This bug was fixed in the package flatpak - 1.0.7-0ubuntu0.18.10.1
---------------
flatpak (1.0.7-0ubuntu0.18.10.1) cosmic-security; urgency=medium
* Update to 1.0.7 (LP: #1815528)
* New upstream release
- SECURITY UPDATE: do not let the apply_extra script for a system
installation modify the host-side executable via /proc/self/exe,
similar to CVE-2019-5736 in runc
- CVE-2019-8308
-- Andrew Hayzen <[email protected]> Wed, 13 Feb 2019 21:31:52 +0000
** Changed in: flatpak (Ubuntu Cosmic)
Status: Confirmed => Fix Released
** Changed in: flatpak (Ubuntu Bionic)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815528
Title:
New upstream microrelease flatpak 1.0.7
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1815528/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
