Sync flatpak 1.2.3-2 (universe) from Debian unstable (main) for CVE-2019-10063
Bug #1822024 reported by
Anders Kaseorg
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
flatpak (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Please sync flatpak 1.2.3-2 (universe) from Debian unstable (main)
Changelog entries since current disco version 1.2.3-1:
flatpak (1.2.3-2) unstable; urgency=high
* seccomp: Reject all ioctls that the kernel will interpret as TIOCSTI,
including those where the high 32 bits in a 64-bit word are nonzero.
(Closes: #925541, CVE-2019-10063)
-- Simon McVittie <email address hidden> Tue, 26 Mar 2019 20:38:36 +0000
CVE References
summary: |
- Sync flatpak 1.2.3-2 (universe) from Debian unstable (main) + Sync flatpak 1.2.3-2 (universe) from Debian unstable (main) for + CVE-2019-10063 |
information type: | Public → Public Security |
tags: | added: upgrade-software-version |
To post a comment you must log in.
If possible please sync 1.2.4-1 as this is the new upstream microrelease with other fixes as well :-) Also note I am preparing the fix (1.0.8) for bionic and cosmic in bug 1821811, I plan to be submitting this later today. Thanks!