Description: "flatpak since 0.9.4 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions." Please bump to 1.10.2.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1015a3fd27008c326e7bd12b5f754ed663b6fdd commit f1015a3fd27008c326e7bd12b5f754ed663b6fdd Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-03-11 07:10:50 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-03-11 07:10:59 +0000 sys-apps/flatpak: Bump to version 1.10.2 Bug: https://bugs.gentoo.org/775365 Package-Manager: Portage-3.0.17, Repoman-3.0.2 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 1 + sys-apps/flatpak/flatpak-1.10.2.ebuild | 101 +++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+)
So, should this be stabilised now...?
Yes, please stablilize.
amd64 stable
arm64 done
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Unable to check for sanity: > no match for package: sys-apps/flatpak-1.10.2
Unable to check for sanity: > no match for package: sys-apps/flatpak-1.10.5
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=774692af49b616797706937b258815617e132c83 commit 774692af49b616797706937b258815617e132c83 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-23 09:05:21 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-23 09:05:57 +0000 [ GLSA 202312-12 ] Flatpak: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/775365 Bug: https://bugs.gentoo.org/816951 Bug: https://bugs.gentoo.org/831087 Bug: https://bugs.gentoo.org/901507 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-12.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+)