This bug was fixed in the package flatpak - 1.0.9-0ubuntu0.3
--------------- flatpak (1.0.9-0ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file (LP: #1918482) - debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in desktop files. - debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@ prefix. - debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export .desktop files with suspicious uses. - CVE-2021-21381
-- Andrew Hayzen <email address hidden> Wed, 10 Mar 2021 20:51:04 +0000
This bug was fixed in the package flatpak - 1.0.9-0ubuntu0.3
---------------
flatpak (1.0.9-0ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file patches/ CVE-2021- 21381-1. patch: Disallow @@ and @@u usage in patches/ CVE-2021- 21381-2. patch: dir: Reserve the whole @@ patches/ CVE-2021- 21381-3. patch: dir: Refuse to export
(LP: #1918482)
- debian/
desktop files.
- debian/
prefix.
- debian/
.desktop files with suspicious uses.
- CVE-2021-21381
-- Andrew Hayzen <email address hidden> Wed, 10 Mar 2021 20:51:04 +0000