Announce: Flatpak 1.15.4 (development prerelease)
Simon McVittie
smcv at collabora.com
Thu Mar 16 19:09:55 UTC 2023
Available here: https://github.com/flatpak/flatpak/releases/tag/1.15.4
bef695d893d1e0239a68441d6b328edeb6d1e58a902c92f9278e94da914ab91f *flatpak-1.15.4.tar.xz
This is a development prerelease for the adventurous, part of the 1.15.x
branch, which will eventually lead to a 1.16.0 stable release. Don't
include this version in stable OS distributions.
This version has no new features, just the security fixes from 1.14.4.
Security fixes:
* Escape special characters when displaying permissions and metadata,
preventing malicious apps from manipulating the appearance of the
permissions list using crafted metadata (CVE-2023-28101).
* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100). Note
that this is specific to virtual consoles: Flatpak is not vulnerable
to this if run from a graphical terminal emulator such as xterm,
gnome-terminal or Konsole.
Other bug fixes:
* Document the path used for `flatpak override`
* Translation updates: oc, pl, ru, sv, tr
--
Simon McVittie, Collabora Ltd. / Debian
on behalf of the Flatpak maintainers
More information about the Flatpak
mailing list