tag name | 1.12.8 (9d3b307c0e6321b62337b45f4fa01bd06c0b9bb5) |
tag date | 2023-03-16 14:33:51 +0000 |
tagged by | Simon McVittie <smcv@collabora.com> |
tagged object | commit c87d8b25c6... |
download | flatpak-1.12.8.tar.gz |
---|
flatpak 1.12.8
Security fixes:
* Escape special characters when displaying permissions and metadata,
preventing malicious apps from manipulating the appearance of the
permissions list using crafted metadata (CVE-2023-28101).
* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
Note that this is specific to virtual consoles: Flatpak is not
vulnerable to this if run from a graphical terminal emulator such as
xterm, gnome-terminal or Konsole.
Other bug fixes:
* Update the SELinux module to explicitly permit the system helper have read
access to /etc/passwd and systemd-userdbd, read and lock access to
/var/lib/flatpak, and watch files inside $libexecdir
(#4852, #4855, #4892; Red Hat #2071217, #2071215, #2070741,
#2053634, #2070350)
* If an app update is blocked by parental controls policies, clean up the
temporary deploy directory (#5146)
* Fix Autotools build with versions of gpgme that no longer provide
gpgme-config(1) (#5173)
* Remove some unreachable code (Coverity: CID 1514265)
* Add missing handling for some D-Bus errors
Git-EVTag-v0-SHA512: b8360cfc1de210ab96fd73547a1c6c99e4b75a9baa9485b8edb8b88300524132598f3b645a04b649a67a11f2e51846579f9886e000e7940686f60b6411627103
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmQTKM8ACgkQ4FrhR4+B
TE8bLg/7BhKvK3sG2of68VrPHw5hrgakNFiP5shXx/sf5FO8U+uaNoD+JFZGN1Js
Ls9xLjb8++MvF66RYJNtW4e1SBq454s6+eXdZBAXI8oIqriU7MnwgbYPWkpVLUdt
rZxFOYVFhK9Dj5jyevCYhtqhGoCvmpT8V6V/VZzi2pzk0EtqI/EmrR9dhXSl9JZu
04EXcaeh6nm2ei5TkV6yyky82Ul8ikFuiSaKsg996wbOqoqF5qiysm3aGfTfNfqx
Jl7/bKHK8LeptfQd6zLjUnh5bA8bBLVjA0bsRiTSVtDcROXnDqaMrelMCz5NiC2Z
hZspVEz32YLR7yt1/ZQpQPP/YNwSj8pGQ4Adn8KjhD/RpRA2YZXhlhkxFpz1OKSt
H3YU3Do+wcce+ddlD10MuETFC3EE93GtSAJwcFBs+o2pfR6ReZpMVcIHlrL+voeK
kSIJYTq/LlH9dooO5EmeGIqI1gtbe7gQYrM12CP/DAdfJXMoZOvuLbE428/c+4/v
hsj/E5QkUunaOSp4uip8fjRmLdFpt58SwDNbgcFk5CntPB2c/IVTGMooBD6TtEmQ
bhj17TYvlB7ZCT+Cj/D1Z4V+ZT7bAhTQceaeFXg6y5vdDOChw+mM0m80pL+iJrgr
4qRdnEIhKCj1SjeN2oDtCpUi0vDCqNBBX33VwRz0bd5TgELgKvE=
=R5wm
-----END PGP SIGNATURE-----