Format: 1.8 Date: Wed, 10 Mar 2021 20:51:04 +0000 Source: flatpak Binary: flatpak flatpak-tests gir1.2-flatpak-1.0 libflatpak-dev libflatpak-doc libflatpak0 Architecture: i386 Version: 1.0.9-0ubuntu0.3 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Andrew Hayzen Description: flatpak - Application deployment framework for desktop apps flatpak-tests - Application deployment framework for desktop apps (tests) gir1.2-flatpak-1.0 - Application deployment framework for desktop apps (introspection) libflatpak-dev - Application deployment framework for desktop apps (development) libflatpak-doc - Application deployment framework for desktop apps (documentation) libflatpak0 - Application deployment framework for desktop apps (library) Launchpad-Bugs-Fixed: 1918482 Changes: flatpak (1.0.9-0ubuntu0.3) bionic-security; urgency=medium . * SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file (LP: #1918482) - debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in desktop files. - debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@ prefix. - debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export .desktop files with suspicious uses. - CVE-2021-21381 Checksums-Sha1: 861893bf7d348f19373021ba57f57b9b739894fc 2329284 flatpak-dbgsym_1.0.9-0ubuntu0.3_i386.ddeb 7d3d533523b069d9b3a0a39fbdd89bd62c34bb6a 633188 flatpak-tests-dbgsym_1.0.9-0ubuntu0.3_i386.ddeb e1f4ae15a3e9e29eb967efc30e28ff6d82270708 270852 flatpak-tests_1.0.9-0ubuntu0.3_i386.deb 4a944c6ae114c0a75890e40ea51a1b325ff0bf24 14628 flatpak_1.0.9-0ubuntu0.3_i386.buildinfo 449c0bc8ca2bff56d06921cd29953f739936f2e5 789708 flatpak_1.0.9-0ubuntu0.3_i386.deb 5b8a369edcd1de0aa280bf56d81a9f201cae038a 9800 gir1.2-flatpak-1.0_1.0.9-0ubuntu0.3_i386.deb 5b4532ae6acc8c3e4d5aea56599d0945ed9ca7f1 27276 libflatpak-dev_1.0.9-0ubuntu0.3_i386.deb 399723ccca62a4e250f13c7efb334657bf15b642 703684 libflatpak0-dbgsym_1.0.9-0ubuntu0.3_i386.ddeb f93452a0356e84dee030b6d473181c879d5476e6 251732 libflatpak0_1.0.9-0ubuntu0.3_i386.deb Checksums-Sha256: c307d30464aef5651085aa9227de807fa320f737af928fe39d776f82c3f59dfc 2329284 flatpak-dbgsym_1.0.9-0ubuntu0.3_i386.ddeb e42df905ce7d6edcc978dc11da11034618b3c1c47a96641cc4b1f117ab544b50 633188 flatpak-tests-dbgsym_1.0.9-0ubuntu0.3_i386.ddeb c0f651cce1dbb6a49aa1d1dd196e4713056b47405fcd3f7092fe5e570830139a 270852 flatpak-tests_1.0.9-0ubuntu0.3_i386.deb f51dca8bbcd0e35a8aabe0dcc50ebe96fa254af809a37ec62e4c18afb0a5eb48 14628 flatpak_1.0.9-0ubuntu0.3_i386.buildinfo 099266915a2d73d275c9df57da937379b1e100f7fdd1ee689c24ec08ca90a2ff 789708 flatpak_1.0.9-0ubuntu0.3_i386.deb 9c40ac377e4ee9118afee3d6334ff575d346fd3cf26af986fd06227cbf25f13f 9800 gir1.2-flatpak-1.0_1.0.9-0ubuntu0.3_i386.deb b6674bde16c9c20113c6fd8d4621a1bac56f8f0fd1b9a39a111f4831b25c080c 27276 libflatpak-dev_1.0.9-0ubuntu0.3_i386.deb e693597d7a85af572d84c847665c09f4179b2676640b0bf1654c91a224cecc9e 703684 libflatpak0-dbgsym_1.0.9-0ubuntu0.3_i386.ddeb 0a753e2c398bb4ee2223854ac4510f18023e6cc06e8036d5682eef4712a82e4c 251732 libflatpak0_1.0.9-0ubuntu0.3_i386.deb Files: 83316dc6794dd4dcd0bc4344c1e8fcc3 2329284 debug optional flatpak-dbgsym_1.0.9-0ubuntu0.3_i386.ddeb f9f782831b3051e45fc45e5d2ca7844a 633188 debug optional flatpak-tests-dbgsym_1.0.9-0ubuntu0.3_i386.ddeb 05fee939ff05b441319116124065ffa0 270852 misc optional flatpak-tests_1.0.9-0ubuntu0.3_i386.deb 0344a781f248faaa5c91463dcf6635d9 14628 admin optional flatpak_1.0.9-0ubuntu0.3_i386.buildinfo 7502a441c1f380c08b703a4fc79acc2f 789708 admin optional flatpak_1.0.9-0ubuntu0.3_i386.deb 929e1b8cdbc691e2dea7f6dd5f8c829e 9800 introspection optional gir1.2-flatpak-1.0_1.0.9-0ubuntu0.3_i386.deb 4f1056987fe059aa0b5a0b55c7a44d9d 27276 libdevel optional libflatpak-dev_1.0.9-0ubuntu0.3_i386.deb 32aeefec666a7d06739b24c2cb6a2bbd 703684 debug optional libflatpak0-dbgsym_1.0.9-0ubuntu0.3_i386.ddeb fef153036e78e287f2fff851dee67a5e 251732 libs optional libflatpak0_1.0.9-0ubuntu0.3_i386.deb Original-Maintainer: Utopia Maintenance Team