asked 2017-02-10 00:02:57 +0300
This post is a wiki. Anyone with karma >75 is welcome to improve it.
This vulnerability (CVSS v3 Base Score: 7.8 High) has been fixed in kernel 3.4.111 on March 21st '16 but Jolla1-2.1.0 is still on kernel 184.108.40.20661101 and needs that patch to prevent local apps (from e.g. aptoide or apk_s/rpm_s from the web) from gaining root privileges.
edit 20170327: still not fixed in 220.127.116.11 ea
edit 20170403: still not fixed in 18.104.22.168 ea