Sync flatpak 1.2.3-2 (universe) from Debian unstable (main) for CVE-2019-10063
Bug #1822024 reported by
Anders Kaseorg
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| flatpak (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Please sync flatpak 1.2.3-2 (universe) from Debian unstable (main)
Changelog entries since current disco version 1.2.3-1:
flatpak (1.2.3-2) unstable; urgency=high
* seccomp: Reject all ioctls that the kernel will interpret as TIOCSTI,
including those where the high 32 bits in a 64-bit word are nonzero.
(Closes: #925541, CVE-2019-10063)
-- Simon McVittie <email address hidden> Tue, 26 Mar 2019 20:38:36 +0000
CVE References
| summary: |
- Sync flatpak 1.2.3-2 (universe) from Debian unstable (main) + Sync flatpak 1.2.3-2 (universe) from Debian unstable (main) for + CVE-2019-10063 |
| information type: | Public → Public Security |
Revision history for this message
| Andrew Hayzen (ahayzen) wrote | #1 |
| tags: | added: upgrade-software-version |
Revision history for this message
| Simon Quigley (tsimonq2) wrote | #2 |
| Changed in flatpak (Ubuntu): | |
| status: | New → Fix Released |
To post a comment you must log in.
If possible please sync 1.2.4-1 as this is the new upstream microrelease with other fixes as well :-) Also note I am preparing the fix (1.0.8) for bionic and cosmic in bug 1821811, I plan to be submitting this later today. Thanks!