Debian Security Advisory

DSA-4390-1 flatpak -- security update

Date Reported:
12 Feb 2019
Affected Packages:
flatpak
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 922059.
More information:

It was discovered that Flatpak, an application deployment framework for desktop apps, insufficiently restricted the execution of apply_extra scripts which could potentially result in privilege escalation.

For the stable distribution (stretch), this problem has been fixed in version 0.8.9-0+deb9u2.

We recommend that you upgrade your flatpak packages.

For the detailed security status of flatpak please refer to its security tracker page at: https://security-tracker.debian.org/tracker/flatpak