Simon McVittie discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system (a sandbox escape). A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak "run" command, and use it to execute arbitrary code outside the sandbox.
{ "availability": "No subscription required", "binaries": [ { "gir1.2-flatpak-1.0": "1.0.9-0ubuntu0.2", "flatpak-tests": "1.0.9-0ubuntu0.2", "libflatpak0": "1.0.9-0ubuntu0.2", "libflatpak0-dbgsym": "1.0.9-0ubuntu0.2", "flatpak": "1.0.9-0ubuntu0.2", "flatpak-tests-dbgsym": "1.0.9-0ubuntu0.2", "libflatpak-doc": "1.0.9-0ubuntu0.2", "libflatpak-dev": "1.0.9-0ubuntu0.2", "flatpak-dbgsym": "1.0.9-0ubuntu0.2" } ] }
{ "availability": "No subscription required", "binaries": [ { "gir1.2-flatpak-1.0": "1.6.5-0ubuntu0.2", "flatpak-tests": "1.6.5-0ubuntu0.2", "libflatpak0": "1.6.5-0ubuntu0.2", "libflatpak0-dbgsym": "1.6.5-0ubuntu0.2", "flatpak": "1.6.5-0ubuntu0.2", "flatpak-tests-dbgsym": "1.6.5-0ubuntu0.2", "libflatpak-doc": "1.6.5-0ubuntu0.2", "libflatpak-dev": "1.6.5-0ubuntu0.2", "flatpak-dbgsym": "1.6.5-0ubuntu0.2" } ] }