flatpak 1.14.4 has been released today (March 16), fixing security issues: https://github.com/flatpak/flatpak/releases/tag/1.14.4 Mageia 8 may also be affected.
Status comment: (none) => Fixed upstream in 1.14.4Whiteboard: (none) => MGA8TOO
Done for Cauldron!
CC: (none) => geiger.david68210
(Awaiting freeze move, to be clear)
Whether DavidG or NicolasL does the M8 bit - up to you. Assigning this to neoclust for M8 anyway. He has done previous flatpak version updates, and is registered maintainer for flatpack (not the same thing!).
Assignee: bugsquad => mageia
Done for mga8 updating to 1.12.8.
Cauldron still pending freeze move. Mageia 8 update: flatpak-1.12.8-1.mga8 flatpak-tests-1.12.8-1.mga8 libflatpak0-1.12.8-1.mga8 libflatpak-gir1.0-1.12.8-1.mga8 libflatpak-devel-1.12.8-1.mga8 from flatpak-1.12.8-1.mga8.src.rpm References: https://github.com/flatpak/flatpak/releases/tag/1.12.8
mga8-64 OK, on Plasma, nvidia-currrent, Intel i7, kernel 5.15.88-desktop-1.mga8 Updated installed packages to - flatpak-1.12.8-1.mga8.x86_64 - lib64flatpak-gir1.0-1.12.8-1.mga8.x86_64 - lib64flatpak0-1.12.8-1.mga8.x86_64 Tests ok: before and after system reboot o $ flatpak update (updates flatpak apps) o Firefox with internet video o Signal (phone-desktop integration) o Spotify o Simple launching of: Blender, KiCAD, Fritzing (an old flatpak)
CC: (none) => fri
More info on the CVEs: https://www.openwall.com/lists/oss-security/2023/03/17/1 https://www.openwall.com/lists/oss-security/2023/03/17/2
Assignee: mageia => qa-bugs
Cauldron freeze move is performed Mga8-64 is working for me, validating Advisory needed
Version: Cauldron => 8CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: MGA8TOO => MGA8-64-OK
Status comment: Fixed upstream in 1.14.4 => (none)
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0115.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED