tag name | 1.14.4 (a5bf1c90598a7ee3f4db9fbaac563816ff250c37) |
tag date | 2023-03-16 14:33:31 +0000 |
tagged by | Simon McVittie <smcv@collabora.com> |
tagged object | commit 8a1edceadf... |
download | flatpak-1.14.4.tar.gz |
---|
flatpak 1.14.4
Security fixes:
* Escape special characters when displaying permissions and metadata,
preventing malicious apps from manipulating the appearance of the
permissions list using crafted metadata (CVE-2023-28101).
* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
Note that this is specific to virtual consoles: Flatpak is not
vulnerable to this if run from a graphical terminal emulator such as
xterm, gnome-terminal or Konsole.
Other bug fixes:
* Translation update: pl
Git-EVTag-v0-SHA512: a83091c2a471dbb072f231e53ebe24edab3ecfdfd99fdbc6aa2d11a56441fe8117f01a3c6244e83cac7a603273e338309c72e527badf86c4ab2e0c8471a86b8e
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmQTKLsACgkQ4FrhR4+B
TE/58A//UT1fRQcZ08C6UgksgUOjT6Y0g2p28U5Nc7Z/YpPjPTzWK+TcvF+nUwtY
RVHUO4KpcdEWJI4abdudGWIBVwo9kmINzfnRfUywbFIBbWuF3ax4i/TwE7+Tecko
3ebIKRFGkXgXm/BGE9cd3FyC5J1klokZU7FBeK8amwh1RVroF6vyaDgsiA0RDbPy
m6hqScEOTBbtd+xDCdaHq31b2mnVjG1EvJ5aDqOqOcRr1go4YpJhvfYlKDEMHcgv
CdF9kPIwp7c0IAdrIazzARjA/t05b9QpaNNMDEthIBePXmapZY7jMKrSN+NKGwPU
HBYPdX3rTCYryMGXdhQIZ7lveWQqhNibLlrCymb3TGUUwjbwVVZR8JZj317j4uAh
DPWxM6AmWNSsOeb2Su5BlJUqlBoqwmG1cG+QwxRcixCKYrMuP+6KBHTKDuJdgi6l
oLRSfoRCIev8Q0gS6fg9imQz+MBJWgyopQzxsGwE2hTQZ1v5GjkhJ1ck4MpgkSyh
WWP30FVgVvlS8WE5bzq/dq+KoppYZCs7RfdSmBh6eERFvQi1nB3St8/tqNGGxlbl
gGeZsuO+ViIrkjRnZO4qok9pWj/h5UPPWJ1nbqzusTb60Tk/Po7m91MqOQ4x97gO
UQMx0MkW1TcLeYs+V5il0uEsb78JOayAEr28ZOgNf4LPdsalYpo=
=4bWm
-----END PGP SIGNATURE-----