Format: 1.8 Date: Wed, 10 Mar 2021 20:51:04 +0000 Source: flatpak Binary: flatpak flatpak-tests gir1.2-flatpak-1.0 libflatpak-dev libflatpak-doc libflatpak0 Architecture: arm64 Version: 1.0.9-0ubuntu0.3 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Andrew Hayzen Description: flatpak - Application deployment framework for desktop apps flatpak-tests - Application deployment framework for desktop apps (tests) gir1.2-flatpak-1.0 - Application deployment framework for desktop apps (introspection) libflatpak-dev - Application deployment framework for desktop apps (development) libflatpak-doc - Application deployment framework for desktop apps (documentation) libflatpak0 - Application deployment framework for desktop apps (library) Launchpad-Bugs-Fixed: 1918482 Changes: flatpak (1.0.9-0ubuntu0.3) bionic-security; urgency=medium . * SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file (LP: #1918482) - debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in desktop files. - debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@ prefix. - debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export .desktop files with suspicious uses. - CVE-2021-21381 Checksums-Sha1: dcfde1673298301e7637e06fda656d094e2a05c8 2913224 flatpak-dbgsym_1.0.9-0ubuntu0.3_arm64.ddeb 91c90c2e2f728f848cb4533d81c38db769312ed1 795200 flatpak-tests-dbgsym_1.0.9-0ubuntu0.3_arm64.ddeb fea979c596a51a4a83fcb7fef9a9c01b7fc3b529 210492 flatpak-tests_1.0.9-0ubuntu0.3_arm64.deb 9f2012d9c3767d4170983f306bfe7c195be0345d 14615 flatpak_1.0.9-0ubuntu0.3_arm64.buildinfo a5c14ee0d7d3da5f16f835db6ed8fbe8f319b06e 669120 flatpak_1.0.9-0ubuntu0.3_arm64.deb ef5fadff3a0dc1b145bf35adadfeeaa8c0eb02a9 9808 gir1.2-flatpak-1.0_1.0.9-0ubuntu0.3_arm64.deb a2559fc13c1ad062130d23cfa2984baf2da45242 27276 libflatpak-dev_1.0.9-0ubuntu0.3_arm64.deb bbd8af34bf710f0ce8de132ceee388ca131d2e70 885944 libflatpak0-dbgsym_1.0.9-0ubuntu0.3_arm64.ddeb 72baf6e4ffc4ad395d67a3b7d6fa98ad2ce82f0f 185524 libflatpak0_1.0.9-0ubuntu0.3_arm64.deb Checksums-Sha256: 65f06382b95c5340c9a704278d4035aaa710a388b5f5270337e49aa2f14fc494 2913224 flatpak-dbgsym_1.0.9-0ubuntu0.3_arm64.ddeb 9c790d8e69010d300d09149112c5c27c63c46ed32d40ec7e9169047715053ce1 795200 flatpak-tests-dbgsym_1.0.9-0ubuntu0.3_arm64.ddeb caeaa4da7147cf81c95878a6d96fb36caf7de60457210c4d8e31dbf922944aef 210492 flatpak-tests_1.0.9-0ubuntu0.3_arm64.deb aed1a9e8756d8ae9d350ae7d6ed6b5383ccc9a03e286554044ace00578194901 14615 flatpak_1.0.9-0ubuntu0.3_arm64.buildinfo 04beb377dbb116d008f3d993f2f0623ee19ef1c295452d598a5d29b2d6f76450 669120 flatpak_1.0.9-0ubuntu0.3_arm64.deb 29597da23e122123a93cc1895fc1e44b42b4876c8ecfc35f3756db77897593c5 9808 gir1.2-flatpak-1.0_1.0.9-0ubuntu0.3_arm64.deb 1c0c02a4240e5ca692af53962a4eed8fd71492dc49da114b9712453bb0390d06 27276 libflatpak-dev_1.0.9-0ubuntu0.3_arm64.deb 175c7c39a34687882b740cc8fbb64b817420e82a5e137f33d67fd8fd64e68ad6 885944 libflatpak0-dbgsym_1.0.9-0ubuntu0.3_arm64.ddeb 6f861c09c6aba332c53837d00d1a3cbd0ff60e2773b7c6f24951c1f02f9aca4e 185524 libflatpak0_1.0.9-0ubuntu0.3_arm64.deb Files: 65a612f5c21a16523e132db85ab0d81f 2913224 debug optional flatpak-dbgsym_1.0.9-0ubuntu0.3_arm64.ddeb 458b47520565db6f81cc81f5a2a64f01 795200 debug optional flatpak-tests-dbgsym_1.0.9-0ubuntu0.3_arm64.ddeb 2359b39b095c62595b1090eb423389e8 210492 misc optional flatpak-tests_1.0.9-0ubuntu0.3_arm64.deb cd1c9d76a7211926d2a968931bfbdd06 14615 admin optional flatpak_1.0.9-0ubuntu0.3_arm64.buildinfo 28d103ae1215f585d2f4a8fc05fc4a92 669120 admin optional flatpak_1.0.9-0ubuntu0.3_arm64.deb f76c621d95693ab2a209d0ca5089c919 9808 introspection optional gir1.2-flatpak-1.0_1.0.9-0ubuntu0.3_arm64.deb 1ff09a160eae512bac6ef512f4a764aa 27276 libdevel optional libflatpak-dev_1.0.9-0ubuntu0.3_arm64.deb 3522137076d6a40e31e61e539257f647 885944 debug optional libflatpak0-dbgsym_1.0.9-0ubuntu0.3_arm64.ddeb 8628b02ddfca209217554031f77cdc94 185524 libs optional libflatpak0_1.0.9-0ubuntu0.3_arm64.deb Original-Maintainer: Utopia Maintenance Team