*** This bug is a security vulnerability *** Public security bug reported:
https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv- xrqp Fixed in 1.15.4, 1.10.x >= 1.10.8, 1.12.x >= 1.12.8, 1.14.x >= 1.14.4. At the time of writing, mantic and noble are OK but jammy, focal and bionic are likely to be vulnerable. (This is a relatively low-impact vulnerability because it's unusual to run flatpak from a Linux virtual console.) ** Affects: flatpak (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-28100 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063035 Title: CVE-2023-28100: TIOCLINUX can send commands outside sandbox if running on a virtual console To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/2063035/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
