[ubuntu/groovy-security] apport 2.20.11-0ubuntu50.7 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue May 25 16:45:44 UTC 2021
apport (2.20.11-0ubuntu50.7) groovy-security; urgency=medium
* SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904)
- apport/hookutils.py: don't follow symlinks and make sure the file
isn't a FIFO in read_file().
- test/test_hookutils.py: added symlink tests.
- CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550,
CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554,
CVE-2021-32555
* SECURITY UPDATE: info disclosure via modified config files spoofing
(LP: #1917904)
- backends/packaging-apt-dpkg.py: properly terminate arguments in
get_modified_conffiles.
- CVE-2021-32556
* SECURITY UPDATE: arbitrary file write (LP: #1917904)
- data/whoopsie-upload-all: don't follow symlinks and make sure the
file isn't a FIFO in process_report().
- CVE-2021-32557
apport (2.20.11-0ubuntu50.6) groovy; urgency=medium
* data/general-hooks/ubuntu.py: tag bugs from Raspberry Pi images and RISCV
images appropriately. (LP: #1920837)
* apport/hookutils.py: spawn pkttyagent so that log files can be gathered as
root in a non-graphical environment (LP: #1821415). Thanks to Iain Lane
for the patch.
* apport/hookutils.py: root access is needed to read the
casper-md5check.json file so switch to using that. (LP: #1922937)
Date: 2021-05-18 14:37:23.686056+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu50.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Groovy-changes
mailing list