[ubuntu/eoan-proposed] apport 2.20.11-0ubuntu5 (Accepted)
Brian Murray
brian at ubuntu.com
Tue Jul 9 19:40:12 UTC 2019
apport (2.20.11-0ubuntu5) eoan; urgency=medium
* SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
files (LP: #1830858)
- apport/report.py: Avoid TOCTOU issue on users ignore file by
dropping privileges and then opening the file both test for access and
open the file in a single operation, instead of using access() before
reading the file which could be abused by a symlink to cause Apport to
read and embed an arbitrary file in the resulting crash dump.
- CVE-2019-7307
* data/general-hooks/ubuntu.py: system-image-cli is no longer included in
Ubuntu and we do not need SystemImageInfo any more.
Date: Tue, 09 Jul 2019 12:33:44 -0700
Changed-By: Brian Murray <brian at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 09 Jul 2019 12:33:44 -0700
Source: apport
Architecture: source
Version: 2.20.11-0ubuntu5
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Brian Murray <brian at ubuntu.com>
Launchpad-Bugs-Fixed: 1830858
Changes:
apport (2.20.11-0ubuntu5) eoan; urgency=medium
.
* SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
files (LP: #1830858)
- apport/report.py: Avoid TOCTOU issue on users ignore file by
dropping privileges and then opening the file both test for access and
open the file in a single operation, instead of using access() before
reading the file which could be abused by a symlink to cause Apport to
read and embed an arbitrary file in the resulting crash dump.
- CVE-2019-7307
* data/general-hooks/ubuntu.py: system-image-cli is no longer included in
Ubuntu and we do not need SystemImageInfo any more.
Checksums-Sha1:
db67afca5c064f16b879da28ab080112f84183f5 2822 apport_2.20.11-0ubuntu5.dsc
dc776a241dd296c40781d9d86208804087cc363a 1386972 apport_2.20.11-0ubuntu5.tar.gz
30a1390caab57acb936334698b146d43f90d0afc 8302 apport_2.20.11-0ubuntu5_source.buildinfo
Checksums-Sha256:
dc85a38ed3d34c27fbb6d96d2ce4c364e04145b651059230562ab6a9ea3c9a9d 2822 apport_2.20.11-0ubuntu5.dsc
6ea2eb85d54730b1abae1557e851168e4c03eb5859b2a7b295aa817c57360305 1386972 apport_2.20.11-0ubuntu5.tar.gz
ad4c38f6f4d8cb1560ee49c36cfceff41482e2d9a7e35f643b245f18f73a628c 8302 apport_2.20.11-0ubuntu5_source.buildinfo
Files:
45125a4f9657abb288715220d4393da8 2822 utils optional apport_2.20.11-0ubuntu5.dsc
3cde59690db6c9e9bfc14f9a040f5e16 1386972 utils optional apport_2.20.11-0ubuntu5.tar.gz
56c9a4b785d0492c01d63c0a092f060b 8302 utils optional apport_2.20.11-0ubuntu5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfS610FljvwXMts5kHpGLZnZbPjEFAl0k7DAACgkQHpGLZnZb
PjF7shAArJwA8GXGC3qsVKUsU9RlUk0Ud5JV94eMnNSd+agfoiZof+2FlzSiqTnN
f2kDUK8Tmvz1Q/dSSGzOdHsq/Uq3p4HTFYwMpz8VOEm1ezNBgGwvhdUS9KBWgl8C
lB0fdS94P48Uy5OS2pJ1hwRcH22wDpCIP0QiwLlqikEH9lt8FbIMOF998OMzXVW/
4AEXzUILpF9lXG/MqAHjYUUW0UcB3os79qOi/zcfO5GM5xr4dJza1PrNih478kgY
BOsDHbchbXsILzYg5ATsamIorr9pYpuoeX/jv0GpTVP6ux7rOcFwg1tgQGMVidAL
AnqULi5K2uVxDGop1MzgUT+1RECo+vJ1fVnidAp1CmMCrldwN9BBfNw90qkpuyhm
H41E/CVTr7pIt/YUyErTD5v7y6JPmNYdCITf4UBFk/67P4Dw4+8Bge1ZhQY1w7Cg
vieYhtR48O6a7ppRqR9Ysbl3ReLkKV0Cs6oqbhUcsNA2V0cdriUxfdQNUnxwrErk
yWOaxEDF+vv9zQ25z5ebzTQ08spQrHlj/I7We8dwHEfgNKVgohKiMyU9hnd5vjHd
hJbjtb7tNWVErfRFio7ZWvpd+5uqRDkdSC9/rKh68L2pMuCScChjMG8FFHgXJDmt
pYZlCYOsKzWXSL8j6BDZ8Tx5kG6pJgsUn1Pg3MONvPPXS7lxuyU=
=yBrL
-----END PGP SIGNATURE-----
More information about the Eoan-changes
mailing list