mirror of
https://github.com/flatpak/flatpak.git
synced 2026-03-28 11:54:01 -04:00
8e63de9a7d
The TIOCLINUX ioctl is only available on Linux virtual consoles such as /dev/tty1. It has several Linux-specific functions, one of which is a copy/paste operation which can be used for attacks similar to TIOCSTI. This vulnerability does not affect typical graphical terminal emulators such as xterm, gnome-terminal and Konsole, and Flatpak is primarily designed to be run from a Wayland or X11 graphical environment, so this is relatively unlikely to be a practical problem. CVE-2023-28100, GHSA-7qpw-3vjv-xrqp Resolves: https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp Signed-off-by: Simon McVittie <smcv@debian.org>
4.9 KiB
4.9 KiB