GNU bug report logs - #73059
Flatpak is vulnerable to CVE-2024-42472

Previous Next

Package: guix;

Reported by: DonaldSanders1968 <DonaldSanders1968 <at> protonmail.ch>

Date: Thu, 5 Sep 2024 20:13:02 UTC

Severity: normal

Done: Zheng Junjie <zhengjunjie <at> iscas.ac.cn>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 73059 in the body.
You can then email your comments to 73059 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#73059; Package guix. (Thu, 05 Sep 2024 20:13:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to DonaldSanders1968 <DonaldSanders1968 <at> protonmail.ch>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Thu, 05 Sep 2024 20:13:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: DonaldSanders1968 <DonaldSanders1968 <at> protonmail.ch>
To: "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: Flatpak is vulnerable to CVE-2024-42472
Date: Thu, 05 Sep 2024 17:36:12 +0000

[Message part 1 (text/plain, inline)]
Hi Guix,

Current flatpak version in Guix channel is affected by [CVE-2024-42472](https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87).

Kind regards,
Donald
[Message part 2 (text/html, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#73059; Package guix. (Fri, 06 Sep 2024 14:49:02 GMT) Full text and rfc822 format available.

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Zheng Junjie <zhengjunjie <at> iscas.ac.cn>
To: DonaldSanders1968 via Bug reports for GNU Guix <bug-guix <at> gnu.org>
Cc: 73059-done <at> debbugs.gnu.org,
 DonaldSanders1968 <DonaldSanders1968 <at> protonmail.ch>
Subject: Re: bug#73059: Flatpak is vulnerable to CVE-2024-42472
Date: Fri, 06 Sep 2024 22:48:38 +0800

[Message part 1 (text/plain, inline)]
DonaldSanders1968 via Bug reports for GNU Guix <bug-guix <at> gnu.org> writes:

> Hi Guix,
>
> Current flatpak version in Guix channel is affected by CVE-2024-42472. 
>
> Kind regards,
>
> Donald

Thanks, update bubblewrap and it.

[signature.asc (application/pgp-signature, inline)]
Reply sent to Zheng Junjie <zhengjunjie <at> iscas.ac.cn>:
You have taken responsibility. (Fri, 06 Sep 2024 14:49:02 GMT) Full text and rfc822 format available.
Notification sent to DonaldSanders1968 <DonaldSanders1968 <at> protonmail.ch>:
bug acknowledged by developer. (Fri, 06 Sep 2024 14:49:02 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 05 Oct 2024 11:24:15 GMT) Full text and rfc822 format available.
This bug report was last modified 317 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.