(https://nvd.nist.gov/vuln/detail/CVE-2019-12589): In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. Upstream Reference: https://github.com/netblue30/firejail/issues/2718 Upstream Patch: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134 Gentoo Security Padawan (domhnall)
This "was fixed in 0.9.60, 0.9.56.2-LTS" [1]. [1]: https://firejail.wordpress.com/download-2/cve-status/ Maintainer, do you intend to bump the LTS release?
Hi Aaron, yes the ebuild of the firejail LTS version was bumped to 0.9.56.2. Best regards, Dennis
Repository is clean, all done!