summary refs log tree commit diff
path: root/nix/scripts
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2019-02-12 17:12:18 -0500
committerLeo Famulari <leo@famulari.name>2019-02-12 17:14:09 -0500
commite2760d1a8b7308eb284f5bf04b133cee7f58bbe0 (patch)
treec6eb551a2e4ee41ce94f8b9de070a6e8173fc12e /nix/scripts
parentdbf87ecb5205828b93d58802881e48b88cbc0137 (diff)
downloadguix-e2760d1a8b7308eb284f5bf04b133cee7f58bbe0.tar.gz
gnu: Flatpak: Update to 1.2.3 [security fixes].
From 'NEWS' in the source distribution:

The CVE-2019-5736 runc vulnerability is about using /proc/self/exe
to modify the host side binary from the sandbox. This mostly does not
affect flatpak since the flatpak sandbox is not run with root permissions.
However, there is one case (running the apply_extra script for system
installs) where this happens, so this release contains a fix for that.

 * Don't expose /proc in apply_extra script sandbox.

* gnu/packages/package-management.scm (flatpak): Update to 1.2.3.
Diffstat (limited to 'nix/scripts')
0 files changed, 0 insertions, 0 deletions