Hey Andrew, thanks for preparing these updates. I have reviewed them,
adjusted the patch names and the changelogs to refer to CVE-2021-21381,
and have packages available for testing in the ubuntu-security-proposed
ppa https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages .
** Changed in: flatpak (Ubuntu)
Importance: High => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1918482
Title:
Update for GHSA-xgh4-387p-hqpp
To manage notifications about this bug go
** Changed in: flatpak (Ubuntu Bionic)
Importance: High => Medium
** Changed in: flatpak (Ubuntu Focal)
Importance: High => Medium
** Changed in: flatpak (Ubuntu Groovy)
Importance: High => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: flatpak (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1918482
Title:
Update for GHSA-xgh4-387p-hqpp
To manage notifications about
** Bug watch added: Debian Bug tracker #984859
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984859
** Also affects: flatpak (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984859
Importance: Unknown
Status: Unknown
** Changed in: flatpak (Ubuntu)
Hirsute now contains 1.10.2-1 with the fix, so I am marking it as fixed
released.
** Changed in: flatpak (Ubuntu)
Status: In Progress => Fix Released
** Description changed:
[Links]
https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp
This is now CVE-2021-21381, whoever comes to upload the debdiffs please
consider the following:
* Please rename "- GHSA-xgh4-387p-hqpp" in the debian/changelog to "-
CVE-2021-21381"
* Please consider renaming the debian/patches from (for example)
"GHSA-xgh4-387p-hqpp-1.patch" to
** Also affects: flatpak (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: flatpak (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: flatpak (Ubuntu Bionic)
Importance: Undecided
Status: New
--
You received this bug notification
** Description changed:
[Links]
https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp
https://github.com/flatpak/flatpak/pull/4156
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984859
[Impact]
Versions in Ubuntu right now:
Hirsute: 1.10.1-4
Groovy:
If someone has the permissions could they add bionic, focal, and groovy
as affected series ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1918482
Title:
Update for GHSA-xgh4-387p-hqpp
To manage
So we do not have a CVE yet, I believe one will be auto assigned via
github at some point (I don't know how long this takes :-) ).
I realised there is a typo in the bionic changelog "- GHSA-xgh4-387p-
hqpp-1" should be "- GHSA-xgh4-387p-hqpp". But once a CVE is available
this line will need to
This is the focal debdiff.
** Attachment added: "[focal]
flatpak_1.6.5-0ubuntu0.2_to_flatpak_1.6.5-0ubuntu0.3.debdiff"
https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1918482/+attachment/5475503/+files/flatpak_1.6.5-0ubuntu0.2_to_flatpak_1.6.5-0ubuntu0.3.debdiff.gz
--
You received
This is the groovy debdiff.
** Attachment added: "[groovy]
flatpak_1.8.2-1ubuntu0.1_to_flatpak_1.8.2-1ubuntu0.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1918482/+attachment/5475504/+files/flatpak_1.8.2-1ubuntu0.1_to_flatpak_1.8.2-1ubuntu0.2.debdiff.gz
--
You received
13 matches
Mail list logo
