That CVE was announced here: https://www.openwall.com/lists/oss-security/2024/04/18/5 Mageia 9 is also affected. The problem is fixed in versions 1.15.8 (Cauldron) and 1.14.6 (Mageia 9).
Source RPM: (none) => flatpak-1.15.6-1.mga10.src.rpmWhiteboard: (none) => MGA9TOOCVE: (none) => CVE-2024-32462Status comment: (none) => Fixed upstream in 1.15.8 and 1.14.6
Simple version updates. Assigning yet another to you DavidG, as you committed the most recent Flatpak versions.
Assignee: bugsquad => geiger.david68210
Done for both mga9 and Cauldron!
Whiteboard: MGA9TOO => (none)Version: Cauldron => 9
Assigning to QA, Packages in 9/Core/Updates_testing: ====================== flatpak-1.14.6-1.mga9 flatpak-tests-1.14.6-1.mga9 libflatpak-devel-1.14.6-1.mga9 libflatpak-gir1.0-1.14.6-1.mga9 libflatpak0-1.14.6-1.mga9 lib64flatpak-devel-1.14.6-1.mga9 lib64flatpak-gir1.0-1.14.6-1.mga9 lib64flatpak0-1.14.6-1.mga9 From SRPMS: flatpak-1.14.6-1.mga9.src.rpm
Assignee: geiger.david68210 => qa-bugs
mga9-64, Plasma, X11, nvidia-current Updated what was installed, to: - flatpak-1.14.6-1.mga9.x86_64 - lib64flatpak-gir1.0-1.14.6-1.mga9.x86_64 - lib64flatpak0-1.14.6-1.mga9.x86_64 rebooted. flatpak update: updated some flatpaks OK Tried some programs: OK, incl flatseal - editor for flatpak app permissions
CC: (none) => fri
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues Google to find some way of testing as flatpak hasn't been on this laptop, and I never used it before Found https://docs.flatpak.org/en/latest/using-flatpak.html $ flatpak update Looking for updates… Nothing to do. $ flatpak remotes $ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo $ flatpak remotes Name Options flathub system $ flatpak search kate Name Description Application ID Version Branch Remotes KWrite Text Editor org.kde.kwrite 24.05.1 stable flathub $ flatpak install flathub org.kde.kwrite Looking for matches… Required runtime for org.kde.kwrite/x86_64/stable (runtime/org.kde.Platform/x86_64/6.6) found in remote flathub Do you want to install it? [Y/n]: y org.kde.kwrite permissions: ipc cups fallback-x11 wayland x11 dri file access [1] dbus access [2] system dbus access [3] [1] host, xdg-config/kdeglobals:ro [2] com.canonical.AppMenu.Registrar, org.kde.KGlobalSettings, org.kde.kconfig.notify [3] org.freedesktop.UDisks2 ID Branch Op Remote Download 1. [✓] org.freedesktop.Platform.GL.default 23.08 i flathub 172.0 MB / 172.2 MB 2. [✓] org.freedesktop.Platform.GL.default 23.08-extra i flathub 19.2 MB / 172.2 MB 3. [✓] org.freedesktop.Platform.VAAPI.Intel 23.08 i flathub 13.3 MB / 13.4 MB 4. [✓] org.freedesktop.Platform.openh264 2.2.0 i flathub 1.2 MB / 944.3 kB 5. [✓] org.gtk.Gtk3theme.Breeze 3.22 i flathub 249.6 kB / 192.4 kB 6. [✓] org.kde.Platform.Locale 6.6 i flathub 18.0 kB / 380.9 MB 7. [✓] org.kde.Platform 6.6 i flathub 263.8 MB / 331.2 MB 8. [✓] org.kde.kwrite.Locale stable i flathub 7.5 kB / 3.6 MB 9. [✓] org.kde.kwrite stable i flathub 7.0 MB / 4.6 MB Installation complete. $ flatpak run org.kde.kwrite (flatpak run:40445): GLib-GIO-WARNING **: 17:20:10.982: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here. Only the non-desktop-specific mimeapps.list file may add or remove associations. Detected locale "C" with character encoding "ANSI_X3.4-1968", which is not UTF-8. Qt depends on a UTF-8 locale, and has switched to "C.UTF-8" instead. If this causes problems, reconfigure your locale. See the locale(1) manual for more information. Runs OK, I can open a txt file and save changes. Good for me.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
CC: (none) => andrewsfarm
On the rare occasions when I use flatpak, it's with Discover. Updated the flatpak packages with no issues. Ran Discover, installed a couple of games from Flathub. No issues, confirming the OK. Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0229.html
Status: NEW => RESOLVEDResolution: (none) => FIXED