Bubblewrap security errata
Alexander Larsson
alexl at redhat.com
Mon Oct 17 14:44:08 UTC 2016
For anyone packaging flatpak and/or bubblewrap, i'd like to point out
this new bubblewrap relase:
https://github.com/projectatomic/bubblewrap/releases/tag/v0.1.3
Its got a fix for a security issue where bubblewrap is installed in a
setuid mode. This doesn't affect builds that rely on unprivileged user
namespaces (such as ubuntu/fedora), but it did affect the debian and
arch builds, which have now been fixed.
If anyone else is shipping flatpak or bubblewrap, please update the
copy of bubblewrap to 0.1.3 as in:
https://github.com/flatpak/flatpak/commit/da0204f4c81e7cf66943ac07317a48cad28ecf95
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
He's a deeply religious small-town cowboy gone bad. She's a psychotic
psychic college professor from a different time and place. They fight
crime!
More information about the xdg-app
mailing list