-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3895-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 22, 2017                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : flatpak
CVE ID         : CVE-2017-9780

It was discovered that Flatpak, an application deployment framework for
desktop apps insufficiently restricted file permissinons in third-party
repositories, which could result in privilege escalation.

For the stable distribution (stretch), this problem has been fixed in
version 0.8.5-2+deb9u1.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.7-1.

We recommend that you upgrade your flatpak packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAllMARwACgkQEMKTtsN8
TjbZ6hAAoKoaQJvsB3JLNm0oIhMJ6FLNDZhBRBH7uD1DWOZAVk+YNK/m+4Q0O9yq
+w1TrsFHI1MYhM/FSXhVP4L2RENaGGCYscpZLxRVOi0AuYprjsFL49LKqZC8RdQY
VaUlJWl90R2WPZcNSmuI2Q3reav6nPxDPdZfb2PK8Drg7JVda2DroJk/PF6gql7P
+4JZ4FoPgCjb6q9yZQWypJ74lBLYEBkQT3I/4iOnLHNU3iOiZ2XsIo7d/kvMmH7q
EldGivROFw3t9q/MlyaIYaeh6UOBg0C6aijJczVwhWlQ8G7jOSUrlN8DnsbX/2Wu
x5yaAkZFnur0F1FQ3zJoH9sKLkjCWOw0UlRhf2AV1HXuptvjB0De7R6km2g4cFbv
ykPL0ljHbdUNG9DlXQpr+yUSPeqh7d16Qhwhf8QBgcRlbo4Q7Z536k77G33bQask
D0r4HZ3GH/SizY4eX2smDGGdZ51YarqJvt5t18+E4r5vwe8/wd9zBadf9/iuMK5B
rUiQ1QbaEC2xwXKMe2sxnC1PLAW8Xqx8Vwb6SFeRqFQIGe1F1FnBSxONjMUgx6Z/
l3NUdLqyVBfjrS5paL113a4sWtskwO9NHTpQnJBD4hXDLTLi6kdR4aQfFhDf3dd4
wgai9t5njMLkFjPpQE2GcZ+Aite8ylDovudXYAVuOjW7sNNFz+A=
=StXu
-----END PGP SIGNATURE-----