Your message dated Mon, 13 Apr 2026 18:51:34 +0000
with message-id <[email protected]>
and subject line Bug#1132968: fixed in flatpak 1.17.6-1
has caused the Debian Bug report #1132968,
regarding flatpak: regression after fixing CVE-2026-34078 for users of
Flatpak-packaged browsers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1132968: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132968
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: flatpak
Version: 1.16.4-1
Severity: important
Tags: upstream
Forwarded: https://github.com/flatpak/flatpak/issues/6570
X-Debbugs-Cc: Debian Security Team <[email protected]>
There appears to be another regression in the fix for CVE-2026-34078
affecting Chromium/CEF/Electron-based web browsers with internal
sandboxing that are packaged as Flatpak apps, such as Vivaldi and Brave.
Details at upstream bug link above. No solution is known yet, I will try
to upload a fix to unstable ASAP when one is available.
Probably there is a file descriptor leak or double-close, or some similar
file descriptor book-keeping problem.
smcv
--- End Message ---
--- Begin Message ---
Source: flatpak
Source-Version: 1.17.6-1
Done: Simon McVittie <[email protected]>
We believe that the bug you reported is fixed in the latest version of
flatpak, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <[email protected]> (supplier of updated flatpak package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 13 Apr 2026 19:06:56 +0100
Source: flatpak
Architecture: source
Version: 1.17.6-1
Distribution: experimental
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 1132960 1132968
Changes:
flatpak (1.17.6-1) experimental; urgency=medium
.
* New upstream release
- Incorporate security fixes previously in 1.17.3-2
- Fix regressions caused by fixing CVE-2026-34078
(Closes: #1132960, #1132968)
* Drop patches that were included in the upstream release
* d/p/dir-Use-flatpak_bwrap_child_setup_inherit_fds_cb-to-apply.patch:
Add patch from upstream to silence a spurious warning when installing
apps that use extra-data
* Merge changelog from unstable
Checksums-Sha1:
3b497b8a45541f3e415a989061e87f3da01b7d1b 3928 flatpak_1.17.6-1.dsc
d0e35e418d05d0d31824961988a04502fa2a6057 1344476 flatpak_1.17.6.orig.tar.xz
4cce157d944b265c7d2fa82f04809c8ab7006e2c 43684 flatpak_1.17.6-1.debian.tar.xz
49e1701a8e61a435afa16eed3c7768398d311fe7 14421
flatpak_1.17.6-1_source.buildinfo
Checksums-Sha256:
cfcfd2aa4b462f3067273b843b8b77742a8ef11c340e3c5a4099d43cb2d57992 3928
flatpak_1.17.6-1.dsc
a58cced5c468792c1e77847159e687d3f7bede8c2d4483f1f3ef1229d52553b2 1344476
flatpak_1.17.6.orig.tar.xz
6d6a640a0ae7b709093cd9f55c71de438ba72408c89cb26ec3bbf9f9ea31cbcb 43684
flatpak_1.17.6-1.debian.tar.xz
0655fb076e42e383763c0df37fb93a839c0a0677d5c0e9f1a08171340eba00f9 14421
flatpak_1.17.6-1_source.buildinfo
Files:
3df718247664b88562529112f48180bc 3928 admin optional flatpak_1.17.6-1.dsc
ef14562d38a326638536b2a8896625d8 1344476 admin optional
flatpak_1.17.6.orig.tar.xz
2f9a234c00e72312b7e9f76266d74cf8 43684 admin optional
flatpak_1.17.6-1.debian.tar.xz
4903435c2e0896fb4395facd9b0626ca 14421 admin optional
flatpak_1.17.6-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmndN6QACgkQI1wJnT6z
MHZ/VBAAvZ6gk6w302jVFD+U3BEGBJYO0pkG0k7s7XWo8FImL+fWy7iMaktOx+YA
2XPf4RPKcyIeSIDwcL0qmbQQZSYhouXA6xtig/+uMjWBODzkKjqldrvNTQvJfoEw
+sHGwipXbcHymJWPq8DcTAPDOOXsB3a4tho2O641ufZUSe0nJh/Y9/OOWIHbZdBn
1CsdRAs1hOZ31pfljh+kzrw24mfPRg49Xu7NVz5BKawJ/Ly1OfvLaQZbOIoQU4St
WW7THFRrHWjSLPJ0SB25yTOkOo3U6DS3sR1n8s5/cOaKRdFUKkzvQ79msCJ5n9O9
GOdi6Mu11KWIVqIOO6N6Vrhtmbo3APlufY26qKHIPmpVeWT5la5D9E1a1fd42c0p
Hp49EGh8UOPFMQj7fd63rTVGRfJy5eS/abFtihYnXEbRdS4sMJ5a/Ega2rRk5j9i
4YhczIII3psypz6Sd1RrS+NJgKnV4vgvDh5kBTryyxEZG28AG18mfJSJGq8HwOot
L0s4R59gxLdgddlrZR7eKyYZ6DO5SsO2BQ1LmGO74Lgd8R1F802chcOhOkwsuE1t
zqbM9NDjPNz9wSXJgwTlYCW+G1jf/UE/k/v+e/1gBL7jHo93bc/wans9LUS5fCZI
MEp1BV35FBTv4aZVDwfnQLHbn2obQNWKoxRiV6h5dijcSICt5Ls=
=wHQT
-----END PGP SIGNATURE-----
pgp_TnVG9eQ8n.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
