| Summary: | flatpak new security issue related to CVE-2019-5736 (CVE-2019-8308) and new security issue CVE-2019-10063 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Neal Gompa <ngompa13> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | fri, shlomif |
| Version: | 6 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | flatpak-1.0.6-1.mga7.src.rpm | CVE: | |
| Status comment: | Fixed upstream in 1.0.8 and 1.2.4 | ||
| Bug Depends on: | |||
| Bug Blocks: | 23866 | ||
|
Description
David Walser
2019-02-13 04:10:50 CET
David Walser
2019-02-13 04:11:07 CET
CC:
(none) =>
shlomif Debian has issued an advisory for this on February 12: https://www.debian.org/security/2019/dsa-4390 According to the Debian bug, it's also fixed upstream in 1.0.7. Status comment:
(none) =>
Fixed upstream in 1.0.7 and 1.2.3 flatpak-1.0.7-1.mga7 uploaded for Cauldron by Shlomi. Version:
Cauldron =>
6 RedHat has issued an advisory on May 7: https://access.redhat.com/errata/RHSA-2019:1024 The issue is fixed upstream in 1.0.8 and 1.2.4. Summary:
flatpak new security issue related to CVE-2019-5736 =>
flatpak new security issue related to CVE-2019-5736 and new security issue CVE-2019-10063 Mageia 6 is EOL Mageia 7 have Flatpak 1.4.1, with request for upgrade in Bug 25463 Resolution:
(none) =>
OLD Apparently the first issue got CVE-2019-8308: https://lists.opensuse.org/opensuse-updates/2019-08/msg00222.html Summary:
flatpak new security issue related to CVE-2019-5736 and new security issue CVE-2019-10063 =>
flatpak new security issue related to CVE-2019-5736 (CVE-2019-8308) and new security issue CVE-2019-10063 |