I'm not working on the stable security updates now but I opened tasks for them in case someone else wants to contribute.
** Also affects: flatpak (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: flatpak (Ubuntu Mantic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to flatpak in Ubuntu. https://bugs.launchpad.net/bugs/2062406 Title: CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88 Status in flatpak package in Ubuntu: Fix Released Status in flatpak source package in Jammy: New Status in flatpak source package in Mantic: New Bug description: Upstream advisory: https://github.com/flatpak/flatpak/security/advisories/GHSA- phv6-cpc2-2fgj If possible please sync 1.14.6-1 from Debian instead of backporting fixes. That version only fixes the security issue and one other high- visibility bug (app developer names showing in the CLI as though they were the app's name). https://github.com/flatpak/flatpak/compare/1.14.5...1.14.6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/2062406/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp