-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 18 Apr 2024 18:17:20 BST Source: flatpak Architecture: source Version: 1.10.8-0+deb11u2 Distribution: bullseye-security Urgency: high Maintainer: Utopia Maintenance Team Changed-By: Simon McVittie Changes: flatpak (1.10.8-0+deb11u2) bullseye-security; urgency=high . * d/p/When-starting-non-static-command-using-bwrap-use.patch, d/p/test-run-Add-a-reproducer-for-CVE-2024-32462.patch: Don't allow an executable name to be misinterpreted as a command-line option for bwrap(1). This prevents a sandbox escape where a malicious or compromised app could ask xdg-desktop-portal to generate a .desktop file with access to files outside the sandbox. (CVE-2024-32462) Checksums-Sha256: 522a4021f1e3e004134f697c9af03d215f4c821585aac5fc451976a9ed690be4 3564 flatpak_1.10.8-0+deb11u2.dsc 65569dbf31344581a1e7782d09e702bb41e7011ae21cd021c414a2925f84b82c 1531752 flatpak_1.10.8.orig.tar.xz 2f4d3e8ed738dd5bfe531de6bd29ff7b1e9ec24db228b327298761c2b290093c 33824 flatpak_1.10.8-0+deb11u2.debian.tar.xz 1f8d5fd6cf89e161a1b04154e0b05b989283574347b2bc7e7bc2d8c595f4ab6e 12517 flatpak_1.10.8-0+deb11u2_source.buildinfo Checksums-Sha1: afe14c8e0e8fb474fd651fa2ccad6fbcf19ca05d 3564 flatpak_1.10.8-0+deb11u2.dsc 89420d434afa1d3bb9c43450935fd13e37ddc439 1531752 flatpak_1.10.8.orig.tar.xz 89b2af4d09ae8a352324240d0b3ecce12cf76190 33824 flatpak_1.10.8-0+deb11u2.debian.tar.xz 52e1ac5a563d5d2aa8b664699958028b7cd9ea55 12517 flatpak_1.10.8-0+deb11u2_source.buildinfo Files: 9e9c1c923ba858dc532342040160ebfb 3564 admin optional flatpak_1.10.8-0+deb11u2.dsc 25ee921580f591e87b1a8a476026e67f 1531752 admin optional flatpak_1.10.8.orig.tar.xz 1b9a399fcfc2ea9f454ffdf985615606 33824 admin optional flatpak_1.10.8-0+deb11u2.debian.tar.xz bed1e30c3ba19ad8819e7e0cc94f614e 12517 admin optional flatpak_1.10.8-0+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmYhbU4ACgkQ4FrhR4+B TE8gYw/7B+DviQj6w1TX9WOwcnHwBmNJVWq2D2Aww306jtsoakbTdrkKmclYqQFW /+egEYN9LCa/pY9qWe3gZJMNVpruTpY2E59shsQ+5xQyRzHR28kTn90wXGLdMD6E isIg5Au4f6s+d/qYBy2eAxehSRHAci1St5WDtaYdcvPy2Hx+fsFSUSMi8rm4G69i PlkM5KpxEa8FPwjCaHBSlzJY67RWzToD4LlGEnDzwDXRxsmBYcaj1GpL9jkJfX4Q sug/VvQhuL9LNOaDPSjdjdoAYzwR9kxPGkb20T6kpweDHGA9q0VnxmzurmAIiUZy Prcd0EKbNB0DzIJjctj6czISCjyHSiYrXJudWyqyHmsJKW8lndtVX8f01orUqTYM OcUDjSZrQfsmioZ+YYm8CFYUtMEUMWh20/gaSfCQA9UzJ4fskiVb9/mSIg4C0/bs 9n0BWEhX4uPqyVeUkVXdDZswXa8E/u/kWjYd9cUP947CGGPi8PNXQu0k19WUKR+5 ROkchw6+URvKVwoxNHEwRld2JoKClrqm4faUXy3WTaIHlwqDXe6sPuNqor7Eem+u WZZ0fWH167FMD3csPAjWKmJEEqIYW3uSRbkNbpAGV3MmvSJUs4Cx4jMKMmH2o6ql 9jcULTT5vcRNaiJpPGlt2RyfEasbc8sNjvkmOhuEiVocw7fSiAE= =3Xwn -----END PGP SIGNATURE-----