Update NEWS

Signed-off-by: Simon McVittie <smcv@collabora.com>
author: Simon McVittie <smcv@collabora.com> 2023-03-15 17:38:44 +0000
committer: Simon McVittie <smcv@collabora.com> 2023-03-16 09:55:13 +0000
commit: ce35df08b1faf17ccd87787838a01a724919b676 (patch)
tree: 09e8ec8d414593e9a61af0d94c9e871a3087a364
parent: f015f91dc3c54d2e0b64a0f0e560a48071d8b22e (diff)
download: flatpak-ce35df08b1faf17ccd87787838a01a724919b676.tar.gz
1 files changed, 20 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 3cd449db..0ad1a95c 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,23 @@
+Changes in 1.14.4
+~~~~~~~~~~~~~~~~~
+Released: not yet
+
+Security fixes:
+
+* Escape special characters when displaying permissions and metadata,
+  preventing malicious apps from manipulating the appearance of the
+  permissions list using crafted metadata (CVE-2023-28101).
+
+* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
+  don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
+  Note that this is specific to virtual consoles: Flatpak is not
+  vulnerable to this if run from a graphical terminal emulator such as
+  xterm, gnome-terminal or Konsole.
+
+Other bug fixes:
+
+* Translation update: pl
+
 Changes in 1.14.3
 ~~~~~~~~~~~~~~~~~
 Released: 2023-02-27
author	Simon McVittie <smcv@collabora.com>	2023-03-15 17:38:44 +0000
committer	Simon McVittie <smcv@collabora.com>	2023-03-16 09:55:13 +0000
commit	ce35df08b1faf17ccd87787838a01a724919b676 (patch)
tree	09e8ec8d414593e9a61af0d94c9e871a3087a364
parent	f015f91dc3c54d2e0b64a0f0e560a48071d8b22e (diff)
download	flatpak-ce35df08b1faf17ccd87787838a01a724919b676.tar.gz