Public bug reported:
Another bubblewrap security issue. This has been fixed in Debian and
upstream in both bubblewrap and Flatpak which need to be updated at the
same time.
I've been wanting to update Flatpak to 0.8 anyway (LP: #1656712) since
December but was waiting to get bubblewrap taken care of first to make
it simpler. Now I guess we'll do it all together.
There are three affected packages in yakkety:
- bubblewrap
- flatpak
- ostree (new version needed for new flatpak)
I'll attach debdiffs here for them.
I propose we do like the last bubblewrap update and build these as
security updates but age them for 7 days first like SRUs.
** Affects: bubblewrap (Ubuntu)
Importance: Undecided
Status: New
** Affects: flatpak (Ubuntu)
Importance: Undecided
Status: New
** Tags: yakkety
** Also affects: bubblewrap (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1657357
Title:
bubblewrap escape via TIOCSTI ioctl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1657357/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
