tag name | 1.15.4 (fe52a3907bab6685df17342ed243fb2e5d376e10) |
tag date | 2023-03-16 14:32:49 +0000 |
tagged by | Simon McVittie <smcv@collabora.com> |
tagged object | commit e936e3100d... |
download | flatpak-1.15.4.tar.gz |
---|
flatpak 1.15.4
Security fixes:
* Escape special characters when displaying permissions and metadata,
preventing malicious apps from manipulating the appearance of the
permissions list using crafted metadata (CVE-2023-28101).
* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
Note that this is specific to virtual consoles: Flatpak is not
vulnerable to this if run from a graphical terminal emulator such as
xterm, gnome-terminal or Konsole.
Other bug fixes:
* Document the path used for `flatpak override`
* Translation updates: oc, pl, ru, sv, tr
Git-EVTag-v0-SHA512: da193fee33f3108222ff5e3b48fdd6c41ff5215fd0e556864f597f3a81d521fa794ec1c6918b67c0efe47b9be0a03181d2a1f2ab9910fdb8479d3f5da65372d5
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmQTKJEACgkQ4FrhR4+B
TE+dSA//XAIMaXI75klK6+73RKFsCEZi1BTv4D7CLyfBa/VjS8IVBVELynuyfBk1
jpvuLJaBnhbQQJmGf50vJcmYQCfB3aQ3YlMaNvKfw0ojCEjJ0V5dy+NEDMy3yg6F
lnpUyAu2di4XWu01D9hJ7+iqpwDIvFkXd6bOWXI5Xvg79z5aWyd8Nf1DtgeRRC5x
BrzFcjR2t48VWw68CWipvWtXy2P4OxBK+NusVTcpSgR+WWbmxofhF6N95obNpANx
IDN5/k9EfcQFLYVqofoH51/4unPG+jl5QIlGSrRZDkodvkDUJzpUAlfNmRlMHlT5
8YYDs3NLluuOsuiulDxGUwhWL/ruvZ13XSU+7SR+eG0WUUuBXM5cLliQt3TA6M5K
7wxZRErIi1CVkAv4UY52zV1JA4APXiMw8yuaMQ2QFcEaKPfQJ47bObhUw8bHgk5f
WAe8WGexcg1/+G8EstLiSQv399FWTEfM5r2cyMWXubzDGlnNSNccIo5TSyBeu2zi
WfEF1x+heVZaAweiGFdVCkTX+b/YAEw1F6kuCwq1jRzSTV3mp0l7ETn0Ckj2V+WX
SHm4Nd3IzBH7M8PElxsgw4MNoZs2H0ZVWHf62NMcu/Ef0JrZXIjmtgltRNA2/S71
y54MfA/A6G6FxjZS/o0UYirvKXedDjRgAC21LDMuIF/jcE6Vnmg=
=H4FR
-----END PGP SIGNATURE-----