Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#67514 - [security][firejail] CVE-2020-17367 / CVE-2020-17368
Attached to Project:
Community Packages
Opened by T.J. Townsend (blakkheim) - Thursday, 06 August 2020, 20:34 GMT
Last edited by Sergej Pupykin (sergej) - Tuesday, 11 August 2020, 22:22 GMT
Opened by T.J. Townsend (blakkheim) - Thursday, 06 August 2020, 20:34 GMT
Last edited by Sergej Pupykin (sergej) - Tuesday, 11 August 2020, 22:22 GMT
|
DetailsDescription:
The firejail package is currently vulnerable to these two issues. Fixes for both are now public. Additional info: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37 https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b Patches should be added to the package in lieu of a new release, which has not been made as of the time this bug is being filed. |
This task depends upon
Comment by T.J. Townsend (blakkheim) -
Thursday, 06 August 2020, 21:15 GMT
PKGBUILD diff to add patches.
firejail.diff
(1.4 KiB)
Comment by T.J. Townsend (blakkheim) -
Tuesday, 11 August 2020, 12:38 GMT
Upstream fix: https://github.com/netblue30/firejail/releases/tag/0.9.62.2