Fixes CVE-2024-32462

2024-05-07 09:20:57 -05:00 · 2024-05-07 09:20:57 -05:00 · 1045f6590d
commit 1045f6590d
parent ca33e6c3b9
1 changed files with 7 additions and 1 deletions
--- a/flatpak.spec
+++ b/flatpak.spec
@ -3,7 +3,7 @@

 Name:           flatpak
 Version:        1.12.8
-Release:        1%{?dist}
+Release:        1%{?dist}.alma.1
 Summary:        Application deployment framework for desktop apps

 License:        LGPLv2+
@ -17,6 +17,9 @@ Source1:        flatpak-add-fedora-repos.service

 # https://bugzilla.redhat.com/show_bug.cgi?id=1935508
 Patch0:         flatpak-dir-Use-SHA256-not-SHA1-to-name-the-cache-for-a-filt.patch
+# https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj
+# https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97
+Patch1:         flatpak-cve-2024-32462.patch

 BuildRequires:  pkgconfig(appstream-glib)
 BuildRequires:  pkgconfig(dconf)
@ -276,6 +279,9 @@ fi


 %changelog
+* Tue Apr 30 2024 Jonathan Wright <jonathan@almalinux.org> - 1.12.8-1.alma.1
+- Fix CVE-2024-32462
+
 * Tue Jul 11 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.12.8-1
 - Update to 1.12.8 (CVE-2023-28100, CVE-2023-28101)
 Resolves: #2180312, #2221792