I'm not working on the stable security updates now but I opened tasks
for them in case someone else wants to contribute.
** Also affects: flatpak (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: flatpak (Ubuntu Mantic)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to flatpak in Ubuntu.
https://bugs.launchpad.net/bugs/2062406
Title:
CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88
Status in flatpak package in Ubuntu:
Fix Released
Status in flatpak source package in Jammy:
New
Status in flatpak source package in Mantic:
New
Bug description:
Upstream advisory:
https://github.com/flatpak/flatpak/security/advisories/GHSA-
phv6-cpc2-2fgj
If possible please sync 1.14.6-1 from Debian instead of backporting
fixes. That version only fixes the security issue and one other high-
visibility bug (app developer names showing in the CLI as though they
were the app's name).
https://github.com/flatpak/flatpak/compare/1.14.5...1.14.6
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/2062406/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
