Accepted flatpak 1.15.4-1 (source) into experimental
- To: debian-devel-changes@lists.debian.org, debian-experimental-changes@lists.debian.org
- Subject: Accepted flatpak 1.15.4-1 (source) into experimental
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 16 Mar 2023 15:05:15 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: flatpak_1.15.4-1_source.changes
- Debian-source: flatpak
- Debian-suite: experimental
- Debian-version: 1.15.4-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=viiNi05aNhHYQX/aEs2XCkV0pCLCPNJdcQKYAmjRaFY=; b=COBFWZg04Lz53tgp1kKfopGfy7 /DK55OP87igO/gf8mpHhA8vvQmLSOn/VoyFGbfoUYPMrcGdWvwKe+1kI7QZ2PVgOJQU0twGDS8d+A aX7bkkvc4dEwCPfIlJmFmDHAsAWnu04tZXAnrtwPkmFM+VZFoXEQghNjY5NIbLOkDnffNO8OdXhco n/6In6BauYzdy7T9o/PirRFUit6lDaVZoBEYO1Lua4s60kEzzbzwmPloxbTIiTYxiqbChkx2kPDiY cVstgnVbxZJWuAT5S5ctcR3RqB4BzDbylnwaZU68hlglLcYCd93PK68XOgymqPIaJDjxU1qTjqzdW 0qBYh8PA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pcpAJ-00BnSo-4U@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 16 Mar 2023 10:41:58 +0000
Source: flatpak
Architecture: source
Version: 1.15.4-1
Distribution: experimental
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Changes:
flatpak (1.15.4-1) experimental; urgency=medium
.
* New upstream development release
- Escape special characters when displaying permissions and metadata,
preventing malicious apps from manipulating the appearance of the
permissions list using crafted metadata (CVE-2023-28101)
- If a Flatpak app is run on a Linux virtual console (tty1, etc.),
don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
Note that this is specific to virtual consoles: Flatpak is not
vulnerable to this if run from a graphical terminal emulator such
as xterm, gnome-terminal or Konsole.
* Merge packaging from unstable
Checksums-Sha1:
45063377bdda1c43051b01ce51c91e9509e924d3 3642 flatpak_1.15.4-1.dsc
8b08ae85c70dbf68d7bf575aae0cddbd515b8f92 1271428 flatpak_1.15.4.orig.tar.xz
17628be8469c62d165a2bc98621941a2a7bb98d9 34752 flatpak_1.15.4-1.debian.tar.xz
ec45524b05a9975951d3f450a3f4d9115757fb76 11677 flatpak_1.15.4-1_source.buildinfo
Checksums-Sha256:
eb84ac2efe94bf5010d7a685fe4cc870ea43eb53ee6b69b7dd01439df2082116 3642 flatpak_1.15.4-1.dsc
bef695d893d1e0239a68441d6b328edeb6d1e58a902c92f9278e94da914ab91f 1271428 flatpak_1.15.4.orig.tar.xz
ac721b5177c6f777ee26f74824bfc0005c60f5d5816749329c9fa75065508ba8 34752 flatpak_1.15.4-1.debian.tar.xz
71a2009c8baef0311159f3f62e6728a251f512b833e1bb5cd1f35c300a5a126f 11677 flatpak_1.15.4-1_source.buildinfo
Files:
2be72b0c71074d33a92f0a161dc36d5b 3642 admin optional flatpak_1.15.4-1.dsc
95506cfc52eb886ad00e17914071b808 1271428 admin optional flatpak_1.15.4.orig.tar.xz
2a04989a9d58d324d5d223481a408aac 34752 admin optional flatpak_1.15.4-1.debian.tar.xz
1796453bac5e762f101eb98889227225 11677 admin optional flatpak_1.15.4-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmQTLRgACgkQ4FrhR4+B
TE+0Fg/+NDNB+YyVFQCzwqm3Z0vPHodtgI4mCdfmPhz9R65+38fixZLHmQN5G/nC
fFDzymNS/SPkt7C4munrkOwHpUC3/+UOBXXdQseFXwgKQ22f90bJl1rXkN3vmDJs
Q34iLxq/UMOOJACK7J8dnZiMah+EkdMQ4c6JMjlLo9x+VZLeMcCkrSZbu7pYHj0h
bIKwWXLLINQVV/BtXhb7lwL9hk22uHkY4MxzdEqUXJPWqxlIb4l8oB58GNsAdWRi
nxLb29r/gIxQoI3E6m8yf+sOxi1gE6MJYxFXrAcoVja7isZd2Dnj3OfVlIV3//TF
ZpUTdjB468c3MMrOKyhig2YozlYwdEYpXjYajGEHYdym8H126VT/j56bTyYKjg+m
pPnUWaaj7tafEOKk1yQRJovRk8uea3amqtS+klI4Rt+Aro/RXNosGCzjYRtfNRNz
PxXF4aGX8XpNfvwb7v1HfDp6u7cVMWlna9D4iy0O8daAsw+xFK8fkCmRfqktIxJt
HOpsfeSvF/LUDfm5dpdu42lA6gTknE6qr99zRjR3cLQZXiD6+1CQyUEB3RwPXTub
b2JJNU6myJK6HKiDG7H60vy9OoFeKBy0iui9yz3F4Y4l3B1BDczA71ly9Fo78WXi
E7IGc38FTVyUgw4zo8XfXHTMMGMNPTM2I+JM9hyNMQQcvHP1bXg=
=bujT
-----END PGP SIGNATURE-----