Candidate: CVE-2019-8308
PublicDate: 2019-02-12 23:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8308
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059
 https://github.com/flatpak/flatpak/releases/tag/1.0.7
 https://github.com/flatpak/flatpak/releases/tag/1.2.3
Description:
 Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in
 the apply_extra script sandbox, which allows attackers to modify a
 host-side executable file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059
 https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1815528
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H [8.2 HIGH]


Patches_flatpak:
upstream_flatpak: released (1.2.3-1)
precise/esm_flatpak: DNE
trusty_flatpak: DNE
trusty/esm_flatpak: DNE
xenial_flatpak: DNE
bionic_flatpak: released (1.0.7-0ubuntu0.18.04.1)
cosmic_flatpak: released (1.0.7-0ubuntu0.18.10.1)
devel_flatpak: not-affected (1.2.3-1)