{"affected":[{"ecosystem_specific":{"binaries":[{"flatpak":"1.10.8-150200.4.15.1","flatpak-devel":"1.10.8-150200.4.15.1","flatpak-zsh-completion":"1.10.8-150200.4.15.1","libflatpak0":"1.10.8-150200.4.15.1","system-user-flatpak":"1.10.8-150200.4.15.1","typelib-1_0-Flatpak-1_0":"1.10.8-150200.4.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS","name":"flatpak","purl":"pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.8-150200.4.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"flatpak":"1.10.8-150200.4.15.1","flatpak-devel":"1.10.8-150200.4.15.1","flatpak-zsh-completion":"1.10.8-150200.4.15.1","libflatpak0":"1.10.8-150200.4.15.1","system-user-flatpak":"1.10.8-150200.4.15.1","typelib-1_0-Flatpak-1_0":"1.10.8-150200.4.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS","name":"flatpak","purl":"pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.8-150200.4.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"flatpak":"1.10.8-150200.4.15.1","flatpak-devel":"1.10.8-150200.4.15.1","flatpak-zsh-completion":"1.10.8-150200.4.15.1","libflatpak0":"1.10.8-150200.4.15.1","system-user-flatpak":"1.10.8-150200.4.15.1","typelib-1_0-Flatpak-1_0":"1.10.8-150200.4.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","name":"flatpak","purl":"pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.8-150200.4.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"flatpak":"1.10.8-150200.4.15.1","flatpak-devel":"1.10.8-150200.4.15.1","flatpak-zsh-completion":"1.10.8-150200.4.15.1","libflatpak0":"1.10.8-150200.4.15.1","system-user-flatpak":"1.10.8-150200.4.15.1","typelib-1_0-Flatpak-1_0":"1.10.8-150200.4.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Real Time 15 SP3","name":"flatpak","purl":"pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.8-150200.4.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"flatpak":"1.10.8-150200.4.15.1","flatpak-devel":"1.10.8-150200.4.15.1","flatpak-zsh-completion":"1.10.8-150200.4.15.1","libflatpak0":"1.10.8-150200.4.15.1","system-user-flatpak":"1.10.8-150200.4.15.1","typelib-1_0-Flatpak-1_0":"1.10.8-150200.4.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP2-LTSS","name":"flatpak","purl":"pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.8-150200.4.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"flatpak":"1.10.8-150200.4.15.1","flatpak-devel":"1.10.8-150200.4.15.1","flatpak-zsh-completion":"1.10.8-150200.4.15.1","libflatpak0":"1.10.8-150200.4.15.1","system-user-flatpak":"1.10.8-150200.4.15.1","typelib-1_0-Flatpak-1_0":"1.10.8-150200.4.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","name":"flatpak","purl":"pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.8-150200.4.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"flatpak":"1.10.8-150200.4.15.1","flatpak-devel":"1.10.8-150200.4.15.1","flatpak-zsh-completion":"1.10.8-150200.4.15.1","libflatpak0":"1.10.8-150200.4.15.1","system-user-flatpak":"1.10.8-150200.4.15.1","typelib-1_0-Flatpak-1_0":"1.10.8-150200.4.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP2","name":"flatpak","purl":"pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.8-150200.4.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"flatpak":"1.10.8-150200.4.15.1","flatpak-devel":"1.10.8-150200.4.15.1","flatpak-zsh-completion":"1.10.8-150200.4.15.1","libflatpak0":"1.10.8-150200.4.15.1","system-user-flatpak":"1.10.8-150200.4.15.1","typelib-1_0-Flatpak-1_0":"1.10.8-150200.4.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","name":"flatpak","purl":"pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.8-150200.4.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"flatpak":"1.10.8-150200.4.15.1","flatpak-devel":"1.10.8-150200.4.15.1","flatpak-zsh-completion":"1.10.8-150200.4.15.1","libflatpak0":"1.10.8-150200.4.15.1","system-user-flatpak":"1.10.8-150200.4.15.1","typelib-1_0-Flatpak-1_0":"1.10.8-150200.4.15.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 7","name":"flatpak","purl":"pkg:rpm/suse/flatpak&distro=SUSE%20Enterprise%20Storage%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.8-150200.4.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"flatpak":"1.10.8-150200.4.15.1","flatpak-devel":"1.10.8-150200.4.15.1","flatpak-zsh-completion":"1.10.8-150200.4.15.1","libflatpak0":"1.10.8-150200.4.15.1","system-user-flatpak":"1.10.8-150200.4.15.1","typelib-1_0-Flatpak-1_0":"1.10.8-150200.4.15.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 7.1","name":"flatpak","purl":"pkg:rpm/suse/flatpak&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.8-150200.4.15.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for flatpak fixes the following issues:\n\n- CVE-2023-28101: Fixed misleading terminal output with metadata with ANSI control codes (bsc#1209410).\n- CVE-2023-28100: Fixed unsandboxed TIOCLINUX commands (bsc#1209411).\n\nUpdate to version 1.10.8:\n\n- If an app update is blocked by parental controls policies,\n  clean up the temporary deploy directory\n- Fix Autotools build with versions of gpgme that no longer\n  provide gpgme-config(1)\n- Fix regressions in `flatpak history` since 1.9.1\n  + Don't display the appstream branch used internally\n  + Don't display temporary repositories used internally\n  + Ignore transaction log entries with empty REF field\n  + Warn instead of failing if other non-app, non-runtime refs are found\n  + Don't set up an unnecessary polkit agent for `flatpak history`\n  + Add test coverage\n- Fix a typo in an error message\n- Fix incorrect year in NEWS for 1.10.7 release\n- Translation update: pl\n- Add test coverage for Flatpak's seccomp filters\n","id":"SUSE-SU-2023:1714-1","modified":"2023-03-31T12:04:50Z","published":"2023-03-31T12:04:50Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20231714-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1209410"},{"type":"REPORT","url":"https://bugzilla.suse.com/1209411"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-28100"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-28101"}],"related":["CVE-2023-28100","CVE-2023-28101"],"summary":"Security update for flatpak","upstream":["CVE-2023-28100","CVE-2023-28101"]}