From c2760e66b2b20fa8fc02556bd37c8125b04941d2 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 17 Apr 2024 18:16:44 +0100 Subject: [PATCH] Update NEWS Signed-off-by: Simon McVittie --- NEWS | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/NEWS b/NEWS index bf257f80f..167c4e11c 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,13 @@ +Changes in 1.12.9 +~~~~~~~~~~~~~~~~~ + +Security fixes: + + * Don't allow an executable name to be misinterpreted as a command-line + option for bwrap(1). This prevents a sandbox escape where a malicious + or compromised app could ask xdg-desktop-portal to generate a .desktop + file with access to files outside the sandbox. (CVE-2024-32462) + Changes in 1.12.8 ~~~~~~~~~~~~~~~~~ Released: 2023-03-16