(Advisory retrospectively created to clarify that we consider this to be a vulnerability in Flatpak, but not a vulnerability in bubblewrap.)
Impact
If Flatpak is run from a terminal emulator containing an interactive shell, a malicious Flatpak app could inject input into the interactive shell by using the TIOCSTI ioctl.
Patches
The original solution (the first of those commits) was incomplete, and that incomplete fix is tracked as CVE-2019-10063. The second commit resolved CVE-2019-10063.
Workarounds
This was originally treated as a bubblewrap issue and worked around with containers/bubblewrap#143, but the side-effects of that change (breaking the ability to run an interactive shell inside a Flatpak app) were felt to be unacceptable, and so it was reverted.
Other workarounds: don't run Flatpak apps with a controlling terminal, or don't use Flatpak versions from 2017.
References
containers/bubblewrap#142, containers/bubblewrap#309, GHSA-m28g-vfcm-85ff, containers/bubblewrap#143, GHSA-3p48-pw9r-4325, GHSA-38gv-g72v-rp63, GHSA-vf3q-65gx-324p, GHSA-7q5h-997q-c4x2, GHSA-8vgc-x7hv-3g84, etc.
(Advisory retrospectively created to clarify that we consider this to be a vulnerability in Flatpak, but not a vulnerability in bubblewrap.)
Impact
If Flatpak is run from a terminal emulator containing an interactive shell, a malicious Flatpak app could inject input into the interactive shell by using the
TIOCSTIioctl.Patches
The original solution (the first of those commits) was incomplete, and that incomplete fix is tracked as CVE-2019-10063. The second commit resolved CVE-2019-10063.
Workarounds
This was originally treated as a bubblewrap issue and worked around with containers/bubblewrap#143, but the side-effects of that change (breaking the ability to run an interactive shell inside a Flatpak app) were felt to be unacceptable, and so it was reverted.
Other workarounds: don't run Flatpak apps with a controlling terminal, or don't use Flatpak versions from 2017.
References
containers/bubblewrap#142, containers/bubblewrap#309, GHSA-m28g-vfcm-85ff, containers/bubblewrap#143, GHSA-3p48-pw9r-4325, GHSA-38gv-g72v-rp63, GHSA-vf3q-65gx-324p, GHSA-7q5h-997q-c4x2, GHSA-8vgc-x7hv-3g84, etc.