Bug#1033160: bullseye-pu: package flatpak/1.10.8-0+deb11u1
Control: tags -1 + confirmed
On Sat, 2023-03-18 at 16:20 +0000, Simon McVittie wrote:
> CVE-2023-28101: A malicious Flatpak app could prevent the flatpak(1)
> CLI
> from displaying its permissions as intended, by having crafted
> permissions
> or other metadata containing terminal escape sequences or other
> special
> characters. (#1033098)
>
> CVE-2023-28100: A malicious Flatpak app could execute code outside
> the
> sandbox if run from a Linux virtual console. (#1033099)
>
> Additionally, the new upstream stable release has some other bug
> fixes
> backported from 1.12.x and 1.14.x for:
> - temporary directories not being cleaned up if an upgrade is
> cancelled,
> in particular if it's blocked by parental controls (libmalcontent);
> - the `flatpak history` command, which didn't previously work in
> bullseye;
>
Please go ahead.
Regards,
Adam
Reply to: