Red Hat Security Advisory 2024-5453-03 - This is an updated version of the Fence Agents Remediation Operator. This Operator is delivered by Red Hat Workload Availability, and version 0.4.1 is now available for RHEL 8. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5453.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Fence Agents Remediation 0.4.1 - Security updateAdvisory ID:        RHSA-2024:5453-03Product:            Red Hat OpenShift Workload AvailabilityAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5453Issue date:         2024-08-15Revision:           03CVE Names:          CVE-2024-5651====================================================================Summary: This is an updated version of the Fence Agents Remediation Operator. This Operator is delivered by Red Hat Workload Availability, and version 0.4.1 is now available for RHEL 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Fence Agents Remediation Operator fences and remediates nodes usingwell-known agents. The remediation includes fencing the unhealthy node,using a fencing agent, and then evicting workloads from the unhealthy node.Security Fix:* fence-agent: Fence Agent Command Line Options Leads to Remote Code Execution (CVE-2024-5651)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-5651References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2290540https://issues.redhat.com/browse/ECOPROJECT-2024

Red Hat Security Advisory 2024-5453-03

Red Hat Security Advisory 2024-5363-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5363.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:5363-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5363  
Issue date:         2024-08-16  
Revision:           03  
CVE Names:          CVE-2021-47606  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Errata Tool Automation could not update the description because it is longer (4803) than ET limit of 4000 characters. (OSCI-6058)  
Please update the description manually.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47606

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265838  
https://bugzilla.redhat.com/show_bug.cgi?id=2273405  
https://bugzilla.redhat.com/show_bug.cgi?id=2275600  
https://bugzilla.redhat.com/show_bug.cgi?id=2275655  
https://bugzilla.redhat.com/show_bug.cgi?id=2275715  
https://bugzilla.redhat.com/show_bug.cgi?id=2275748  
https://bugzilla.redhat.com/show_bug.cgi?id=2278380  
https://bugzilla.redhat.com/show_bug.cgi?id=2278417  
https://bugzilla.redhat.com/show_bug.cgi?id=2278429  
https://bugzilla.redhat.com/show_bug.cgi?id=2278519  
https://bugzilla.redhat.com/show_bug.cgi?id=2278989  
https://bugzilla.redhat.com/show_bug.cgi?id=2281057  
https://bugzilla.redhat.com/show_bug.cgi?id=2281097  
https://bugzilla.redhat.com/show_bug.cgi?id=2281133  
https://bugzilla.redhat.com/show_bug.cgi?id=2281190  
https://bugzilla.redhat.com/show_bug.cgi?id=2281237  
https://bugzilla.redhat.com/show_bug.cgi?id=2281257  
https://bugzilla.redhat.com/show_bug.cgi?id=2281265  
https://bugzilla.redhat.com/show_bug.cgi?id=2281272  
https://bugzilla.redhat.com/show_bug.cgi?id=2281639  
https://bugzilla.redhat.com/show_bug.cgi?id=2281667  
https://bugzilla.redhat.com/show_bug.cgi?id=2281821  
https://bugzilla.redhat.com/show_bug.cgi?id=2281900  
https://bugzilla.redhat.com/show_bug.cgi?id=2281949  
https://bugzilla.redhat.com/show_bug.cgi?id=2282719  
https://bugzilla.redhat.com/show_bug.cgi?id=2284400  
https://bugzilla.redhat.com/show_bug.cgi?id=2284417  
https://bugzilla.redhat.com/show_bug.cgi?id=2284474  
https://bugzilla.redhat.com/show_bug.cgi?id=2284496  
https://bugzilla.redhat.com/show_bug.cgi?id=2284511  
https://bugzilla.redhat.com/show_bug.cgi?id=2284513  
https://bugzilla.redhat.com/show_bug.cgi?id=2284543  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2293208  
https://bugzilla.redhat.com/show_bug.cgi?id=2293418  
https://bugzilla.redhat.com/show_bug.cgi?id=2293441  
https://bugzilla.redhat.com/show_bug.cgi?id=2293657  
https://bugzilla.redhat.com/show_bug.cgi?id=2293658  
https://bugzilla.redhat.com/show_bug.cgi?id=2293686  
https://bugzilla.redhat.com/show_bug.cgi?id=2293687  
https://bugzilla.redhat.com/show_bug.cgi?id=2293688  
https://bugzilla.redhat.com/show_bug.cgi?id=2297056  
https://bugzilla.redhat.com/show_bug.cgi?id=2297512  
https://bugzilla.redhat.com/show_bug.cgi?id=2297538  
https://bugzilla.redhat.com/show_bug.cgi?id=2297542  
https://bugzilla.redhat.com/show_bug.cgi?id=2297545

Red Hat Security Advisory 2024-5363-03

Red Hat Security Advisory 2024-5334-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5334.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 8.0 security updateAdvisory ID:        RHSA-2024:5334-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5334Issue date:         2024-08-16Revision:           03CVE Names:          CVE-2024-38167====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.108 and .NET Runtime 8.0.8.Security Fix(es):* dotnet: Information disclosure vulnerability in TlsStream (CVE-2024-38167)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):* EMBARGOED CVE-2024-38167 dotnet8.0: Information disclosure vulnerability in TlsStream (CVE-2024-38167)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38167References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2302428

Red Hat Security Advisory 2024-5334-03

Red Hat Security Advisory 2024-5322-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5322.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:5322-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5322  
Issue date:         2024-08-15  
Revision:           03  
CVE Names:          CVE-2024-7518  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* Firefox: 115.14/128.1 ESR ()

* mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)

* mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)

* mozilla: Type confusion in WebAssembly (CVE-2024-7520)

* mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)

* mozilla: Out of bounds read in editor component (CVE-2024-7522)

* mozilla: CSP strict-dynamic bypass using web-compatibility shims (CVE-2024-7524)

* mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)

* mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)

* mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)

* mozilla: Use-after-free in IndexedDB (CVE-2024-7528)

* mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7518

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-5322-03

Red Hat Security Advisory 2024-5279-03 - An update for python3.11-setuptools is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5279.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python3.11-setuptools security updateAdvisory ID:        RHSA-2024:5279-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5279Issue date:         2024-08-15Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for python3.11-setuptools is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages.  This package also contains the runtime components of setuptools, necessary to execute the software that requires pkg_resources.Security Fix(es):* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Red Hat Security Advisory 2024-5279-03

Red Hat Security Advisory 2024-5231-03 - An update for bind and bind-dyndb-ldap is now available for Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5231.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: bind and bind-dyndb-ldap security update  
Advisory ID:        RHSA-2024:5231-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5231  
Issue date:         2024-08-15  
Revision:           03  
CVE Names:          CVE-2024-1737  
====================================================================

Summary: 

An update for bind and bind-dyndb-ldap is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam (CVE-2024-1737)

* bind9: bind: SIG(0) can be used to exhaust CPU resources (CVE-2024-1975)

* bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content (CVE-2024-4076)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1737

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2298893  
https://bugzilla.redhat.com/show_bug.cgi?id=2298901  
https://bugzilla.redhat.com/show_bug.cgi?id=2298904

Red Hat Security Advisory 2024-5231-03

Red Hat Security Advisory 2024-5160-03 - Red Hat OpenShift Container Platform release 4.15.27 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5160.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.15.27 security update  
Advisory ID:        RHSA-2024:5160-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5160  
Issue date:         2024-08-16  
Revision:           03  
CVE Names:          CVE-2024-6104  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.27 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.27. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:5163

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* go-retryablehttp: url might write sensitive information to log file  
(CVE-2024-6104)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-6104

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://issues.redhat.com/browse/OCPBUGS-33402  
https://issues.redhat.com/browse/OCPBUGS-34721  
https://issues.redhat.com/browse/OCPBUGS-37174  
https://issues.redhat.com/browse/OCPBUGS-37229  
https://issues.redhat.com/browse/OCPBUGS-37277  
https://issues.redhat.com/browse/OCPBUGS-37288  
https://issues.redhat.com/browse/OCPBUGS-37672  
https://issues.redhat.com/browse/OCPBUGS-37775  
https://issues.redhat.com/browse/OCPBUGS-37813  
https://issues.redhat.com/browse/OCPBUGS-37849  
https://issues.redhat.com/browse/OCPBUGS-37962

Red Hat Security Advisory 2024-5160-03

Affected versions of the `alloy-json-abi` crate did not properly handle parsing of malformatted JSON ABI strings. The `JsonAbi::parse` method can be tricked into a stack overflow when processing specially crafted input. 

This stack overflow can lead to a crash of the application using this crate, potentially causing a denial of service.

The flaw was corrected in commit [4790c47](https://github.com/alloy-rs/core/commit/4790c47518024bd391bbd6815b00f501bad76a15).


1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-8327-84cj-8xjm

**Stack overflow when parsing specially crafted JSON ABI strings**

Moderate severity GitHub Reviewed Published Aug 15, 2024 to the GitHub Advisory Database • Updated Aug 15, 2024

**Package**

cargo alloy-json-abi (Rust)

**Affected versions**

<= 0.7.7

Published to the GitHub Advisory Database

Aug 15, 2024

Last updated

Aug 15, 2024

GHSA-8327-84cj-8xjm: Stack overflow when parsing specially crafted JSON ABI strings

### Impact
Possible vulnerability to XSS injection if .po dictionary definition files is corrupted

### Patches
Update gettext.js to 2.0.3

### Workarounds
Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.


Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   GitHub Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   Explore
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-43370

**gettext.js has a Cross-site Scripting injection**

High severity GitHub Reviewed Published Aug 15, 2024 in guillaumepotier/gettext.js • Updated Aug 15, 2024

**Package**

npm gettext.js (npm)

**Affected versions**

< 2.0.3

**Description**

**Impact**

Possible vulnerability to XSS injection if .po dictionary definition files is corrupted

**Patches**

Update gettext.js to 2.0.3

**Workarounds**

Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.

**References**

*   GHSA-vwhg-jwr4-vxgg

Published to the GitHub Advisory Database

Aug 15, 2024

Last updated

Aug 15, 2024

GHSA-vwhg-jwr4-vxgg: gettext.js has a Cross-site Scripting injection 

Debian Linux Security Advisory 5749-1 - Chris Williams discovered a flaw in the handling of mounts for persistent directories in Flatpak, an application deployment framework for desktop apps. A malicious or compromised Flatpak app using persistent directories could take advantage of this flaw to access files outside of the sandbox.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5749-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
August 14, 2024                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : flatpak  
CVE ID         : CVE-2024-42472

Chris Williams discovered a flaw in the handling of mounts for  
persistent directories in Flatpak, an application deployment framework  
for desktop apps. A malicious or compromised Flatpak app using  
persistent directories could take advantage of this flaw to access files  
outside of the sandbox.

Details can be found in the upstream advisory at  
https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87

For the stable distribution (bookworm), this problem has been fixed in  
version 1.14.10-1~deb12u1. To address the vulnerability, flatpak uses a  
new feature provided in bubblewrap and provided in version  
0.8.0-2+deb12u1 along with this update.

We recommend that you upgrade your flatpak packages.

For the detailed security status of flatpak please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/flatpak

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAma9F2xfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0RINg/+OTenWEWdoatoO7F+184SOoVMYmmJTP2xtvuE8XC6S6NAcrYzjRQD1nyy  
xJK1IFmNjJrTf4HhfFTq2raOy60T6KRa0y71R1QS4+JOwNjdtr+zzDxdybXzg06T  
SOBKaLmped3PY4djFxoYnl9wEDLM+QAQuTWvnZugim4frEErmtlulwHRDA/qhWKT  
mzFiJgSWB7EJL61ddh2YVexru0b5rD6gyYcD7JoulbFjsOwvKyJhI4j1uuOrbNoj  
7aArjlu9D3KymGQgCc5gg8yVp5Gt/ZFYsmFJ5BdAl5a8LmTBM4mMTDIsK39mPoLo  
waxpP0bJIfCxkNB+YOyJRPdj4mtT44nwDcG/LyM+M+f+R0HUr4Apftloheb72A0q  
XUS2tRrBEs0CzToeuwkIoo2XLQt7/vQ4HFMU47gtk6ZDKqIk7hWD0zcny8x3wL+p  
/Syd2xOA/KEmbLWFRDzoVVxpmLdkbqGJn+5p5FObMjOPNOFKyMs0Q7HukwKbyPGn  
YRhg1lcmOn30MWVFol2Z1Ex74IB//Wu/az7YZ4UIId1Y734NUVXEoTLvXGKV8Hnx  
9m/0imWcz51T5DLqCv7MUX1i9V2s2R3Hj8GqQfVQTA39IH4GEmpZMR33XH/jvCDu  
p1GDW2KzIzObmLu+Kjkeg3NzRl/pKdDFiJncdNVG0PPhEn2hUY0=  
=hd0W  
-----END PGP SIGNATURE-----

Tag

#js