The patches for CVE-2021-43860 (aka GHSA-qpjc-vq3c-572j) include some test-cases, which are run during build and as part of the autopkgtest.
There is currently no automated test coverage for GHSA-8ch7-5j3h-g4fx. If possible I would recommend upgrading to 1.12.3 and 1.10.6, rather than backporting individual commits. The stable-branches are specifically there to be used by downstream distributions that want bugfix-only updates. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1957716 Title: Update for CVE-2021-43860 and second github advisory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1957716/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs