Overview

Request 1194101 accepted

- Update to version 1.15.10:
+ Dependencies: In distributions that compile Flatpak to use a
separate bubblewrap (bwrap) executable, version 0.10.0 is
required. This version adds a new feature which is required by
the security fix in this release.
+ Security fixes: Don't follow symbolic links when mounting
persistent directories (--persist option). This prevents a
sandbox escape where a malicious or compromised app could edit
the symlink to point to a directory that the app should not
have been allowed to read or write. (CVE-2024-42472,
GHSA-7hgv-f2j8-xw87)
+ Documentation: Mark the 1.12.x and 1.10.x branches as
end-of-life
+ Other bug fixes: Fix several memory leaks
+ Internal changes:
- Record a log file when running build-time tests with
AddressSanitizer
- Add initial suppressions file for AddressSanitizer

Loading...

Bjørn Lie's avatar
author source maintainer

Wait for bubblewrap bump to land in TW before acking.

Request History
Bjørn Lie's avatar

iznogood created request

- Update to version 1.15.10:
+ Dependencies: In distributions that compile Flatpak to use a
separate bubblewrap (bwrap) executable, version 0.10.0 is
required. This version adds a new feature which is required by
the security fix in this release.
+ Security fixes: Don't follow symbolic links when mounting
persistent directories (--persist option). This prevents a
sandbox escape where a malicious or compromised app could edit
the symlink to point to a directory that the app should not
have been allowed to read or write. (CVE-2024-42472,
GHSA-7hgv-f2j8-xw87)
+ Documentation: Mark the 1.12.x and 1.10.x branches as
end-of-life
+ Other bug fixes: Fix several memory leaks
+ Internal changes:
- Record a log file when running build-time tests with
AddressSanitizer
- Add initial suppressions file for AddressSanitizer


GNOME Review Bot's avatar

gnome-review-bot accepted review

Check script succeeded


GNOME Review Bot's avatar

gnome-review-bot approved review

Check script succeeded


Bjørn Lie's avatar

iznogood accepted request

XinFwd

openSUSE Build Service is sponsored by