flatpak 1.6.5-0ubuntu0.3 source package in Ubuntu

Changelog

flatpak (1.6.5-0ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file
    (LP: #1918482)
   - debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in
     desktop files.
   - debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@
     prefix.
   - debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export
     .desktop files with suspicious uses.
   - CVE-2021-21381

 -- Andrew Hayzen <email address hidden>  Fri, 05 Mar 2021 22:21:25 +0000

Upload details

Uploaded by:
Andrew Hayzen
Sponsored by:
Steve Beattie
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
linux-any all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
flatpak_1.6.5.orig.tar.xz 1.3 MiB 8109ffb6a3e9bfc5dcf8999c9243b21596489f77d866b848169d50c0627f14db
flatpak_1.6.5-0ubuntu0.3.debian.tar.xz 35.6 KiB 714b23c875f3a81849833168e2ff781b00981f0bc3f315ed4e3e12583260dd90
flatpak_1.6.5-0ubuntu0.3.dsc 3.4 KiB 431eee5de22e28e9a77d532bbe9c328db956f41d552165deb2c7ef56d378d575

View changes file

Binary packages built by this source

flatpak: Application deployment framework for desktop apps

 Flatpak installs, manages and runs sandboxed desktop application bundles.
 Application bundles run partially isolated from the wider system, using
 containerization techniques such as namespaces to prevent direct access
 to system resources. Resources from outside the sandbox can be accessed
 via "portal" services, which are responsible for access control; for
 example, the Documents portal displays an "Open" dialog outside the
 sandbox, then allows the application to access only the selected file.
 .
 Each application uses a specified "runtime", or set of libraries, which is
 available as /usr inside its sandbox. This can be used to run application
 bundles with multiple, potentially incompatible sets of dependencies within
 the same desktop environment.
 .
 This package contains the services and executables needed to install and
 launch sandboxed applications, and the portal services needed to provide
 limited access to resources outside the sandbox.

flatpak-dbgsym: debug symbols for flatpak
flatpak-tests: Application deployment framework for desktop apps (tests)

 Flatpak installs, manages and runs sandboxed desktop application bundles.
 See the flatpak package for a more comprehensive description.
 .
 This package contains automated tests.

flatpak-tests-dbgsym: debug symbols for flatpak-tests
gir1.2-flatpak-1.0: Application deployment framework for desktop apps (introspection)

 Flatpak installs, manages and runs sandboxed desktop application bundles.
 See the flatpak package for a more comprehensive description.
 .
 This package can be used by other packages using the GIRepository format to
 generate dynamic bindings for libflatpak0.

libflatpak-dev: Application deployment framework for desktop apps (development)

 Flatpak installs, manages and runs sandboxed desktop application bundles.
 See the flatpak package for a more comprehensive description.
 .
 This package contains development headers and pkg-config metadata
 for libflatpak0.

libflatpak-doc: Application deployment framework for desktop apps (documentation)

 Flatpak installs, manages and runs sandboxed desktop application bundles.
 See the flatpak package for a more comprehensive description.
 .
 This package contains reference documentation for libflatpak0.

libflatpak0: Application deployment framework for desktop apps (library)

 Flatpak installs, manages and runs sandboxed desktop application bundles.
 See the flatpak package for a more comprehensive description.
 .
 This package contains the flatpak shared library, used by higher level
 package management tools like gnome-software.

libflatpak0-dbgsym: debug symbols for libflatpak0