Bug 21135 - flatpak new security issue CVE-2017-9780
Summary: flatpak new security issue CVE-2017-9780
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Neal Gompa
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-23 23:45 CEST by David Walser
Modified: 2017-06-24 12:10 CEST (History)
0 users

See Also:
Source RPM: flatpak-0.9.4-2.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-06-23 23:45:45 CEST 
A security issue fixed upstream in flatpak has been announced:
http://openwall.com/lists/oss-security/2017/06/22/13

The issue is fixed in 0.9.6.
Comment 1 David Walser 2017-06-24 00:32:56 CEST 
Debian has issued an advisory for this on June 22:
https://www.debian.org/security/2017/dsa-3895
Comment 2 Neal Gompa 2017-06-24 04:23:30 CEST 
Freeze push request sent for ostree (to 2017.7) and flatpak (to 0.9.6) to resolve this.
Comment 3 David Walser 2017-06-24 12:10:19 CEST 
flatpak-0.9.6-2.mga6 uploaded for Cauldron.  Thanks.

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.