It was discovered that Flatpak incorrectly handled certain persisted directories. An attacker could possibly use this issue to read and write files in locations it would not normally have access to. A patch was also needed to Bubblewrap in order to avoid race conditions caused by this fix.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "flatpak", "binary_version": "1.6.5-0ubuntu0.5" }, { "binary_name": "flatpak-dbgsym", "binary_version": "1.6.5-0ubuntu0.5" }, { "binary_name": "flatpak-tests", "binary_version": "1.6.5-0ubuntu0.5" }, { "binary_name": "flatpak-tests-dbgsym", "binary_version": "1.6.5-0ubuntu0.5" }, { "binary_name": "gir1.2-flatpak-1.0", "binary_version": "1.6.5-0ubuntu0.5" }, { "binary_name": "libflatpak-dev", "binary_version": "1.6.5-0ubuntu0.5" }, { "binary_name": "libflatpak-doc", "binary_version": "1.6.5-0ubuntu0.5" }, { "binary_name": "libflatpak0", "binary_version": "1.6.5-0ubuntu0.5" }, { "binary_name": "libflatpak0-dbgsym", "binary_version": "1.6.5-0ubuntu0.5" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "flatpak", "binary_version": "1.12.7-1ubuntu0.1" }, { "binary_name": "flatpak-dbgsym", "binary_version": "1.12.7-1ubuntu0.1" }, { "binary_name": "flatpak-tests", "binary_version": "1.12.7-1ubuntu0.1" }, { "binary_name": "flatpak-tests-dbgsym", "binary_version": "1.12.7-1ubuntu0.1" }, { "binary_name": "gir1.2-flatpak-1.0", "binary_version": "1.12.7-1ubuntu0.1" }, { "binary_name": "libflatpak-dev", "binary_version": "1.12.7-1ubuntu0.1" }, { "binary_name": "libflatpak-doc", "binary_version": "1.12.7-1ubuntu0.1" }, { "binary_name": "libflatpak0", "binary_version": "1.12.7-1ubuntu0.1" }, { "binary_name": "libflatpak0-dbgsym", "binary_version": "1.12.7-1ubuntu0.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "flatpak", "binary_version": "1.14.6-1ubuntu0.1" }, { "binary_name": "flatpak-dbgsym", "binary_version": "1.14.6-1ubuntu0.1" }, { "binary_name": "flatpak-tests", "binary_version": "1.14.6-1ubuntu0.1" }, { "binary_name": "flatpak-tests-dbgsym", "binary_version": "1.14.6-1ubuntu0.1" }, { "binary_name": "gir1.2-flatpak-1.0", "binary_version": "1.14.6-1ubuntu0.1" }, { "binary_name": "libflatpak-dev", "binary_version": "1.14.6-1ubuntu0.1" }, { "binary_name": "libflatpak-doc", "binary_version": "1.14.6-1ubuntu0.1" }, { "binary_name": "libflatpak0", "binary_version": "1.14.6-1ubuntu0.1" }, { "binary_name": "libflatpak0-dbgsym", "binary_version": "1.14.6-1ubuntu0.1" } ] }