David Barthon

**Name of the Vulnerable Software and Affected Versions** trust-store (Ubuntu) versions prior to 1.1.0+15.04.20150123-0ubuntu1 trust-store (Ubuntu RTM) versions prior to 1.1.0+15.04.20150123~rtm-0ubuntu1 **Description** The issue arises when a user revokes location access from an application in Ubuntu's trust-store. Despite the revocation, the location remains accessible to the application due to it honoring incorrect, cached permissions. This occurs because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. **Recommendations** For trust-store (Ubuntu) versions prior to 1.1.0+15.04.20150123-0ubuntu1, update to version 1.1.0+15.04.20150123-0ubuntu1 or later. For trust-store (Ubuntu RTM) versions prior to 1.1.0+15.04.20150123~rtm-0ubuntu1, update to version 1.1.0+15.04.20150123~rtm-0ubuntu1 or later.