http://bugzilla.suse.com/show_bug.cgi?id=1078923 http://bugzilla.suse.com/show_bug.cgi?id=1078923#c1 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astieger@suse.com, | |dimstar@opensuse.org, | |sreeves@suse.com Component|Maintenance |Security Assignee|bnc-team-screening@forge.pr |os.gnome.maintainers@gmail. |ovo.novell.com |com Summary|Update Flatpak to 0.8.9, |VUL-0: flatpak: sandbox |latest stable release |escape in the dbus proxy QA Contact|qa-bugs@suse.de |security-team@suse.de --- Comment #1 from Andreas Stieger --- Adjusting to refer to a single vulnerability only. https://github.com/flatpak/flatpak/releases/tag/0.8.9 This is a security fix release that fixes a sandbox escape in the flatpak dbus proxy. This issue was found by Gabriel Campana of The Google Security Team. Fix dbus proxy vulnerability in authentication phase Make permission handling ignore unknown permissions for forwards compatibility Also see bug 1078989 and bug 1078993 -- You are receiving this mail because: You are on the CC list for the bug.