Flatpak Pulseeffects is still using EOL branches

[rgbellotti]

I'm running Debian 13 with plasma desktop, and use the flatpak version of Pulseeffects to enhance my audio. It's sort of a legacy app as far as I know, but I like it's presets and plugins better than some of the modern alternatives that I've found.

Anyways, when updating flatpak I get the following warnings:

Info: runtime org.freedesktop.Platform branch 23.08 is end-of-life, with reason:
org.freedesktop.Platform 23.08 is no longer receiving fixes and security updates. Please upd
ate to a supported runtime version.
Info: applications using this runtime:
com.github.wwmm.pulseeffects

Info: runtime org.freedesktop.Platform.VAAPI.Intel branch 23.08 is end-of-life, with reason:
org.freedesktop.Platform 23.08 is no longer receiving fixes and security updates. Please upd
ate to a supported runtime version.
Info: applications using this extension:
com.github.wwmm.pulseeffects

Info: runtime org.freedesktop.Platform.GL.default branch 23.08-extra is end-of-life, with reaso
n:
org.freedesktop.Platform 23.08 is no longer receiving fixes and security updates. Please upd
ate to a supported runtime version.
Info: applications using this extension:
com.github.wwmm.pulseeffects

Info: runtime org.freedesktop.Platform.GL.default branch 23.08 is end-of-life, with reason:
org.freedesktop.Platform 23.08 is no longer receiving fixes and security updates. Please upd
ate to a supported runtime version.
Info: applications using this extension:
com.github.wwmm.pulseeffects

To my understanding, this means that Pulse Effects will continue to operate normally, but the outdated branches will be as-is and potentially unsafe. Is there an appropriate way to handle this situation such as maybe alternative versions or manually installing patches for newer platform branches?

 

[CaffeineAddict]

You can't manually install patches, this needs to be handled by pulseeffects maintainers.

Don't know if there is alternative but if you badly need pulseeffects I wouldn't worry about safety because pulseeffects is not networking application.

 

[KGIII]

I wouldn't worry about safety because pulseeffects is not networking application.

In theory it could have some privilege escalation bug, which can be combined with another exploit.

But, the odds of that are so minimal that I'd not worry about it (just like you said).

 

[CaffeineAddict]

In theory it could have some privilege escalation bug, which can be combined with another exploit.

Yes true, this applies to all software we install, there was a question on Unix SE about this and accepted answer was that we should install minimal amount of software on our computers to reduce exposure.

 

[KGIII]

Yes true, this applies to all software we install, there was a question on Unix SE about this and accepted answer was that we should install minimal amount of software on our computers to reduce exposure.

The smaller the footprint, the smaller the exposure. I don't actually worry about it too much. In this specific case, I wouldn't lose any sleep over it. While there are bugs and exploits that can be daisy-chained together, it's not a high risk.

I mean, they could go read the release notes for the updates they're not using. Odds are that they're likely just bug fixes for corner cases.