-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 17 Apr 2024 19:39:48 +0100
Source: flatpak
Binary: flatpak flatpak-dbgsym flatpak-tests flatpak-tests-dbgsym gir1.2-flatpak-1.0 libflatpak-dev libflatpak0 libflatpak0-dbgsym
Architecture: amd64
Version: 1.14.4-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 flatpak    - Application deployment framework for desktop apps
 flatpak-tests - Application deployment framework for desktop apps (tests)
 gir1.2-flatpak-1.0 - Application deployment framework for desktop apps (introspection)
 libflatpak-dev - Application deployment framework for desktop apps (development)
 libflatpak0 - Application deployment framework for desktop apps (library)
Changes:
 flatpak (1.14.4-1+deb12u1) bookworm-security; urgency=high
 .
   * d/p/When-starting-non-static-command-using-bwrap-use.patch,
     d/p/test-run-Add-a-reproducer-for-CVE-2024-32462.patch:
     Don't allow an executable name to be misinterpreted as a command-line
     option for bwrap(1). This prevents a sandbox escape where a malicious
     or compromised app could ask xdg-desktop-portal to generate a .desktop
     file with access to files outside the sandbox. (CVE-2024-32462)
   * d/gbp.conf: Use debian/bookworm packaging branch
Checksums-Sha1:
 66c351e651096ffc1e36611a79371401c4a41b7d 6612908 flatpak-dbgsym_1.14.4-1+deb12u1_amd64.deb
 be9d4935bada59f0453971964995d5c76abf1a32 10349980 flatpak-tests-dbgsym_1.14.4-1+deb12u1_amd64.deb
 dcbe78bb9ae4c9ad91f553eaf2b21f0d150b9c4c 1177764 flatpak-tests_1.14.4-1+deb12u1_amd64.deb
 393684070e72fed02ac8157b356d0f093884dfbb 14367 flatpak_1.14.4-1+deb12u1_amd64-buildd.buildinfo
 eb78a31c73738a8d4a1ddd3d736b8fac40a6fa66 1392412 flatpak_1.14.4-1+deb12u1_amd64.deb
 8292b68a20ef037a58044afaed884f2022b4f4fa 23020 gir1.2-flatpak-1.0_1.14.4-1+deb12u1_amd64.deb
 90d9a2b58b33c4d5b434e42398efadf2cf14d6f5 66416 libflatpak-dev_1.14.4-1+deb12u1_amd64.deb
 c0661337e4dabea18b7703a1b2e644fab3ab7ee0 1535184 libflatpak0-dbgsym_1.14.4-1+deb12u1_amd64.deb
 dd47d21128827432281ed732398ee869e328c7d9 360032 libflatpak0_1.14.4-1+deb12u1_amd64.deb
Checksums-Sha256:
 95a735365c4a0792c53d4c2ac7ce8894537b5b2495e41fdb4ff918406bef2b15 6612908 flatpak-dbgsym_1.14.4-1+deb12u1_amd64.deb
 275c669be12c935b5cee80e3dd5932fcf0d17db56c2a0c091b33e818176654c3 10349980 flatpak-tests-dbgsym_1.14.4-1+deb12u1_amd64.deb
 f9c1c667ac9d8eee665b658365685882e33f5de8b98f808df84b65bf8ace8280 1177764 flatpak-tests_1.14.4-1+deb12u1_amd64.deb
 b05f925aac2efb52d2449ddd38964c1547f176a015c9cb6b7b78e07e2d1c0776 14367 flatpak_1.14.4-1+deb12u1_amd64-buildd.buildinfo
 24e2138053b907d2f98efc6d2bf78de269feb5844627a4f55334eb70c6de71a0 1392412 flatpak_1.14.4-1+deb12u1_amd64.deb
 11bb184b57f3d4cec1666c7650471294004ea3858ca519550a7fb1287e0a4cc2 23020 gir1.2-flatpak-1.0_1.14.4-1+deb12u1_amd64.deb
 7898e46130ac797d5616c5262ad505fae27b0fb588d6d2f8ae3d9bbfa2dd8735 66416 libflatpak-dev_1.14.4-1+deb12u1_amd64.deb
 2d7598248d725756e88c89da875ba46a5ef3aa194494fa5bf476405e785f1bb5 1535184 libflatpak0-dbgsym_1.14.4-1+deb12u1_amd64.deb
 a0ce69fd01c9ed8ed8945ca46316f76ba436339a1d76d86e13a4fb32e8627d4b 360032 libflatpak0_1.14.4-1+deb12u1_amd64.deb
Files:
 6b6adb9fb5c92c203a1f3298b046a611 6612908 debug optional flatpak-dbgsym_1.14.4-1+deb12u1_amd64.deb
 d142d6417a37830cb79bd9142f57fa34 10349980 debug optional flatpak-tests-dbgsym_1.14.4-1+deb12u1_amd64.deb
 8d899cadd7aea75414d620aaa12cb9f2 1177764 misc optional flatpak-tests_1.14.4-1+deb12u1_amd64.deb
 33ba6736375317c201fa4897436b41ce 14367 admin optional flatpak_1.14.4-1+deb12u1_amd64-buildd.buildinfo
 0054a76d7ed419d6da764e8f32c0cdef 1392412 admin optional flatpak_1.14.4-1+deb12u1_amd64.deb
 3d2589916d9e457784e6895ed9734f05 23020 introspection optional gir1.2-flatpak-1.0_1.14.4-1+deb12u1_amd64.deb
 ecf46fd3c07283451485da3871e78e31 66416 libdevel optional libflatpak-dev_1.14.4-1+deb12u1_amd64.deb
 6b5c49b0651c08642f966ca4ca43a23a 1535184 debug optional libflatpak0-dbgsym_1.14.4-1+deb12u1_amd64.deb
 2f0e3a7a03b9684b20156d468f4adc04 360032 libs optional libflatpak0_1.14.4-1+deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgdRoRGwEM09wlaMzOni7ZmUpKEcFAmYhclIACgkQOni7ZmUp
KEe1vRAAs2yFq7U/0KDqG83JPSnZ1daTumTed2cF5zmXjmrrMjWRXhfKDZSt1VAf
nJVaBAXIGj4P0TJiOtf3BW3QIpRFj5L3CPnNqRUTEDXl1SMpjiVfOkKuz4WdvOU4
UUzlJiA1YxR2kzrv7Rz5LeIB3X2UiTw3oYwRJB4bMqlTL/EgIBfjmmMHVdRpG5va
+el/o5mz7pOQflzKmKIr9xr38T0nnRLn+gNeQfJY3mGMMj/WilfREgWG5S/dCmnS
jqzlFlfSjIoINqMyIddKIsmPwgwQc9o852QTisoQ7AEyNLXpuXMLKg5g341det7q
IJdsXmjSdCpON1F/doArwkq13NLEYd8XsrUHi3sE5R/pMQggHEQK8u5jvZqT85s5
kn3YpxLJqOdWQyCMZcyfSGETRaSj0UP5DzBvEg0FtH2J2BisY4ylYD4FS/BFxu6F
THumommxA1WK/UzA040YEzA5G/Oo50beHYD6f6+RRicSfWcQjpInHW71jDkeEiOr
eR4EepFR4VHMhLEuAjtaWQi1vgOyW4KEOFQEtq0CjiCy+zQ1NeptqSYrjyMTbDH6
zaURYiIbUEzpHyAgOd84dVBDq7TE75mMPNk5V/0Mcvqjsm6BnfpFWqMCcZJNvmx6
mkJjHz7NWzPy2JooZObKS/YdOm1ac208TAJJdANdF7INw0xX5K8=
=7AQY
-----END PGP SIGNATURE-----