Revisions of flatpak
Marco Strigl (mstrigl)
committed
(revision 3)
- Update to version 1.14.4 (bsc#1209410, bsc#1209411):
+ Security fixes:
- Escape special characters when displaying permissions and
metadata, preventing malicious apps from manipulating the
appearance of the permissions list using crafted metadata
(CVE-2023-28101).
- If a Flatpak app is run on a Linux virtual console
(tty1, tty2, etc.), don't allow copy/paste via the TIOCLINUX
ioctl (CVE-2023-28100).
Note that this is specific to virtual consoles: Flatpak is
not vulnerable to this if run from a graphical terminal
emulator such as xterm, gnome-terminal or Konsole.
+ Other bug fixes:
- Translation update: pl
- Changes from version 1.14.3:
+ Bug fixes:
- When splitting an upgrade into two steps (download without
installing, and then upgrade without allowing further
downloads) like GNOME Software does, if an app is marked EOL
and superseded by a replacement, don't remove the superseded
app in the first step, which would result in the replacement
incorrectly not being installed
- Fix a crash when --socket=gpg-agent is used
- Fix a crash when listing apps if one of them is broken or
misconfigured
- If an app has invalid syntax in its overrides or metadata,
mention the filename in the error message
- Unset $GDK_BACKEND for apps, ensuring GTK apps with
--socket=fallback-x11 can work
- Never try to export a parent of reserved directories as a
Wolfgang Engel (bigironman)
committed
(revision 2)
Update package flatpak from 1.12.5 to 1.14.1 (jsc#PED-3116)
Displaying all 3 revisions
