This bug was fixed in the package flatpak - 1.2.4-1
Sponsored for Anders Kaseorg (andersk)
---------------
flatpak (1.2.4-1) unstable; urgency=medium
* New upstream stable release
- Canonicalize XDG_RUNTIME_DIR if it's a symlink
- Support device nodes for multiple Nvidia graphics cards if the
proprietary driver is used
- Fix a crash when certain errors occur while updating apps
- Fix "flatpak list --arch"
- Make "Installing %d/%d..." translatable
* d/p/run-Only-compare-the-lowest-32-ioctl-arg-bits-for-TIOCSTI.patch:
Drop patch, applied upstream
-- Simon McVittie <s...@debian.org> Wed, 27 Mar 2019 20:47:33 +0000
flatpak (1.2.3-2) unstable; urgency=high
* seccomp: Reject all ioctls that the kernel will interpret as TIOCSTI,
including those where the high 32 bits in a 64-bit word are nonzero.
(Closes: #925541, CVE-2019-10063)
-- Simon McVittie <s...@debian.org> Tue, 26 Mar 2019 20:38:36 +0000
** Changed in: flatpak (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-10063
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1822024
Title:
Sync flatpak 1.2.3-2 (universe) from Debian unstable (main) for
CVE-2019-10063
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1822024/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
