[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6223-1] flatpak security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6223-1] flatpak security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Wed, 22 Apr 2026 08:43:27 +0000 Message-id: <[🔎] aeiKL1isynZ8uifq@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6223-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : flatpak CVE ID : CVE-2026-34078 CVE-2026-34079 Multiple security vulnerabilities were discovered in Flatpak, an application deployment framework for desktop apps, which could allow a Flatpak app to delete arbitrary hosts on the host or break out of the sandbox resulting in code execution in the host context. For the oldstable distribution (bookworm), these problems have been fixed in version 1.14.10-1~deb12u2. We recommend that you upgrade your flatpak packages. For the detailed security status of flatpak please refer to its security tracker page at: https://security-tracker.debian.org/tracker/flatpak Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnoiDkACgkQEMKTtsN8 TjauqhAAoDeD7cTvwSgToGICI5PvZpK54Z/2is0xb6FDInSOYAfmvRCw7aAjAHEE dzT5rGiMacgQPAGM6l3AQQiF3ekppy0F9Nt5UzwP4O+yxPCHqIpT+jV3K5yE3Fha tNtXeBV5B+iLDbtI3Uxern81diPIWvqe7eH8f+JEXgB2dRH4BHqwpVPZtP27xtPe +qAxuM0XoFPIXodKvnbG5x53qailca1qE+7bt1uNSxm/8pa24SxQ58lS6MSL/2tX tt28Qba0ehp11HFXCE69oqE0l3WqRBJiG70OoALyiYp6ODMfoBPdf103SYreToWp t28HGJpwTG1o/qH5zrzgFjdXrR9RlMds2GRx6Clm4vEgZ70eW6L3J1KCPlM1/N34 W0R13mpLnjZeXbXJbRRKYhvi3+9DAwZIHuiwGfpyzuH2asRpkk50mo4tTB+QwPCv bUdfje5dWqnDbrBXJ/SVND0OpH5ZCpPunjCjtAZ3FwqD/zVaHrTK8ujMuZG3lVxj Mqg3e0LXLwgeP9Aa8N5dpYshhnY6Mfn1MHPmvMByzhDKEF5xKhFfuX8XQ+wZfyAP MN0CMks+xHGdy3ItnccD/0e3vxhGfy7+KggwHwMYdc4GrztG7mBJs5bW+HBQhRh0 ivi+PEChbT22WI9ffR05Z8WoXieCAOpGIU4pOz+itlGEHf/op7A= =1JY4 -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6222-1] ngtcp2 security update Next by Date: [SECURITY] [DSA 6224-1] xdg-dbus-proxy security update Previous by thread: [SECURITY] [DSA 6222-1] ngtcp2 security update Next by thread: [SECURITY] [DSA 6224-1] xdg-dbus-proxy security update Index(es): Date Thread