mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-04-03 14:56:47 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update NEWS

Browse Source 
Signed-off-by: Simon McVittie <smcv@collabora.com>
This commit is contained in:
Simon McVittie
2024-04-17 18:13:11 +01:00
parent 4fa5156efb
commit 4dc55a80c8
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
NEWS
View File

@@ -2,7 +2,14 @@ Changes in 1.14.6
~~~~~~~~~~~~~~~~~
Released: not yet
Bug fixes:
Security fixes:
* Don't allow an executable name to be misinterpreted as a command-line
option for bwrap(1). This prevents a sandbox escape where a malicious
or compromised app could ask xdg-desktop-portal to generate a .desktop
file with access to files outside the sandbox. (CVE-2024-32462)
Other bug fixes:
* Don't parse `<developer><name/></developer>` as the application name
(#5700)