Announce: Flatpak 0.10.3 (security update)
Alexander Larsson
alexl at redhat.com
Tue Jan 30 13:39:34 UTC 2018
New release 0.10.3 at:
https://github.com/flatpak/flatpak/releases/tag/0.10.3
$ sha256sum flatpak-0.10.3.tar.xz
d08616cfa7f0e0a5f0234a9859b67450e35377b95929b118a1b7ca7497e91b00
flatpak-0.10.3.tar.xz
This is a security fix release that fixes a sandbox escape in the
flatpak dbus proxy. This issue was found by Gabriel Campana of The
Google Security Team.
Major changes in 0.10.3
=======================
* Fix dbus proxy vulnerability in authentication phase
* Make permission handling ignore unknown permissions for forwards
compatibility
* Removed incorrect error message in update --appdata when ther
was no updates
* Fix handling of abort in the duplicate remote prompt
* Fix division by zero in progress calculation
* Fix flatpak remote-info --show-metadata
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
More information about the Flatpak
mailing list