GNU bug report logs - #70539
Flatpak is vulnerable to CVE-2024-32462

Previous Next

Package: guix;

Reported by: DonaldSanders1968 <DonaldSanders1968 <at> protonmail.ch>

Date: Tue, 23 Apr 2024 17:47:06 UTC

Severity: normal

Done: Z572 <zhengjunjie <at> iscas.ac.cn>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 70539 in the body.
You can then email your comments to 70539 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#70539; Package guix. (Tue, 23 Apr 2024 17:47:07 GMT) Full text and rfc822 format available.
Acknowledgement sent to DonaldSanders1968 <DonaldSanders1968 <at> protonmail.ch>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Tue, 23 Apr 2024 17:47:08 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: DonaldSanders1968 <DonaldSanders1968 <at> protonmail.ch>
To: "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: Flatpak is vulnerable to CVE-2024-32462
Date: Tue, 23 Apr 2024 16:59:22 +0000

[Message part 1 (text/plain, inline)]
Hi Guix,

Flatpak before versions 1.10.9, 1.12.9, 1.14.6, and 1.15.8 is vulnerable to [CVE-2024-32462](https://nvd.nist.gov/vuln/detail/CVE-2024-32462). Currently what we have is in version 1.14.4.

Kind regards,

Donald
[Message part 2 (text/html, inline)]
Reply sent to Z572 <zhengjunjie <at> iscas.ac.cn>:
You have taken responsibility. (Wed, 24 Apr 2024 02:47:09 GMT) Full text and rfc822 format available.
Notification sent to DonaldSanders1968 <DonaldSanders1968 <at> protonmail.ch>:
bug acknowledged by developer. (Wed, 24 Apr 2024 02:47:10 GMT) Full text and rfc822 format available.

Message #10 received at 70539-done <at> debbugs.gnu.org (full text, mbox):

From: Z572 <zhengjunjie <at> iscas.ac.cn>
To: DonaldSanders1968 <at> protonmail.ch
Cc: 70539-done <at> debbugs.gnu.org
Subject: bug#70539: Flatpak is vulnerable to CVE-2024-32462
Date: Wed, 24 Apr 2024 10:46:16 +0800

[Message part 1 (text/plain, inline)]
Thanks, fix in https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d115af1bcc48f07a40dafd94d1d00926d446d068

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 22 May 2024 11:24:11 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 70 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.