Changelog
flatpak (1.10.8-0+deb11u1) bullseye; urgency=high
* New upstream stable release
* Security fixes:
- Escape special characters when displaying permissions and metadata,
preventing malicious apps from manipulating the appearance of the
permissions list using crafted metadata
(Closes: #1033098; CVE-2023-28101)
- If a Flatpak app is run on a Linux virtual console (tty1, etc.),
don't allow copy/paste via the TIOCLINUX ioctl
(Closes: #1033099; CVE-2023-28100).
Note that this is specific to virtual consoles: Flatpak is not
vulnerable to this if run from a graphical terminal emulator such
as xterm, gnome-terminal or Konsole.
* Other bug fixes:
- If an app update is blocked by parental controls policies, clean up
the temporary deploy directory
- Fix Autotools build with newer versions of gpgme
- Fix various regressions in `flatpak history` since 1.9.1
- Fix a typo in an error message
- Translation update: pl
- Add test coverage for seccomp filters
* d/copyright: Update
-- Simon McVittie <email address hidden> Sat, 18 Mar 2023 15:29:44 +0000