[ubuntu/focal-security] flatpak 1.6.5-0ubuntu0.5 (Accepted)

[Leonidas S. Barbosa]

flatpak (1.6.5-0ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: Access outside sandbox
    - debian/patches/CVE-2024-42472-1.patch: don't follow symlinks when
      mounting persisted directories in common/flatpak-context.c.
    - debian/patches/CVE-2024-42472-2.patch: add test coverage for --persist
      in test/test-run.sh.
    - debian/patches/CVE-2024-42472-3.patch: add --bind-fd and --ro-bind-fd to
      bubblerap.c.
    - debian/control: makes flatpak depend on bubblerap with --bind-fd feature
      backported to avoid race condition (LP: #2077087)
    - CVE-2024-42472

Date: 2024-09-25 17:23:15.077936+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/flatpak/1.6.5-0ubuntu0.5
-------------- next part --------------
Sorry, changesfile not available.