Summary: | <sys-apps/flatpak-{1.12.8,1.14.4}: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | sping, zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=901393 | ||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 904539 | ||
Bug Blocks: |
Description
Sam James
2023-03-16 19:57:59 UTC
Please bump to 1.10.8/1.12.8/1.14.4. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fdbb6a78c2d7c6801ddc668091f8140a16c32a0d commit fdbb6a78c2d7c6801ddc668091f8140a16c32a0d Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2023-03-17 00:11:57 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2023-03-17 00:15:18 +0000 sys-apps/flatpak: add 1.14.4 Bug: https://bugs.gentoo.org/901507 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 1 + sys-apps/flatpak/flatpak-1.14.4.ebuild | 108 +++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2cb46de602b1509668484ac6b1bfd7b361438d7d commit 2cb46de602b1509668484ac6b1bfd7b361438d7d Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2023-03-17 00:06:14 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2023-03-17 00:15:17 +0000 sys-apps/flatpak: add 1.12.8 Bug: https://bugs.gentoo.org/901507 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 1 + sys-apps/flatpak/flatpak-1.12.8.ebuild | 108 +++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) I would like to note that the maximum damage for TIOCLINUX is privilage escalation, in general. ttyjack (https://github.com/jwilk/ttyjack) is a great tool to see that in action, but I have not tried putting it into a flatpak package for verification, so please verify yourself. If risk is the product of probability times damage, damage may be bigger than some of the related texts read and then risk also is. Just my two cents. Thanks! Please stabilize ASAP commit db467947bdd14ac40c44a18e65e29dc124b088f0 Author: Sam James <sam@gentoo.org> Date: Wed May 10 01:26:01 2023 +0100 sys-apps/flatpak: drop 1.12.3-r1, 1.14.1 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=774692af49b616797706937b258815617e132c83 commit 774692af49b616797706937b258815617e132c83 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-23 09:05:21 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-23 09:05:57 +0000 [ GLSA 202312-12 ] Flatpak: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/775365 Bug: https://bugs.gentoo.org/816951 Bug: https://bugs.gentoo.org/831087 Bug: https://bugs.gentoo.org/901507 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-12.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) |