Bug 21135

Summary: flatpak new security issue CVE-2017-9780
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Neal Gompa <ngompa13>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: flatpak-0.9.4-2.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-06-23 23:45:45 CEST 
A security issue fixed upstream in flatpak has been announced:
http://openwall.com/lists/oss-security/2017/06/22/13

The issue is fixed in 0.9.6.
Comment 1 David Walser 2017-06-24 00:32:56 CEST 
Debian has issued an advisory for this on June 22:
https://www.debian.org/security/2017/dsa-3895
Comment 2 Neal Gompa 2017-06-24 04:23:30 CEST 
Freeze push request sent for ostree (to 2017.7) and flatpak (to 0.9.6) to resolve this.
Comment 3 David Walser 2017-06-24 12:10:19 CEST 
flatpak-0.9.6-2.mga6 uploaded for Cauldron.  Thanks.

Resolution: (none) => FIXED
Status: NEW => RESOLVED