Anton Lydike discovered that Flatpak did not properly handle special tokens in desktop files. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.0.9-0ubuntu0.3", "binary_name": "flatpak" }, { "binary_version": "1.0.9-0ubuntu0.3", "binary_name": "flatpak-dbgsym" }, { "binary_version": "1.0.9-0ubuntu0.3", "binary_name": "flatpak-tests" }, { "binary_version": "1.0.9-0ubuntu0.3", "binary_name": "flatpak-tests-dbgsym" }, { "binary_version": "1.0.9-0ubuntu0.3", "binary_name": "gir1.2-flatpak-1.0" }, { "binary_version": "1.0.9-0ubuntu0.3", "binary_name": "libflatpak-dev" }, { "binary_version": "1.0.9-0ubuntu0.3", "binary_name": "libflatpak-doc" }, { "binary_version": "1.0.9-0ubuntu0.3", "binary_name": "libflatpak0" }, { "binary_version": "1.0.9-0ubuntu0.3", "binary_name": "libflatpak0-dbgsym" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.6.5-0ubuntu0.3", "binary_name": "flatpak" }, { "binary_version": "1.6.5-0ubuntu0.3", "binary_name": "flatpak-dbgsym" }, { "binary_version": "1.6.5-0ubuntu0.3", "binary_name": "flatpak-tests" }, { "binary_version": "1.6.5-0ubuntu0.3", "binary_name": "flatpak-tests-dbgsym" }, { "binary_version": "1.6.5-0ubuntu0.3", "binary_name": "gir1.2-flatpak-1.0" }, { "binary_version": "1.6.5-0ubuntu0.3", "binary_name": "libflatpak-dev" }, { "binary_version": "1.6.5-0ubuntu0.3", "binary_name": "libflatpak-doc" }, { "binary_version": "1.6.5-0ubuntu0.3", "binary_name": "libflatpak0" }, { "binary_version": "1.6.5-0ubuntu0.3", "binary_name": "libflatpak0-dbgsym" } ] }