Simon McVittie uploaded new packages for flatpak which fixed the
following security problems, the same as in DSA 6207-1:
* CVE-2026-34078, which allowed a Flatpak app to break out of the
sandbox, resulting in code execution in the host context
* CVE-2026-34079, which allowed a Flatpak app to delete arbitrary
files on the host system
* GHSA-2fxp-43j9-pwvc, which allowed a local user to read any file
that is readable by the `_flatpak` system user
* GHSA-89xm-3m96-w3jg, which allowed a local user to interfere with
another local user's ability to cancel an ongoing download
For the bookworm-backports distribution, the problems have been fixed in
version 1.16.6-1~deb13u1~bpo12+1.