Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
patchinfo.28332
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.28332
<patchinfo incident="28332"> <issue tracker="cve" id="2023-28101"/> <issue tracker="cve" id="2023-28100"/> <issue tracker="bnc" id="1209410">VUL-0: CVE-2023-28101: flatpak: Metadata with ANSI control codes can cause misleading terminal output</issue> <issue tracker="bnc" id="1209411">VUL-0: CVE-2023-28100: flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console</issue> <packager>JonathanKang</packager> <rating>important</rating> <category>security</category> <summary>Security update for flatpak</summary> <description>This update for flatpak fixes the following issues: - CVE-2023-28101: Fixed misleading terminal output with metadata with ANSI control codes (bsc#1209410). - CVE-2023-28100: Fixed unsandboxed TIOCLINUX commands (bsc#1209411). Update to version 1.12.8: - Update the SELinux module to explicitly permit the system helper have read access to /etc/passwd and systemd-userdbd, read and lock access to /var/lib/flatpak, and watch files inside $libexecdir - If an app update is blocked by parental controls policies, clean up the temporary deploy directory - Fix Autotools build with versions of gpgme that no longer provide gpgme-config(1) - Remove some unreachable code - Add missing handling for some D-Bus errors Update to version 1.12.7: - We now allow networked access to X11 and PulseAudio services if that is configured, and the application has network access. - Absolute paths in WAYLAND_DISPLAY now work - Allow apps that were built with Flatpak 1.13.x to export AppStream metadata in share/metainfo - Most commands now work if /var/lib/flatpak exists but </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor