[ubuntu/bionic-security] apport 2.20.9-0ubuntu7.7 (Accepted)
Alex Murray
alex.murray at canonical.com
Tue Jul 9 00:03:09 UTC 2019
apport (2.20.9-0ubuntu7.7) bionic-security; urgency=medium
* SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
files (LP: #1830858)
- apport/report.py: Avoid TOCTOU issue on users ignore file by
dropping privileges and then opening the file both test for access and
open the file in a single operation, instead of using access() before
reading the file which could be abused by a symlink to cause Apport to
read and embed an arbitrary file in the resulting crash dump.
- CVE-2019-7307
apport (2.20.9-0ubuntu7.6) bionic; urgency=medium
* data/general-hooks/ubuntu.py: Fix UnicodeDecodeError when processing
DpkgTerminalLog. (LP: #1766337)
* debian/apport-autoreport.service: Since this calls whoopsie-upload-all
which fails if whoopsie isn't running, it should have a relationship with
whoopsie.service. (LP: #1787729)
apport (2.20.9-0ubuntu7.5) bionic; urgency=medium
* apport/ui.py: when using ubuntu-bug properly handle executables which
start with /snap/bin. (LP: #1760220)
* test/test_ui_gtk.py: Increase the timeout so that when the autopkgtest
infrastructure is busy the tests should not fail. (LP: #1780767)
apport (2.20.9-0ubuntu7.4) bionic; urgency=medium
* Handle old reports generated pre-apport with "remember" option.
If the option isn't there, consider as false. (LP: #1791324)
apport (2.20.9-0ubuntu7.3) bionic; urgency=medium
[ Didier Roche ]
* Add a remember option to whoopsie so that users can diminish
crash interactions (LP: #1778497)
* Move apport autoreport service files to apport binary package.
Having them in apport-noui was creating a bug where autoreport
wasn't working on desktop. As we check in the launched script
for whoopsie and autoreport file, we don't autoreport by default.
(LP: #1778694)
apport-noui still touches the file to enable autoreport on install.
* Remove upstart service and watershed dependency.
* Assume if no whoopsie that crash reporting is enabled:
As the old configuration that was a whoopsie configuration file that was
that was never updated by the whoopsie API, we assume that no
whoopsie installed (not the default) == manual send report is allowed.
If people want to disable crash reporting:
- get whoopsie installed and disable crash reporting in g-c-c
- uninstall apport
[ Brian Murray ]
* Start apport-autoreport after installing apport-noui which is part of
improving apport's automatic crash reporing feature. (LP: #1778694)
apport (2.20.9-0ubuntu7.2) bionic; urgency=medium
* apport/ui.py: Include ProblemType in reports which are updated as
package hooks may expect the report to have a ProblemType. (LP: #1766794)
* test/test_ui.py: modify run_crash_kernel test to account for the fact
that linux-image-$kvers-$flavor is now built from the linux-signed
source package on amd64 and ppc64el. (LP: #1766740)
* data/general-hooks/ubuntu.py: Don't display a messy error if python or
python3 is not installed. (LP: #1769262)
* debian/apport.links: source_linux-signed.py -> source_linux.py package
hook (LP: #1773012)
* data/package-hooks/source_linux.py: Redirect bugs filed about the
linux-signed source package to linux. (LP: #1773012)
Date: 2019-07-04 07:15:12.862841+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.20.9-0ubuntu7.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list