Received: (at submit) by debbugs.gnu.org; 23 Apr 2024 17:46:32 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 13:46:31 2024 Received: from localhost ([127.0.0.1]:53486 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rzKDs-0006B5-4n for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 13:46:31 -0400 Received: from lists.gnu.org ([2001:470:142::17]:40828) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <DonaldSanders1968@HIDDEN>) id 1rzJUs-0006hE-HG for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 13:00:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <DonaldSanders1968@HIDDEN>) id 1rzJUV-0007RM-AM for bug-guix@HIDDEN; Tue, 23 Apr 2024 12:59:35 -0400 Received: from mail-40137.protonmail.ch ([185.70.40.137]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <DonaldSanders1968@HIDDEN>) id 1rzJUT-0005jc-Ek for bug-guix@HIDDEN; Tue, 23 Apr 2024 12:59:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.ch; s=protonmail3; t=1713891569; x=1714150769; bh=FMtAWFGeFK0i+8va8vTekf0oATYLf8BFO7zW00XJyS8=; h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=Ltwy5p37cyrTkTUSW65xT9DIy+T6zA6kr1MEMcc7V8kKKKSmz3pW8uAACUZqtruIL zeW+5e7iZIyzHMqmqY1MSLfKBlFYqXX6nsVxMQpJLwaZXK5gyDoLBAYsvLDAlXBmQ/ ptxLHmg46tkSa/rcgBpeqJWHkhSuJTSUHggFC67QVM4j/uWsS8i0SyDnXK1dfUZED/ h8s5ecff9HcdATkonAILyiV4iGwDlHd1FPBB1c7r3jdwKnBNwZzsHF5AkTzbzHl7t+ 8UvPlOzzrWjExWAYYTBlEU28AoOdfwmc7hOM955Gb/wo7oAkGg7p8pSoCXx461fNnn ok7BUcpvCtnlQ== Date: Tue, 23 Apr 2024 16:59:22 +0000 To: "bug-guix@HIDDEN" <bug-guix@HIDDEN> From: DonaldSanders1968 <DonaldSanders1968@HIDDEN> Subject: Flatpak is vulnerable to CVE-2024-32462 Message-ID: <qeqeIkakymM_j1XHuLpUj6fAfaQc7EKOJNoTMONvxn4WVB5WLh1w5-EenTUwU0Y9tboWfN4-rSAaWXHdfWD3xRPoPTdnVF6pxXT9sRJeBVM=@protonmail.ch> Feedback-ID: 31958994:user:proton X-Pm-Message-ID: 7be5226d17cd6973afaded065d86b09272b1720c MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_hnHGmGOjrk26J9gE1jdTr8Mm7h8wWImfKjeLmyRrqDk" Received-SPF: pass client-ip=185.70.40.137; envelope-from=DonaldSanders1968@HIDDEN; helo=mail-40137.protonmail.ch X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.2 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi Guix, Flatpak before versions 1.10.9, 1.12.9, 1.14.6, and 1.15.8 is vulnerable to [CVE-2024-32462](https://nvd.nist.gov/vuln/detail/CVE-2024-32462). Currently what we have is in version 1.14.4. Kind regards, Content analysis details: (1.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (donaldsanders1968[at]protonmail.ch) 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (donaldsanders1968[at]protonmail.ch) 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 SPOOFED_FREEMAIL No description available. X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Tue, 23 Apr 2024 13:46:16 -0400 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.2 (/) This is a multi-part message in MIME format. --b1_hnHGmGOjrk26J9gE1jdTr8Mm7h8wWImfKjeLmyRrqDk Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 SGkgR3VpeCwKCkZsYXRwYWsgYmVmb3JlIHZlcnNpb25zIDEuMTAuOSwgMS4xMi45LCAxLjE0LjYs IGFuZCAxLjE1LjggaXMgdnVsbmVyYWJsZSB0byBbQ1ZFLTIwMjQtMzI0NjJdKGh0dHBzOi8vbnZk Lm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDI0LTMyNDYyKS4gQ3VycmVudGx5IHdoYXQgd2Ug aGF2ZSBpcyBpbiB2ZXJzaW9uIDEuMTQuNC4KCktpbmQgcmVnYXJkcywKCkRvbmFsZA== --b1_hnHGmGOjrk26J9gE1jdTr8Mm7h8wWImfKjeLmyRrqDk Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0 cHg7Ij5IaSBHdWl4LDwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBBcmlhbCwgc2Fucy1z ZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+PGJyPjwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5 OiBBcmlhbCwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+RmxhdHBhayBiZWZvcmUgdmVy c2lvbnMgMS4xMC45LCAxLjEyLjksIDEuMTQuNiwgYW5kIDEuMTUuOCBpcyB2dWxuZXJhYmxlIHRv IDxhIGhyZWY9Imh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDI0LTMyNDYy IiB0aXRsZT0iQ1ZFLTIwMjQtMzI0NjIiPkNWRS0yMDI0LTMyNDYyPC9hPi4gQ3VycmVudGx5IHdo YXQgd2UgaGF2ZSBpcyBpbiB2ZXJzaW9uIDEuMTQuNC48YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9u dC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij48YnI+PC9kaXY+ PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0 cHg7Ij5LaW5kIHJlZ2FyZHMsPC9kaXY+PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBz YW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij48YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1m YW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij5Eb25hbGQ8L2Rpdj4= --b1_hnHGmGOjrk26J9gE1jdTr8Mm7h8wWImfKjeLmyRrqDk--
DonaldSanders1968 <DonaldSanders1968@HIDDEN>
:bug-guix@HIDDEN
.
Full text available.bug-guix@HIDDEN
:bug#70539
; Package guix
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.