diff options
author | Simon McVittie <smcv@collabora.com> | 2023-03-15 17:38:44 +0000 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2023-03-16 09:55:13 +0000 |
commit | ce35df08b1faf17ccd87787838a01a724919b676 (patch) | |
tree | 09e8ec8d414593e9a61af0d94c9e871a3087a364 | |
parent | f015f91dc3c54d2e0b64a0f0e560a48071d8b22e (diff) | |
download | flatpak-ce35df08b1faf17ccd87787838a01a724919b676.tar.gz |
Update NEWS
Signed-off-by: Simon McVittie <smcv@collabora.com>
-rw-r--r-- | NEWS | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -1,3 +1,23 @@ +Changes in 1.14.4 +~~~~~~~~~~~~~~~~~ +Released: not yet + +Security fixes: + +* Escape special characters when displaying permissions and metadata, + preventing malicious apps from manipulating the appearance of the + permissions list using crafted metadata (CVE-2023-28101). + +* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.), + don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100). + Note that this is specific to virtual consoles: Flatpak is not + vulnerable to this if run from a graphical terminal emulator such as + xterm, gnome-terminal or Konsole. + +Other bug fixes: + +* Translation update: pl + Changes in 1.14.3 ~~~~~~~~~~~~~~~~~ Released: 2023-02-27 |