This bug was fixed in the package flatpak - 1.2.4-1 Sponsored for Anders Kaseorg (andersk)
--------------- flatpak (1.2.4-1) unstable; urgency=medium * New upstream stable release - Canonicalize XDG_RUNTIME_DIR if it's a symlink - Support device nodes for multiple Nvidia graphics cards if the proprietary driver is used - Fix a crash when certain errors occur while updating apps - Fix "flatpak list --arch" - Make "Installing %d/%d..." translatable * d/p/run-Only-compare-the-lowest-32-ioctl-arg-bits-for-TIOCSTI.patch: Drop patch, applied upstream -- Simon McVittie <s...@debian.org> Wed, 27 Mar 2019 20:47:33 +0000 flatpak (1.2.3-2) unstable; urgency=high * seccomp: Reject all ioctls that the kernel will interpret as TIOCSTI, including those where the high 32 bits in a 64-bit word are nonzero. (Closes: #925541, CVE-2019-10063) -- Simon McVittie <s...@debian.org> Tue, 26 Mar 2019 20:38:36 +0000 ** Changed in: flatpak (Ubuntu) Status: New => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-10063 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1822024 Title: Sync flatpak 1.2.3-2 (universe) from Debian unstable (main) for CVE-2019-10063 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1822024/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs