I'm manually closing the bug now since it was accepted into noble- proposed without a LP bug number. I'll watch to make sure it migrates to noble release
https://launchpad.net/ubuntu/+source/flatpak/1.14.6-1 ** Changed in: flatpak (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to flatpak in Ubuntu. https://bugs.launchpad.net/bugs/2062406 Title: CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88 Status in flatpak package in Ubuntu: Fix Released Bug description: Upstream advisory: https://github.com/flatpak/flatpak/security/advisories/GHSA- phv6-cpc2-2fgj If possible please sync 1.14.6-1 from Debian instead of backporting fixes. That version only fixes the security issue and one other high- visibility bug (app developer names showing in the CLI as though they were the app's name). https://github.com/flatpak/flatpak/compare/1.14.5...1.14.6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/2062406/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
