Comment 0 for bug 1657357

Another bubblewrap security issue. This has been fixed in Debian and upstream in both bubblewrap and Flatpak which need to be updated at the same time.

I've been wanting to update Flatpak to 0.8 anyway (LP: #1656712) since December but was waiting to get bubblewrap taken care of first to make it simpler. Now I guess we'll do it all together.

There are three affected packages in yakkety:
- bubblewrap
- flatpak
- ostree (new version needed for new flatpak)

I'll attach debdiffs here for them.

I propose we do like the last bubblewrap update and build these as security updates but age them for 7 days first like SRUs.