** Description changed: - Placeholder for a future flatpak 1.0.X release for bionic and cosmic. + This is a request to SRU the latest microrelease of flatpak into bionic + and cosmic. Which is also a security update similar to the runc + CVE-2019-5736. + + Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059 + + [Impact] + + New upstream microrelease of flatpak, which brings security fixes + similar to the runc CVE-2019-5736. + + Bionic is currently at 1.0.6, whereas 1.0.7 is available upstream. + Cosmic is currently at 1.0.6, whereas 1.0.7 is available upstream. + + [Test Case] + + As stated in the debian bug there isn't yet an exploit to demonstration + the vulnerability, see the test plan below for testing flatpak itself. + + [Regression Potential] + + Flatpak has a test suite, which is run on build across all architectures + and passes. + + There is also a manual test plan + https://wiki.ubuntu.com/Process/Merges/TestPlan/flatpak. I have + confirmed that 1.0.7 passes with this test plan on both bionic and + cosmic (TODO). + + Flatpak has autopkgtests enabled + http://autopkgtest.ubuntu.com/packages/f/flatpak which is passing on + bionic and cosmic. + + Regression potential is low, and upstream is very responsive to any + issues raised.
** Summary changed: - New upstream microrelease flatpak 1.0.X + New upstream microrelease flatpak 1.0.7 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815528 Title: New upstream microrelease flatpak 1.0.7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1815528/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
