[ubuntu/bionic-security] apport 2.20.9-0ubuntu7.7 (Accepted)

Alex Murray alex.murray at canonical.com
Tue Jul 9 00:03:09 UTC 2019

apport (2.20.9-0ubuntu7.7) bionic-security; urgency=medium

  * SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
    files (LP: #1830858)
    - apport/report.py: Avoid TOCTOU issue on users ignore file by
      dropping privileges and then opening the file both test for access and
      open the file in a single operation, instead of using access() before
      reading the file which could be abused by a symlink to cause Apport to
      read and embed an arbitrary file in the resulting crash dump.
    - CVE-2019-7307

apport (2.20.9-0ubuntu7.6) bionic; urgency=medium

  * data/general-hooks/ubuntu.py: Fix UnicodeDecodeError when processing
    DpkgTerminalLog. (LP: #1766337)
  * debian/apport-autoreport.service: Since this calls whoopsie-upload-all
    which fails if whoopsie isn't running, it should have a relationship with
    whoopsie.service. (LP: #1787729)

apport (2.20.9-0ubuntu7.5) bionic; urgency=medium

  * apport/ui.py: when using ubuntu-bug properly handle executables which
    start with /snap/bin. (LP: #1760220)
  * test/test_ui_gtk.py: Increase the timeout so that when the autopkgtest
    infrastructure is busy the tests should not fail. (LP: #1780767)

apport (2.20.9-0ubuntu7.4) bionic; urgency=medium

  * Handle old reports generated pre-apport with "remember" option.
    If the option isn't there, consider as false. (LP: #1791324)

apport (2.20.9-0ubuntu7.3) bionic; urgency=medium

  [ Didier Roche ]
  * Add a remember option to whoopsie so that users can diminish
    crash interactions (LP: #1778497)
  * Move apport autoreport service files to apport binary package.
    Having them in apport-noui was creating a bug where autoreport
    wasn't working on desktop. As we check in the launched script
    for whoopsie and autoreport file, we don't autoreport by default.
    (LP: #1778694)
    apport-noui still touches the file to enable autoreport on install.
  * Remove upstart service and watershed dependency.
  * Assume if no whoopsie that crash reporting is enabled:
    As the old configuration that was a whoopsie configuration file that was
    that was never updated by the whoopsie API, we assume that no
    whoopsie installed (not the default) == manual send report is allowed.
    If people want to disable crash reporting:
    - get whoopsie installed and disable crash reporting in g-c-c
    - uninstall apport

  [ Brian Murray ]
  * Start apport-autoreport after installing apport-noui which is part of
    improving apport's automatic crash reporing feature. (LP: #1778694)

apport (2.20.9-0ubuntu7.2) bionic; urgency=medium

  * apport/ui.py: Include ProblemType in reports which are updated as
    package hooks may expect the report to have a ProblemType. (LP: #1766794)
  * test/test_ui.py: modify run_crash_kernel test to account for the fact
    that linux-image-$kvers-$flavor is now built from the linux-signed
    source package on amd64 and ppc64el. (LP: #1766740)
  * data/general-hooks/ubuntu.py: Don't display a messy error if python or
    python3 is not installed. (LP: #1769262)
  * debian/apport.links: source_linux-signed.py -> source_linux.py package
    hook (LP: #1773012)
  * data/package-hooks/source_linux.py: Redirect bugs filed about the
    linux-signed source package to linux. (LP: #1773012)

Date: 2019-07-04 07:15:12.862841+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list