[ubuntu/noble-updates] flatpak 1.14.6-1ubuntu0.1 (Accepted)

[Ubuntu Archive Robot]

flatpak (1.14.6-1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: Access outside sandbox
    - debian/patches/CVE-2024-42472-1.patch: don't follow symlinks when
      mounting persisted directories in common/flatpak-context.c.
    - debian/patches/CVE-2024-42472-2.patch: add test coverage for --persist
      in test/test-run.sh.
    - debian/patches/CVE-2024-42472-3.patch: add --bind-fd and --ro-bind-fd to
      subprojects/bubblerap.c.
    - debian/control: makes flatpak depend on bubblerap with --bind-fd feature
      backported to avoid race condition (LP: #2077087)
    - CVE-2024-42472

Date: 2024-09-25 18:05:14.545448+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/flatpak/1.14.6-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.