[ubuntu/lunar-proposed] flatpak 1.14.4-1 (Accepted)
Jeremy Bícha
jeremy.bicha at canonical.com
Thu Mar 16 22:38:09 UTC 2023
flatpak (1.14.4-1) unstable; urgency=high
* New upstream security fix release
- Escape special characters when displaying permissions and metadata,
preventing malicious apps from manipulating the appearance of the
permissions list using crafted metadata (CVE-2023-28101)
- If a Flatpak app is run on a Linux virtual console (tty1, etc.),
don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
Note that this is specific to virtual consoles: Flatpak is not
vulnerable to this if run from a graphical terminal emulator such
as xterm, gnome-terminal or Konsole.
- Translation update: pl
Date: 2023-03-16 22:27:54.052423+00:00
Signed-By: Jeremy Bícha <jeremy.bicha at canonical.com>
https://launchpad.net/ubuntu/+source/flatpak/1.14.4-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list