http://bugzilla.suse.com/show_bug.cgi?id=1078923
http://bugzilla.suse.com/show_bug.cgi?id=1078923#c1
Andreas Stieger changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |astieger@suse.com,
| |dimstar@opensuse.org,
| |sreeves@suse.com
Component|Maintenance |Security
Assignee|bnc-team-screening@forge.pr |os.gnome.maintainers@gmail.
|ovo.novell.com |com
Summary|Update Flatpak to 0.8.9, |VUL-0: flatpak: sandbox
|latest stable release |escape in the dbus proxy
QA Contact|qa-bugs@suse.de |security-team@suse.de
--- Comment #1 from Andreas Stieger ---
Adjusting to refer to a single vulnerability only.
https://github.com/flatpak/flatpak/releases/tag/0.8.9
This is a security fix release that fixes a sandbox escape in the
flatpak dbus proxy. This issue was found by Gabriel Campana of The
Google Security Team.
Fix dbus proxy vulnerability in authentication phase
Make permission handling ignore unknown permissions for forwards
compatibility
Also see bug 1078989 and bug 1078993
--
You are receiving this mail because:
You are on the CC list for the bug.