subject:"\[Bug 1957716\] Re\: Update for CVE\-2021\-43860 and CVE\-2022\-21682"

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

2022-03-02 Thread Andrew Hayzen

@alexmurray, hey, I believe that commit was reverted later as it caused a behavioural regression? The Github advisory (https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx) was changed to point to a different commit

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

2022-03-01 Thread Alex Murray

@ahayzen - thanks for the impish debdiff - I was going to sponsor it but I notice you have used a separate set of patches than those linked to by debian and NVD for CVE-2022-21682 - does this also need: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a ? Also

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

2022-02-02 Thread Mathew Hodson

** Changed in: flatpak (Ubuntu) Importance: Undecided => Medium ** Changed in: flatpak (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: flatpak (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: flatpak (Ubuntu Impish) Importance: Undecided => Medium --

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

2022-01-27 Thread Andrew Hayzen

Please find attached the debdiff for Ubuntu 21.10 impish. I have performed some testing in a VM and built in a PPA. ** Attachment added: "Impish CVE debdiff" https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1957716/+attachment/5557881/+files/flatpak_impish_lp1957716.debdiff.gz -- You

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

2022-01-27 Thread Andrew Hayzen

** Changed in: flatpak (Ubuntu Impish) Status: New => In Progress ** Changed in: flatpak (Ubuntu Impish) Assignee: (unassigned) => Andrew Hayzen (ahayzen) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

2022-01-19 Thread Andrew Hayzen

** Description changed: [Links] https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j ( CVE-2021-43860 ) https://security-tracker.debian.org/tracker/CVE-2021-43860 https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx ( CVE-2022-21682 )

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

2022-01-19 Thread Andrew Hayzen

** Description changed: [Links] https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j ( CVE-2021-43860 ) https://security-tracker.debian.org/tracker/CVE-2021-43860 https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx ( CVE-2022-21682 )

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

2022-01-16 Thread Andrew Hayzen

Note that Jammy now has 1.12.3-1 so is fixed. ** Summary changed: - Update for CVE-2021-43860 and second github advisory + Update for CVE-2021-43860 and CVE-2022-21682 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-21682 ** Description changed: [Links] -

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

[Bug 1957716] Re: Update for CVE-2021-43860 and CVE-2022-21682

8 matches

Site Navigation

Mail list logo

Footer information