[ubuntu/groovy-proposed] apport 2.20.11-0ubuntu44 (Accepted)

Wed Aug 5 20:53:11 UTC 2020

apport (2.20.11-0ubuntu44) groovy; urgency=medium

  * SECURITY UPDATE: information disclosure issue (LP: #1885633)
    - data/apport: also drop gid when checking if user session is closing.
    - CVE-2020-11936
  * SECURITY UPDATE: crash via malformed ignore file (LP: #1877023)
    - apport/report.py: don't crash on malformed mtime values.
    - CVE-2020-15701
  * SECURITY UPDATE: TOCTOU in core file location
    - data/apport: make sure the process hasn't been replaced after Apport
      has started.
    - CVE-2020-15702
  * apport/ui.py, test/test_ui.py: make sure a PID is specified when using
    --hanging (LP: #1876659)

Date: Fri, 31 Jul 2020 09:10:30 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Brian Murray <brian at ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu44
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 31 Jul 2020 09:10:30 -0400
Source: apport
Architecture: source
Version: 2.20.11-0ubuntu44
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Launchpad-Bugs-Fixed: 1876659 1877023 1885633
Changes:
 apport (2.20.11-0ubuntu44) groovy; urgency=medium
 .
   * SECURITY UPDATE: information disclosure issue (LP: #1885633)
     - data/apport: also drop gid when checking if user session is closing.
     - CVE-2020-11936
   * SECURITY UPDATE: crash via malformed ignore file (LP: #1877023)
     - apport/report.py: don't crash on malformed mtime values.
     - CVE-2020-15701
   * SECURITY UPDATE: TOCTOU in core file location
     - data/apport: make sure the process hasn't been replaced after Apport
       has started.
     - CVE-2020-15702
   * apport/ui.py, test/test_ui.py: make sure a PID is specified when using
     --hanging (LP: #1876659)
Checksums-Sha1:
 a01955d8c95ac0891e34bc9f5dbfc92a0e75dbe4 2661 apport_2.20.11-0ubuntu44.dsc
 fb92a7763acc4de3de6be639718ff1cf28c59fd3 1398522 apport_2.20.11-0ubuntu44.tar.gz
 a6168b2c9271c8093ebcbf964f05eac29def3a00 8423 apport_2.20.11-0ubuntu44_source.buildinfo
Checksums-Sha256:
 fb5a14fea9838fc563dc013a0858e162c59e2792806b05190c4447abf7541f43 2661 apport_2.20.11-0ubuntu44.dsc
 df92f24a3b380b4c7f13090c2acba986131bc5705673825fcc54517382bb3e16 1398522 apport_2.20.11-0ubuntu44.tar.gz
 f3399896dfd1716117e78cfbec6f1765b859d9f22d908713b61bbf69e3598cb1 8423 apport_2.20.11-0ubuntu44_source.buildinfo
Files:
 7c1ef32ef1e756c5e488e2f94125c2c7 2661 utils optional apport_2.20.11-0ubuntu44.dsc
 b83fec36fd3308e7e6d00b6f8ac004d8 1398522 utils optional apport_2.20.11-0ubuntu44.tar.gz
 e9bc084548fd8f509aa97cb2c6b5277a 8423 utils optional apport_2.20.11-0ubuntu44_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfS610FljvwXMts5kHpGLZnZbPjEFAl8p5cYACgkQHpGLZnZb
PjF9xA//caAVIflqEhNfLwsah4VJU8O1C3kaF+Y6f3jLTQ8BJfBoA3KUgxLKX/0K
4rFRBS1o6ErOiw/JkNnApd+HwAhmKxxEhjk5iu69qQt4TOKdzsXtk8XdjJyBkiPB
BN/XKQO8Qyvhi+c+ZG+JHkOYjjmk0e1C6QbryGfVZTq4PMTJpDRKQG9cRiTU0TjB
nV2lx1h5CShRh7ggOonOmCw+OipzMf2GwVIgZf5NPdXJMPYudY3FgGDsWOZ95v/f
1+ZZ6rsDY8Z3576lV5gJZGZSG8cqZNftMSB0D4ASqPG7XU4Xd/qyibMxxtK76Zu1
s6em2vVaATddxsCzcmqtxAzCVX1hxa0Q22AOMttyhZ+wIff1ozmDBnJ9Oooj54QR
XkLHYid0VWRaJ2YbY2beaw7q3LlabdBQO848lZIsFSV/gtn04ndL0GIXHYseU2Mj
CX2gLnfurKJY18yU5lA7Ur4Fus5RYZpZ3EOWsLe9lXmw28dRKF5fHIns4E9tmkNz
O25zybjsQmRDrv24O2C7NweXtfenTvwhErxNgmgyD++X3hSx8HkwAQjEWJnEnDnU
VKxBHzfYm1tnGNpvoX87QLtzIpaVdBq+NAGxkxRJe2mQXBMxf5diRU/u9dS6mbE5
3R4Cu+jq7BF2kASg0YBpHRn1/VvFg2upkkDgxuGjnfFw/226HX8=
=mhem
-----END PGP SIGNATURE-----