-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4868-1
security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff
March 12, 2021
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : flatpak
CVE ID : CVE-2021-21381
Anton Lydike discovered that sandbox restrictions in Flatpak, an
application deployment framework for desktop apps, could by bypassed
via a malicious .desktop file.
For the stable distribution (buster), this problem has been fixed in
version 1.2.5-0+deb10u4.
We recommend that you upgrade your flatpak packages.
For the detailed security status of flatpak please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/flatpak
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBL3pkACgkQEMKTtsN8 TjaRXxAAhOmndiO/HWvXC95KQr+LinVmYTk3rdXQQ2NtLGCJwoSo8CY5Cs6P649h /nRAdNfjgfm40gVlOIIaI0v5pG7wTy4vTulwtRBbJ844wjuJEbTgsRPe2RIYIMLP sZDTG1be0k0X48JKavGehn4JqXe+GyF54+g0X1Mh34mG0e6LVdYriBy0nHS8/UHQ sI2S3ABS10zBz9nt+/CByvJabosPx4DaSMnWIHBanXFghu3TkhqVA/A1zX0VyZrT DN0oHTYtvV2gN+hFe6u128ANh1yfm6fVAIQ6z/BMvhwdjgDT23HUNDqnZG1Wdj5P LtICMy9ntBUF8Ho0oq8GguYY7AidUKzMqkd8UNufuM836mpy3YkCiVA76LHY0r4X 8VhpAsUyvdwS+enJ4q9SrvSfnlUKUG6032CPoC+UKqYwgaXtbEkcAvU1G2+WoiHW OhsFJTivFXB1cfZILU6FN8IvDJxKPJG7tnzFv8utYmiAkx1nIXdV/xTsaeEkgOPl s6zc4BVcx/CNgZYLRevoVN5sxG+Lo5hLj+Q4aqvWndXqEA3csDsMFD6sUBBTo5OW ee97tLVGMyK0mrN0akujpg3FrQOxcr0KmpBXATy2/4qbt/1waanMcSCJdup5C2p1 UkvOxgzS87GRL8O7gET8uPpk0T7zQ8pc/LeqoeshXqLS3kbe/iU=
=oU5p
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)