diff options
author | Simon McVittie <smcv@collabora.com> | 2023-03-15 17:41:59 +0000 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2023-03-16 09:54:14 +0000 |
commit | e8219ad8c859e9165c3970b934522c9177087c87 (patch) | |
tree | 02cdd64b8aaa5eb26a9d9b9c140f5ad01a64e244 | |
parent | 8e63de9a7d3124f91140fc74f8ca9ed73ed53be9 (diff) | |
download | flatpak-e8219ad8c859e9165c3970b934522c9177087c87.tar.gz |
Update NEWS
Signed-off-by: Simon McVittie <smcv@collabora.com>
-rw-r--r-- | NEWS | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -1,3 +1,24 @@ +Changes in 1.15.4 +~~~~~~~~~~~~~~~~~ +Released: not yet + +Security fixes: + +* Escape special characters when displaying permissions and metadata, + preventing malicious apps from manipulating the appearance of the + permissions list using crafted metadata (CVE-2023-28101). + +* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.), + don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100). + Note that this is specific to virtual consoles: Flatpak is not + vulnerable to this if run from a graphical terminal emulator such as + xterm, gnome-terminal or Konsole. + +Other bug fixes: + +* Document the path used for `flatpak override` +* Translation updates: oc, pl, ru, sv, tr + Changes in 1.15.3 ~~~~~~~~~~~~~~~~~ Released: 2023-02-21 |