File _patchinfo of Package patchinfo.23084

<patchinfo incident="23084">
  <issue tracker="cve" id="2021-43860"/>
  <issue tracker="cve" id="2022-21682"/>
  <issue tracker="bnc" id="1194611">VUL-0: CVE-2022-21682: flatpak,flatpak-builder: flatpak-builder --mirror-screenshots-url can access files outside the build directory</issue>
  <issue tracker="bnc" id="1194610">VUL-0: CVE-2021-43860: flatpak: Permissions granted to applications can be hidden from the user at install time</issue>
  <packager>msmeissn</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for flatpak</summary>
  <description>This update for flatpak fixes the following issues:

Update to flatpak 1.10.7:

- CVE-2022-21682: Introduce new option --nofilesystem=host:reset to support flatpak-builder 1.2.2 (bsc#1194611).
- CVE-2021-43860: A malicious repository could hav sent invalid application metadata in a way that hides some of the app permissions displayed during installation (bsc#1194610).
</description>
</patchinfo>