*** This bug is a security vulnerability *** Public security bug reported:
Upstream advisory: https://github.com/flatpak/flatpak/security/advisories/GHSA- phv6-cpc2-2fgj If possible please sync 1.14.6-1 from Debian instead of backporting fixes. That version only fixes the security issue and one other high- visibility bug (app developer names showing in the CLI as though they were the app's name). ** Affects: flatpak (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062406 Title: CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/2062406/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
