File _patchinfo of Package patchinfo.28332

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.28332

<patchinfo incident="28332">
  <issue tracker="cve" id="2023-28101"/>
  <issue tracker="cve" id="2023-28100"/>
  <issue tracker="bnc" id="1209410">VUL-0: CVE-2023-28101: flatpak: Metadata with ANSI control codes can cause misleading terminal output</issue>
  <issue tracker="bnc" id="1209411">VUL-0: CVE-2023-28100: flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console</issue>
  <packager>JonathanKang</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for flatpak</summary>
  <description>This update for flatpak fixes the following issues:
    
- CVE-2023-28101: Fixed misleading terminal output with  metadata with ANSI control codes (bsc#1209410).
- CVE-2023-28100: Fixed unsandboxed TIOCLINUX commands (bsc#1209411).
    
Update to version 1.12.8:
    
- Update the SELinux module to explicitly permit the system
      helper have read access to /etc/passwd and systemd-userdbd,
      read and lock access to /var/lib/flatpak, and watch files
      inside $libexecdir
- If an app update is blocked by parental controls policies,
      clean up the temporary deploy directory
- Fix Autotools build with versions of gpgme that no longer
      provide gpgme-config(1)
- Remove some unreachable code
- Add missing handling for some D-Bus errors
    
Update to version 1.12.7:
 
- We now allow networked access to X11 and PulseAudio services
    if that is configured, and the application has network access.
- Absolute paths in WAYLAND_DISPLAY now work
- Allow apps that were built with Flatpak 1.13.x to export
    AppStream metadata in share/metainfo
- Most commands now work if /var/lib/flatpak exists but
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.28332

Places