Tracking bug for flatpak April security update

This bug was fixed in the package flatpak - 0.8.5-1

---------------
flatpak (0.8.5-1) unstable; urgency=medium

  * New upstream bugfix release
  * Upstream security fixes:
    - dbus-proxy: Fix a use-after-free (no specific exploit is known)
      and several memory leaks
    - system-helper: Correct the check that was meant to prevent
      unprivileged users from downgrading system-wide-installed apps
    - Do not allow downgrading apps to validly-signed older versions
      unless a specific older version is requested, so that a
      man-in-the-middle cannot cause a downgrade to an older app
      version with a vulnerability
  * Other upstream fixes:
    - Increase GLib build-dependency to 2.44 (in practice this was
      already required, there is a patch in jessie-backports to
      relax this)
    - Collect system extension references from all system directories,
      not just the first that exists (upstream issue 654)
    - Stop using ostree trivial-httpd, which is not available in
      post-stretch ostree (upstream issues 658, 723)
    - Be build-time compatible with post-stretch ostree (upstream
      issue 756)
    - Strip ?query suffix before detecting whether a URI points to a
      .flatpakref or .flatpakrepo file (upstream issue 659)
    - Fix a typo in help output
  * d/tests/control: most tests now require python, for the
    ostree-trivial-httpd replacement

 -- Simon McVittie <email address hidden> Mon, 03 Apr 2017 16:35:44 +0100

flatpak (0.8.4-3) unstable; urgency=medium

  * Mark the one remaining patch as applied in 0.9.1
  * Upload to unstable

 -- Simon McVittie <email address hidden> Wed, 15 Mar 2017 18:43:51 +0000