Description: "flatpak since 0.9.4 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions." Please bump to 1.10.2.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1015a3fd27008c326e7bd12b5f754ed663b6fdd commit f1015a3fd27008c326e7bd12b5f754ed663b6fdd Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-03-11 07:10:50 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-03-11 07:10:59 +0000 sys-apps/flatpak: Bump to version 1.10.2 Bug: https://bugs.gentoo.org/775365 Package-Manager: Portage-3.0.17, Repoman-3.0.2 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 1 + sys-apps/flatpak/flatpak-1.10.2.ebuild | 101 +++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+)
So, should this be stabilised now...?
Yes, please stablilize.
amd64 stable
arm64 done
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Unable to check for sanity: > no match for package: sys-apps/flatpak-1.10.2
Unable to check for sanity: > no match for package: sys-apps/flatpak-1.10.5