* Simon McVittie: > My guess is that the security team is not interested in issuing a DSA > for this vulnerability and would prefer me to issue a stable update > (I'm going to ask the SRMs whether they'll accept 0.8.8 into stable, > and if not, propose a 0.8.7-2~deb9u2 version). Is my guess correct?
This is not a vulnerability because Flatpak applications set their own sandboxing policy, so no trust boundary is crossed.