[Pkg-utopia-maintainers] Bug#880451: flatpak: older flatpak-dbus-proxy versions allowed legacy D-Bus eavesdropping
Florian Weimer
fw at deneb.enyo.de
Tue Oct 31 18:46:07 UTC 2017
* Simon McVittie:
> My guess is that the security team is not interested in issuing a DSA
> for this vulnerability and would prefer me to issue a stable update
> (I'm going to ask the SRMs whether they'll accept 0.8.8 into stable,
> and if not, propose a 0.8.7-2~deb9u2 version). Is my guess correct?
This is not a vulnerability because Flatpak applications set their own
sandboxing policy, so no trust boundary is crossed.
More information about the Pkg-utopia-maintainers
mailing list