mirror of
https://github.com/flatpak/flatpak.git
synced 2026-04-03 14:56:47 -04:00
f015f91dc3
The TIOCLINUX ioctl is only available on Linux virtual consoles such as /dev/tty1. It has several Linux-specific functions, one of which is a copy/paste operation which can be used for attacks similar to TIOCSTI. This vulnerability does not affect typical graphical terminal emulators such as xterm, gnome-terminal and Konsole, and Flatpak is primarily designed to be run from a Wayland or X11 graphical environment, so this is relatively unlikely to be a practical problem. CVE-2023-28100, GHSA-7qpw-3vjv-xrqp Resolves: https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp Signed-off-by: Simon McVittie <smcv@debian.org>
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
See https://flatpak.org/ for more information.
Community discussion happens in #flatpak:matrix.org, on the mailing list, and on the Flathub Discourse.
Read documentation for Flatpak here.
Contributing
Flatpak welcomes contributions from anyone! Here are some ways you can help:
- Fix one of the issues and submit a PR
- Update flatpak's translations and submit a PR
- Improve flatpak's documentation, hosted at http://docs.flatpak.org and developed over in flatpak-docs
- Find a bug and submit a detailed report including your OS, flatpak version, and the steps to reproduce
- Add your favorite application to Flathub by writing a flatpak-builder manifest and submitting it
- Improve the Flatpak support in your favorite Linux distribution
Hacking
See CONTRIBUTING.md
Related Projects
Here are some notable projects in the Flatpak ecosystem:
- Flatseal: An app for managing permissions of Flatpak apps without using the CLI
- Flat-manager: A tool for managing Flatpak repositories