Summary: | <sys-apps/flatpak-{1.10.5,1.12.1}: sandbox bypass (CVE-2021-41133) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jannik Glückert <jannik.glueckert> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sam, zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=819522 | ||
Whiteboard: | B4 [glsa+] | ||
Package list: |
sys-apps/flatpak-1.10.5
|
Runtime testing required: | --- |
Bug Depends on: | 813111 | ||
Bug Blocks: |
Description
Jannik Glückert
2021-10-08 12:12:09 UTC
*** Bug 817023 has been marked as a duplicate of this bug. *** The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=212064d519c5f273a96132a882db1cec637e6416 commit 212064d519c5f273a96132a882db1cec637e6416 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-10 03:51:30 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-10 03:51:37 +0000 sys-apps/flatpak: Remove vulnerable Bug: https://bugs.gentoo.org/816951 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 3 - sys-apps/flatpak/flatpak-1.10.0.ebuild | 101 --------------------------------- sys-apps/flatpak/flatpak-1.10.2.ebuild | 101 --------------------------------- sys-apps/flatpak/flatpak-1.11.1.ebuild | 101 --------------------------------- 4 files changed, 306 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=643ed442b2c41f32abca8a64ac63ea95c0b2e1fa commit 643ed442b2c41f32abca8a64ac63ea95c0b2e1fa Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-10 03:49:34 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-10 03:49:46 +0000 sys-apps/flatpak: 1.12.1 bump Bug: https://bugs.gentoo.org/816951 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 2 +- sys-apps/flatpak/{flatpak-1.11.3.ebuild => flatpak-1.12.1.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd8077153c0440912e3101b6cfec76e3baec103f commit cd8077153c0440912e3101b6cfec76e3baec103f Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-10 03:45:45 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-10 03:46:22 +0000 sys-apps/flatpak: 1.10.5 bump Bug: https://bugs.gentoo.org/816951 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 2 +- sys-apps/flatpak/{flatpak-1.10.3.ebuild => flatpak-1.10.5.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47ec7bcf87397307bd7056b71b03188358bab2ff commit 47ec7bcf87397307bd7056b71b03188358bab2ff Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-10 04:28:43 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-10 04:31:29 +0000 sys-apps/flatpak: Re-add stable version 1.10.2 Bug: https://bugs.gentoo.org/816951 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 1 + sys-apps/flatpak/flatpak-1.10.2.ebuild | 101 +++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) amd64 stable x86 stable arm64 done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0a3f1fe69f7811ee8eb1d202c6a1e7da81d1a9f commit b0a3f1fe69f7811ee8eb1d202c6a1e7da81d1a9f Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-11 00:50:59 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-11 00:51:06 +0000 sys-apps/flatpak: Remove vulnerable version 1.10.2 Bug: https://bugs.gentoo.org/816951 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 1 - sys-apps/flatpak/flatpak-1.10.2.ebuild | 101 --------------------------------- 2 files changed, 102 deletions(-) Thanks Zac! Unable to check for sanity:
> no match for package: sys-apps/flatpak-1.10.5
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=774692af49b616797706937b258815617e132c83 commit 774692af49b616797706937b258815617e132c83 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-23 09:05:21 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-23 09:05:57 +0000 [ GLSA 202312-12 ] Flatpak: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/775365 Bug: https://bugs.gentoo.org/816951 Bug: https://bugs.gentoo.org/831087 Bug: https://bugs.gentoo.org/901507 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-12.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) |