rpms/flatpak
7
0
Fork 1
Code Issues Pull Requests Releases Activity
Application deployment framework for desktop apps
13 Commits 9 Branches 66 Tags 933 KiB
Diff 100%
9bcf4fe361
Go to file
Jan Grulich 9bcf4fe361 Fix arbitrary code execution via crafted symlinks in sandbox-expose options 
Resolves: RHEL-165633

Fix arbitrary file deletion on host via improper cache file path validation
Resolves: RHEL-170160
2026-05-21 09:36:12 +02:00
.gitignore Update to 1.12.9 (CVE-2024-32462) 2024-06-07 15:21:04 +02:00
CVE-2026-34078-1-flatpak-bwrap-add-dup-ing-variant-flatpak-bwrap-add-args-data-fd-dup.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-2-utils-add-flatpak-parse-fd.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-3-flatpak-bwrap-use-glnx-close-fd-as-clear-func.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-4-run-use-o-path-fds-for-the-runtime-and-app-deploy-directories.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-5-run-add-usr-fd-and-app-fd-options.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-6-run-add-ro-bind-fds-to-flatpak-run-app.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-7-run-add-ro-bind-fd-options.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-8-portal-use-bind-fd-app-fd-and-usr-fd-options-to-avoid-races.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-9-run-fix-checking-wrong-variable-in-runtime-fd-selection.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-10-run-mount-original-app-on-run-parent-app-when-using-app-path.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-11-portal-update-max-fd-after-creating-the-instance-id-pipe.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-12-run-fix-fd-tracking-in-flatpak-run-add-app-info-args.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-13-utils-improve-error-message-when-passing-an-fd-numer-which-is-not-a-fd.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-14-run-do-not-close-bind-ro-bind.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-15-run-use-the-same-fd-validation-for-all-fd-options.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-16-run-add-bind-fd-and-ro-bind-fd-binds-after-all-other-binds.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-17-portal-use-g-array-index-to-read-from-expose-fds-expose-fds-ro.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-18-run-fix-backport-mistake.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-19-run-cope-with-an-empty-runtime.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-20-dir-in-apply-extra-data-don-t-assume-there-is-always-a-runtime.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-21-utils-add-flatpak-set-cloexec.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-22-run-context-mark-fd-arguments-as-close-on-exec.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-23-utils-move-flatpak-get-path-for-fd-to-here.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-24-portal-avoid-crash-if-sandbox-expose-ro-fd-is-out-of-range.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-25-portal-log-and-ignore-unusable-sandbox-expose-fds-instead-of-erroring.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-26-portal-reinstate-flatpak-get-path-for-fd-checks.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-27-libtest-allow-adding-a-new-ref-to-an-existing-temporary-ostree-repo.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-28-app-context-never-close-fds-0-1-or-2.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34078-29-app-context-factor-out-flatpak-accept-fd-argument.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34079-1-utils-only-remove-cached-files-in-the-cache-directory.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34079-2-utils-do-not-follow-symlinks-in-local-open-file.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
CVE-2026-34079-3-system-helper-only-remove-an-ongoing-pull-if-users-match.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
flatpak-1.12.x-CVE-2024-42472.patch Backport upstream patches for CVE-2024-32462 2024-09-03 12:54:41 +02:00
flatpak-1.12.x-update-libglnx-for-glnx-chaseseat.patch Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
flatpak-add-fedora-repos.service Rebase to 1.12.8 2023-11-06 20:29:25 +01:00
flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch Rebase to 1.12.8 2023-11-06 20:29:25 +01:00
flatpak.spec Fix arbitrary code execution via crafted symlinks in sandbox-expose options 2026-05-21 09:36:12 +02:00
gating.yaml Bring gating.yaml over from Brew dist-git 2023-03-10 10:37:09 -08:00
rpminspect.yaml Silence 'rpminspect --tests=runpath' 2023-11-08 12:47:06 +01:00
sources Update to 1.12.9 (CVE-2024-32462) 2024-06-07 15:21:04 +02:00