you for your contribution to Debian.
Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 07 Apr 2026 22:14:56 +0100 Source: flatpak Architecture: source Version: 1.16.4-1 Distribution: unstable Urgency: high Maintainer: Utopia Maintenance Team <[email protected]> Changed-By: Simon McVittie <[email protected]> Changes: flatpak (1.16.4-1) unstable; urgency=high . * New upstream security release - Fix a sandbox escape involving symlinks passed to flatpak-portal. A malicious or compromised Flatpak app could exploit this to achieve arbitrary code execution on the host. (CVE-2026-34078, GHSA-cc2q-qc34-jprg) - Prevent arbitrary file deletion outside the sandbox by a malicious or compromised Flatpak app (CVE-2026-34079, GHSA-p29x-r292-46pp) - Prevent a local user from reading any file that is readable by the _flatpak system user. A mitigation is that it would be very unusual for these files not to be readable by the original local user as well. (No CVE ID, GHSA-2fxp-43j9-pwvc) - Prevent a local user from making another local user unable to cancel an ongoing download of apps or runtimes installed system-wide via the system helper. (No CVE ID, GHSA-89xm-3m96-w3jg) Checksums-Sha1: 393f1cb497e09faa519445e591440ce27eda8cf4 3827 flatpak_1.16.4-1.dsc 667b35d8de99a867266b3e2fceb21427f9d3f1e2 1239368 flatpak_1.16.4.orig.tar.xz 503d437e4effae1727c4af5f740bf44ac858967f 42016 flatpak_1.16.4-1.debian.tar.xz 139521dc01d8730582a8ff91a5ba6df085675471 14351 flatpak_1.16.4-1_source.buildinfo Checksums-Sha256: 0f6d1aff0b3c5ca7b2887782fef8729ace8aafd80c0c6310c2ca6dd8ac96b8b2 3827 flatpak_1.16.4-1.dsc 761ff3ba00c99a26f914c6999e90b12a54cab19cea5888413f17e46ee618d8fe 1239368 flatpak_1.16.4.orig.tar.xz 303bf092e69f623e2728f6ef1a4f9115532d11d52702cf33c577fea3883c7611 42016 flatpak_1.16.4-1.debian.tar.xz 651a527f6f613d715671d4118f0e54c3887a67d8c5f8459a4131afa4c7f769c3 14351 flatpak_1.16.4-1_source.buildinfo Files: 17da3e00e58969972f17052975e04daf 3827 admin optional flatpak_1.16.4-1.dsc 792dd5cf90318df981603d4306d7386f 1239368 admin optional flatpak_1.16.4.orig.tar.xz c892233f95b35fa35e4d263ac5c77090 42016 admin optional flatpak_1.16.4-1.debian.tar.xz 80ab38499c3ebce5a7095caa100fffbf 14351 admin optional flatpak_1.16.4-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmnVe6oACgkQI1wJnT6z MHaEbxAAgEy2WuKcF50IP6vZq6IONAncAo6ZEp1XYGC/giFbjj8Ht+hoIUssAu0e PaSMuSmqtaRA0QBrB4ATuvJsluiQrLHw0sNbh2tyoy5TTk5aVatfF3+IumQWt5I+ dwSRtuaoRwmg6JVtaUXuLLd+NxHw0yS511W/84i1gXVe/yOJFliNlXkpwEeBH1om CpbINaZ90Coet1Qlv+A+bj0uZry+Y8i4fCF1FiIW4uexFGCktphQrtbZItgTA/zI WKSrcbEspRZ9U9XIo6hSMu97A1Cxh3lBzdGPzFKzPTY0QlRj4tKnwS+VrRl9kVgg dQLS+Sh2YC1yj7m/GHYwsu7cW7erkSJvPamgq71QjKWV1BB0tyyRfjwpJaWxnSts SzzrppwTrzviS/wxSh63ggg7Nj/yMO9LMvGTZb9powoQl6l3NcOhuQhoreJSpZxU 52TT0s7M/zdcIWDJdTSULmb9H0t0JOFAXHrdQNmL7Q5x5hOnlQDJWoRnbfGesk1x 9adqy8gichO6Kq1ABQcaib1e2D60ldA5wy2CxAdeA0waawcuNmnNHc08Ai5DrFI6 IjWWBXt57JKqbuu1/nkjeXGL6pwRPsHpDK1ta/mEhXt2PKaTEy3uMS7FmoHjniOT AYqYXaIpNgyygB3sgszykjcTrKDgwX/w5ia3d1i+ENpWKi1k1es= =2+NX -----END PGP SIGNATURE-----
pgpYuuIif9wAs.pgp
Description: PGP signature
_______________________________________________ Pkg-utopia-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
