Control: tags -1 + confirmed On Sat, 2023-03-18 at 16:20 +0000, Simon McVittie wrote: > CVE-2023-28101: A malicious Flatpak app could prevent the flatpak(1) > CLI > from displaying its permissions as intended, by having crafted > permissions > or other metadata containing terminal escape sequences or other > special > characters. (#1033098) > > CVE-2023-28100: A malicious Flatpak app could execute code outside > the > sandbox if run from a Linux virtual console. (#1033099) > > Additionally, the new upstream stable release has some other bug > fixes > backported from 1.12.x and 1.14.x for: > - temporary directories not being cleaned up if an upgrade is > cancelled, > in particular if it's blocked by parental controls (libmalcontent); > - the `flatpak history` command, which didn't previously work in > bullseye; >
Please go ahead. Regards, Adam