Format: 1.8 Date: Wed, 10 Mar 2021 20:54:38 +0000 Source: flatpak Binary: flatpak flatpak-tests gir1.2-flatpak-1.0 libflatpak-dev libflatpak0 Architecture: armhf Version: 1.8.2-1ubuntu0.2 Distribution: groovy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Andrew Hayzen Description: flatpak - Application deployment framework for desktop apps flatpak-tests - Application deployment framework for desktop apps (tests) gir1.2-flatpak-1.0 - Application deployment framework for desktop apps (introspection) libflatpak-dev - Application deployment framework for desktop apps (development) libflatpak0 - Application deployment framework for desktop apps (library) Launchpad-Bugs-Fixed: 1918482 Changes: flatpak (1.8.2-1ubuntu0.2) groovy-security; urgency=medium . * SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file (LP: #1918482) - debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in desktop files. - debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@ prefix. - debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export .desktop files with suspicious uses. - CVE-2021-21381 Checksums-Sha1: a9d10547c39ed1cac76f871f0d2cc0b8488bb77f 4797640 flatpak-dbgsym_1.8.2-1ubuntu0.2_armhf.ddeb 2e700d7e65ed88e3eb3b03ae441ae990df6a8441 2244232 flatpak-tests-dbgsym_1.8.2-1ubuntu0.2_armhf.ddeb 763e11110eb1a8de0e697b0d2307947eb95b3593 422972 flatpak-tests_1.8.2-1ubuntu0.2_armhf.deb 0f2d1363bb0aec8d7faaa4af94f8d11199ec8c70 14681 flatpak_1.8.2-1ubuntu0.2_armhf.buildinfo 503efce81fcaa47b729332deaf670b909837c419 1022668 flatpak_1.8.2-1ubuntu0.2_armhf.deb 9c67623b6f6679f088d800d016b76ee0ade636bd 11416 gir1.2-flatpak-1.0_1.8.2-1ubuntu0.2_armhf.deb dc0a56a1a7c363e2b8dd2f8f63b6f9a28a253b0b 50216 libflatpak-dev_1.8.2-1ubuntu0.2_armhf.deb 768fcf54db316ac5acd208432d4fbc1da2011c0a 1194792 libflatpak0-dbgsym_1.8.2-1ubuntu0.2_armhf.ddeb 9887d941d2354ed3dba1eca4b0d3fe61db0f462b 248804 libflatpak0_1.8.2-1ubuntu0.2_armhf.deb Checksums-Sha256: f8ea1fed6dc274a6e80412335ef2a4926a7c833c748c6fa012e26a2ea7a3c7fa 4797640 flatpak-dbgsym_1.8.2-1ubuntu0.2_armhf.ddeb f71b2fdd1b59ce09d3d8be1f4ae51cad895b85dba476bfe12fa85a2eaef8a49a 2244232 flatpak-tests-dbgsym_1.8.2-1ubuntu0.2_armhf.ddeb acb4f264a485f27eff419ee2ae8959916e32b25abb64604c4c7ba5a639d4c99d 422972 flatpak-tests_1.8.2-1ubuntu0.2_armhf.deb 85485c6eba0e1175486be55bc6f4aac80773f4fcce710e9892685bd409420f9d 14681 flatpak_1.8.2-1ubuntu0.2_armhf.buildinfo 7c7d0f422383c5512be792545790f4587425f16c43f19877212a4e6144b21c46 1022668 flatpak_1.8.2-1ubuntu0.2_armhf.deb c277392a326dc1e9b7fa8566d89de1084941f0448811f0dbaa322297d68ea443 11416 gir1.2-flatpak-1.0_1.8.2-1ubuntu0.2_armhf.deb a72c2c55cf51452ec4cae9d793f9c4ff72503ea71e14d16341f5b8eebef35842 50216 libflatpak-dev_1.8.2-1ubuntu0.2_armhf.deb e7db28a38fc82fef3fa74de22089d7ee55463d1625c3638ec04e79bfaa053d42 1194792 libflatpak0-dbgsym_1.8.2-1ubuntu0.2_armhf.ddeb 1c0bb4722ba36d06968c21306777593f77ae7cf6b8e8b84f59b58a7e56cfdbf9 248804 libflatpak0_1.8.2-1ubuntu0.2_armhf.deb Files: 73e1c89b077035e5b210c1a33cd8cf18 4797640 debug optional flatpak-dbgsym_1.8.2-1ubuntu0.2_armhf.ddeb 854367290b59388b659fb29d65783ab6 2244232 debug optional flatpak-tests-dbgsym_1.8.2-1ubuntu0.2_armhf.ddeb 71f97896232ce81b20e87d70f00a3516 422972 misc optional flatpak-tests_1.8.2-1ubuntu0.2_armhf.deb e6f722b2f7ef46c94f00c0e621f97fad 14681 admin optional flatpak_1.8.2-1ubuntu0.2_armhf.buildinfo b4d3a36fb836588256a406d4d186f411 1022668 admin optional flatpak_1.8.2-1ubuntu0.2_armhf.deb 0a44b2e01cbbfdada5ede8b7629d22de 11416 introspection optional gir1.2-flatpak-1.0_1.8.2-1ubuntu0.2_armhf.deb 9b11ad56a4e3642d9c7d0dc3f8868f26 50216 libdevel optional libflatpak-dev_1.8.2-1ubuntu0.2_armhf.deb 2b1725944fea0196112cdef9d92270f0 1194792 debug optional libflatpak0-dbgsym_1.8.2-1ubuntu0.2_armhf.ddeb 7899a65c89a5b993fa8605ceb5f2c009 248804 libs optional libflatpak0_1.8.2-1ubuntu0.2_armhf.deb Original-Maintainer: Utopia Maintenance Team