Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package flatpak for openSUSE:Factory checked in at 2023-03-19 16:16:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/flatpak (Old) and /work/SRC/openSUSE:Factory/.flatpak.new.31432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "flatpak" Sun Mar 19 16:16:27 2023 rev:79 rq:1072674 version:1.14.4 Changes: -------- --- /work/SRC/openSUSE:Factory/flatpak/flatpak.changes 2023-03-01 16:13:42.490493098 +0100 +++ /work/SRC/openSUSE:Factory/.flatpak.new.31432/flatpak.changes 2023-03-19 16:16:41.363354471 +0100 @@ -1,0 +2,16 @@ +Thu Mar 16 16:15:42 UTC 2023 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 1.14.4 (CVE-2023-28101, CVE-2023-28100): + + Escape special characters when displaying permissions and + metadata, preventing malicious apps from manipulating the + appearance of the permissions list using crafted metadata + (CVE-2023-28101, boo#1209410). + + If a Flatpak app is run on a Linux virtual console (tty1, tty2, + etc.), don't allow copy/paste via the TIOCLINUX ioctl + (CVE-2023-28100). Note that this is specific to virtual + consoles: Flatpak is not vulnerable to this if run from a + graphical terminal emulator such as xterm, gnome-terminal or + Konsole. (boo#1209411) + + Updated translations. + +------------------------------------------------------------------- Old: ---- flatpak-1.14.3.tar.xz New: ---- flatpak-1.14.4.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ flatpak.spec ++++++ --- /var/tmp/diff_new_pack.E4fclS/_old 2023-03-19 16:16:42.591360441 +0100 +++ /var/tmp/diff_new_pack.E4fclS/_new 2023-03-19 16:16:42.651360733 +0100 @@ -34,7 +34,7 @@ %define support_environment_generators 1 %endif Name: flatpak -Version: 1.14.3 +Version: 1.14.4 Release: 0 Summary: OSTree based application bundles management License: LGPL-2.1-or-later ++++++ flatpak-1.14.3.tar.xz -> flatpak-1.14.4.tar.xz ++++++ ++++ 15722 lines of diff (skipped)
