[Pkg-utopia-maintainers] Bug#980323: flatpak: LD_LIBRARY_PATH is not set under flatpak-builder

Salvatore Bonaccorso carnil at debian.org
Thu Jan 21 22:10:46 GMT 2021


Hi Simon,

On Thu, Jan 21, 2021 at 06:25:25PM +0000, Simon McVittie wrote:
> On Thu, 21 Jan 2021 at 17:51:34 +0000, Simon McVittie wrote:
> > Security team: this is a regression in DSA 4830-1 (CVE-2021-21261), now
> > fixed upstream in 1.10.1 and backported to 1.2.x. In addition to the
> > regression that was reported in #980323, I looked at similar code paths
> > and fixed an equivalent regression elsewhere. It's a 2-line change
> > (I'll follow up with the full debdiff, which is rather larger due to
> > patch headers and changelog). Do you want a DSA 4830-2 to fix this?
> 
> Here's the proposed source debdiff.
> 
> I've assumed that urgency=medium genuinely *is* what I want this time :-)
> 
>     smcv

Thanks for the fix! Please do upload to security-master.

Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20210121/8b204a3d/attachment.sig>


More information about the Pkg-utopia-maintainers mailing list