*** This bug is a security vulnerability *** Public security bug reported:
https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx- mpp8 This was fixed in 1.15.4, 1.10.x >= 1.10.8, 1.12.x >= 1.12.8, 1.14.x >= 1.14.4. At the time of writing, noble and mantic are OK, but jammy is vulnerable, and focal and bionic are probably vulnerable too. ** Affects: flatpak (Ubuntu) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-28101 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063034 Title: CVE-2023-28101: Metadata with ANSI control codes can cause misleading terminal output To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/2063034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs