GNU bug report logs - #70539
Flatpak is vulnerable to CVE-2024-32462

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: guix; Reported by: DonaldSanders1968 <DonaldSanders1968@HIDDEN>; dated Tue, 23 Apr 2024 17:47:06 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 23 Apr 2024 17:46:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 13:46:31 2024
Received: from localhost ([127.0.0.1]:53486 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rzKDs-0006B5-4n
	for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 13:46:31 -0400
Received: from lists.gnu.org ([2001:470:142::17]:40828)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <DonaldSanders1968@HIDDEN>) id 1rzJUs-0006hE-HG
 for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 13:00:00 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <DonaldSanders1968@HIDDEN>)
 id 1rzJUV-0007RM-AM
 for bug-guix@HIDDEN; Tue, 23 Apr 2024 12:59:35 -0400
Received: from mail-40137.protonmail.ch ([185.70.40.137])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <DonaldSanders1968@HIDDEN>)
 id 1rzJUT-0005jc-Ek
 for bug-guix@HIDDEN; Tue, 23 Apr 2024 12:59:35 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.ch;
 s=protonmail3; t=1713891569; x=1714150769;
 bh=FMtAWFGeFK0i+8va8vTekf0oATYLf8BFO7zW00XJyS8=;
 h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:
 Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector;
 b=Ltwy5p37cyrTkTUSW65xT9DIy+T6zA6kr1MEMcc7V8kKKKSmz3pW8uAACUZqtruIL
 zeW+5e7iZIyzHMqmqY1MSLfKBlFYqXX6nsVxMQpJLwaZXK5gyDoLBAYsvLDAlXBmQ/
 ptxLHmg46tkSa/rcgBpeqJWHkhSuJTSUHggFC67QVM4j/uWsS8i0SyDnXK1dfUZED/
 h8s5ecff9HcdATkonAILyiV4iGwDlHd1FPBB1c7r3jdwKnBNwZzsHF5AkTzbzHl7t+
 8UvPlOzzrWjExWAYYTBlEU28AoOdfwmc7hOM955Gb/wo7oAkGg7p8pSoCXx461fNnn
 ok7BUcpvCtnlQ==
Date: Tue, 23 Apr 2024 16:59:22 +0000
To: "bug-guix@HIDDEN" <bug-guix@HIDDEN>
From: DonaldSanders1968 <DonaldSanders1968@HIDDEN>
Subject: Flatpak is vulnerable to CVE-2024-32462
Message-ID: <qeqeIkakymM_j1XHuLpUj6fAfaQc7EKOJNoTMONvxn4WVB5WLh1w5-EenTUwU0Y9tboWfN4-rSAaWXHdfWD3xRPoPTdnVF6pxXT9sRJeBVM=@protonmail.ch>
Feedback-ID: 31958994:user:proton
X-Pm-Message-ID: 7be5226d17cd6973afaded065d86b09272b1720c
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="b1_hnHGmGOjrk26J9gE1jdTr8Mm7h8wWImfKjeLmyRrqDk"
Received-SPF: pass client-ip=185.70.40.137;
 envelope-from=DonaldSanders1968@HIDDEN; helo=mail-40137.protonmail.ch
X-Spam_score_int: -17
X-Spam_score: -1.8
X-Spam_bar: -
X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
 RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi Guix, Flatpak before versions 1.10.9, 1.12.9, 1.14.6, and
 1.15.8 is vulnerable to
 [CVE-2024-32462](https://nvd.nist.gov/vuln/detail/CVE-2024-32462).
 Currently what we have is in version 1.14.4. Kind regards, 
 Content analysis details:   (1.2 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (donaldsanders1968[at]protonmail.ch)
 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
 in digit (donaldsanders1968[at]protonmail.ch)
 1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.0 SPOOFED_FREEMAIL       No description available.
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Tue, 23 Apr 2024 13:46:16 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)

This is a multi-part message in MIME format.

--b1_hnHGmGOjrk26J9gE1jdTr8Mm7h8wWImfKjeLmyRrqDk
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64

SGkgR3VpeCwKCkZsYXRwYWsgYmVmb3JlIHZlcnNpb25zIDEuMTAuOSwgMS4xMi45LCAxLjE0LjYs
IGFuZCAxLjE1LjggaXMgdnVsbmVyYWJsZSB0byBbQ1ZFLTIwMjQtMzI0NjJdKGh0dHBzOi8vbnZk
Lm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDI0LTMyNDYyKS4gQ3VycmVudGx5IHdoYXQgd2Ug
aGF2ZSBpcyBpbiB2ZXJzaW9uIDEuMTQuNC4KCktpbmQgcmVnYXJkcywKCkRvbmFsZA==

--b1_hnHGmGOjrk26J9gE1jdTr8Mm7h8wWImfKjeLmyRrqDk
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0
cHg7Ij5IaSBHdWl4LDwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBBcmlhbCwgc2Fucy1z
ZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+PGJyPjwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5
OiBBcmlhbCwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+RmxhdHBhayBiZWZvcmUgdmVy
c2lvbnMgMS4xMC45LCAxLjEyLjksIDEuMTQuNiwgYW5kIDEuMTUuOCBpcyB2dWxuZXJhYmxlIHRv
IDxhIGhyZWY9Imh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDI0LTMyNDYy
IiB0aXRsZT0iQ1ZFLTIwMjQtMzI0NjIiPkNWRS0yMDI0LTMyNDYyPC9hPi4gQ3VycmVudGx5IHdo
YXQgd2UgaGF2ZSBpcyBpbiB2ZXJzaW9uIDEuMTQuNC48YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9u
dC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij48YnI+PC9kaXY+
PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0
cHg7Ij5LaW5kIHJlZ2FyZHMsPC9kaXY+PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBz
YW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij48YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1m
YW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij5Eb25hbGQ8L2Rpdj4=


--b1_hnHGmGOjrk26J9gE1jdTr8Mm7h8wWImfKjeLmyRrqDk--
Acknowledgement sent to DonaldSanders1968 <DonaldSanders1968@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#70539; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Tue, 23 Apr 2024 18:00:12 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.