Accepting request 1072446 from home:iznogood:branches:GNOME:Factory

New stable release OBS-URL: https://build.opensuse.org/request/show/1072446 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=182
2023-03-17 00:39:54 +00:00 · 2023-03-17 00:39:54 +00:00 · e77f94829d
commit e77f94829d
parent d303727e08
4 changed files with 20 additions and 4 deletions
--- a/flatpak-1.14.3.tar.xz
+++ b/flatpak-1.14.3.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:59f0470ccb894d852e4c6fbc1043d8bcc95e38033c5c36f2aa90dd295257eebe
-size 1630824
--- a/flatpak-1.14.4.tar.xz
+++ b/flatpak-1.14.4.tar.xz
--- a/flatpak.changes
+++ b/flatpak.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Thu Mar 16 16:15:42 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.14.4 (CVE-2023-28101, CVE-2023-28100):
+  + Escape special characters when displaying permissions and
+    metadata, preventing malicious apps from manipulating the
+    appearance of the permissions list using crafted metadata
+    (CVE-2023-28101).
+  + If a Flatpak app is run on a Linux virtual console (tty1, tty2,
+    etc.), don't allow copy/paste via the TIOCLINUX ioctl
+    (CVE-2023-28100). Note that this is specific to virtual
+    consoles: Flatpak is not vulnerable to this if run from a
+    graphical terminal emulator such as xterm, gnome-terminal or
+    Konsole.
+  + Updated translations.
+
 -------------------------------------------------------------------
 Mon Feb 27 14:07:03 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>

--- a/flatpak.spec
+++ b/flatpak.spec
@ -34,7 +34,7 @@
 %define support_environment_generators 1
 %endif
 Name:           flatpak
-Version:        1.14.3
+Version:        1.14.4
 Release:        0
 Summary:        OSTree based application bundles management
 License:        LGPL-2.1-or-later