Announce: Flatpak 1.3.1

Alexander Larsson alexl at redhat.com
Wed Mar 27 10:30:55 UTC 2019


Available here:
 https://github.com/flatpak/flatpak/releases/tag/1.3.1

$ sha256sum flatpak-1.3.1.tar.xz
74fd4ba556387a4f92948d94a9426715db4bedc7eb9f70afc5b11fd89e8d8801
flatpak-1.3.1.tar.xz

This release fixes CVE-2019-10063.

It has been discovered that the previous fix for CVE-2017-5226, which uses
seccomp to prevent sandboxed apps from using the (dangerous) TIOCSTI ioctl
was only incomplete on 64bit arches. This is now fixed.

 * seccomp: Only compare the low 32bit of the TIOCSTI ioctl args.
 * Fix the required runtime prompt during installation.
 * When installing, only check dependencies from the same installation.
 * flatpak list --arch now works correctly again.
 * Create origin symlinks in appstream branch for libappstream compat.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                Red Hat, Inc
       alexl at redhat.com         alexander.larsson at gmail.com


More information about the Flatpak mailing list