While I'm not fully familiar with how things are done here, is it really sensible that the "Fix Released" status prevents search on the main page from even finding this issue?
We aren't far from the upstream fixes being available for a week already without any of the supported releases of Ubuntu getting a fix, and even the visibility of the problem is significantly limited. It's a sandbox escape vulnerability, therefore privilege escalation. Upstream took it seriously, as smcv mentioned there are even multiple fixed versions to choose from to update to, but regular users don't even get to know that they have been affected by a vulnerability marked with high severity upstream for so long. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062406 Title: CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/2062406/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
