Format: 1.8
Date: Tue, 14 Apr 2026 11:41:40 +0100
Binary: flatpak flatpak-dbgsym flatpak-tests flatpak-tests-dbgsym gir1.2-flatpak-1.0 libflatpak0 libflatpak0-dbgsym libflatpak-dev libflatpak-doc
Source: flatpak
Architecture: all amd64
Version: 1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007
Distribution: UNRELEASED
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Snapshot <snapshot@localhost>
Closes: 1132943 1132944 1132945 1132946 1132960 1132968
Description: 
 flatpak    - Application deployment framework for desktop apps
 flatpak-tests - Application deployment framework for desktop apps (tests)
 gir1.2-flatpak-1.0 - Application deployment framework for desktop apps (introspection)
 libflatpak0 - Application deployment framework for desktop apps (library)
 libflatpak-dev - Application deployment framework for desktop apps (development)
 libflatpak-doc - Application deployment framework for desktop apps (documentation)
Changes:
 flatpak (1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007) UNRELEASED; urgency=medium
 .
   * Snapshot build (local package)
 .
   [ Simon McVittie ]
   * Security update
   * d/p/CVE-2026-34078-prep/*.patch:
     Backport libglnx changes required to address CVE-2026-34078
   * d/p/CVE-2026-34078/*.patch:
     Fix a sandbox escape involving symlinks passed to flatpak-portal.
     A malicious or compromised Flatpak app could exploit this to achieve
     arbitrary code execution on the host.
     (CVE-2026-34078, GHSA-cc2q-qc34-jprg) (Closes: #1132943)
   * d/p/CVE-2026-34079/*.patch:
     Prevent arbitrary file deletion outside the sandbox by a malicious or
     compromised Flatpak app
     (CVE-2026-34079, GHSA-p29x-r292-46pp) (Closes: #1132944)
   * d/p/GHSA-2fxp-43j9-pwvc/*.patch:
     Prevent a local user from reading any file that is readable by the
     _flatpak system user. A mitigation is that it would be very unusual
     for these files not to be readable by the original local user as well.
     (No CVE ID, GHSA-2fxp-43j9-pwvc) (Closes: #1132946)
   * d/p/GHSA-89xm-3m96-w3jg/*.patch:
     Prevent a local user from making another local user unable to cancel
     an ongoing download of apps or runtimes installed system-wide
     via the system helper.
     (No CVE ID, GHSA-89xm-3m96-w3jg) (Closes: #1132945)
   * d/p/portal-Use-G_LOCK_DEFINE_STATIC.patch,
     d/p/portal-Don-t-run-method-invocations-in-a-thread.patch:
     Add patches from upstream flatpak-1.14.x branch (which never got into a
     release before the branch was discontinued), originally from 1.16.1,
     fixing a thread-safety issue in flatpak-portal
   * d/p/1.16.5/*.patch:
     Add regression fixes taken from the upstream 1.16.5 release,
     fixing various regressions introduced by fixing CVE-2026-34078
     and improving test coverage
     (Closes: #1132960)
   * d/p/1.16.6/*.patch:
     Add regression fixes taken from the upstream 1.16.6 release,
     fixing additional regressions introduced by fixing CVE-2026-34078
     and improving test coverage
     (Closes: #1132968)
     - d/control: Add curl(1) to Build-Depends and flatpak-tests Depends
   * d/p/1.16.7/bwrap-Clarify-a-comment.patch,
     d/p/dir-Silence-a-spurious-warning-when-installing-extra-data.patch:
     Silence a spurious warning seen while testing 1.16.6
 .
   [ Snapshot ]
   * snapshot: commit 28e0cd007 (14 commits after 1.14.10-1~deb12u1)
Checksums-Sha1: 
 ebc6da648ba3ea26fae86c7bba85f917d2b26cd8 6732716 flatpak-dbgsym_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 32a3debc40ceeeb7d913e8a4601c3d9686b70ca5 10554900 flatpak-tests-dbgsym_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 d9ec29915878c172e5178c96f4afcbf1cd777d65 1200076 flatpak-tests_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 c3102e7d575f5ef814d7800478c19e31e4600e38 14778 flatpak_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.buildinfo
 015d3c6fdab902f4726cb3f20792a8c9d449e0d8 1407092 flatpak_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 bde29b2cb8e4f3fb6643e7f746f5228267e784d9 25996 gir1.2-flatpak-1.0_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 92dcf498b357f055d9154cd18dfff4c4bda8b61f 69408 libflatpak-dev_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 b32fc27306de89698affadf150bde3e25f34732f 1566104 libflatpak0-dbgsym_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 08909b95611ceed90fa17c5f2e7884af775083ae 369188 libflatpak0_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 74748dd84ac25920f12d7a1795fd8db64c33942f 12168 flatpak_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_all.buildinfo
 0f8629f31db69c735a2faf571e0af34d5e4f1ea5 131012 libflatpak-doc_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_all.deb
Checksums-Sha256: 
 00d45b0277654281f5e5492bb358d57572a88928ef808866e8872078f659388b 6732716 flatpak-dbgsym_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 476ce85db1e8d92d1290ae529fff0bb48f399cac3b89df69215838a3b11c5a64 10554900 flatpak-tests-dbgsym_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 8f7b0dee4429fb6d979345d46cef33aec841793ddb0b32d60318b66a175f84fa 1200076 flatpak-tests_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 af6c72e6fbf9d761e4cc4995fe4c58061a4158e28352b38db615519b8364e89a 14778 flatpak_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.buildinfo
 44cf81a40ebfa8774814e108a980f58e241a1ac126945699bcd19f4cb9fdd00e 1407092 flatpak_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 3c8cbf326955b597db0a67445b4021d02102b87d4f55da411400e5ab7ba7905c 25996 gir1.2-flatpak-1.0_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 7ba190bbbfc22b9a4322cbfc15d2d73201389d26ea566791d459c34f69ff984b 69408 libflatpak-dev_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 aed4327678672237937230c2a8cf44c65993b62d7b5a79f1c2b07a0f671b2db1 1566104 libflatpak0-dbgsym_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 cc8ee17cbfc2e601d9917de062508a961c142b0ff9639c5f2acbea28c1255ad6 369188 libflatpak0_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 6c4668373e37a76a37004a32b2c11b7d7a252c197898093198bf3482164dbbc6 12168 flatpak_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_all.buildinfo
 b52840f769a30fd42def672071736f8df189ecd038f84a96abad4577569efd2e 131012 libflatpak-doc_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_all.deb
Files: 
 a85785861616f47928e8133b3ba6e22a 6732716 debug optional flatpak-dbgsym_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 03809ab7263c7f7da160bc1353666038 10554900 debug optional flatpak-tests-dbgsym_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 fc818738156f4454c475c219883aba37 1200076 misc optional flatpak-tests_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 14fe14e7f34429ed18c4d87c3c92959d 14778 admin optional flatpak_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.buildinfo
 de98684a3ee7509e392c98fb928a7f6c 1407092 admin optional flatpak_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 4b3ca8c51fd261aaeb453be165880e90 25996 introspection optional gir1.2-flatpak-1.0_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 8c9f05f6cfd62a1a7a869d370d0aa9f2 69408 libdevel optional libflatpak-dev_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 1fd61466fb9c20548fdede829c00d0af 1566104 debug optional libflatpak0-dbgsym_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 71b6d9710e4194fb086d7508787219aa 369188 libs optional libflatpak0_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_amd64.deb
 d1d500433933527dac163ad4b507de87 12168 admin optional flatpak_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_all.buildinfo
 3e6e5a7d27daa8a91482142169630e37 131012 doc optional libflatpak-doc_1.14.10-1~deb12u2~1~deb12u1+14+g28e0cd007_all.deb