[ubuntu/karmic] apport 1.1.1-0ubuntu1 (Accepted)

Martin Pitt martin.pitt at ubuntu.com
Thu Apr 30 08:10:14 BST 2009


apport (1.1.1-0ubuntu1) karmic; urgency=low

  [ Martin Pitt ]
  * New upstream security update:
    - etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
      descend into subdirectories of /var/crash/. Doing so might be exploited by
      a race condition between find traversing a huge directory tree, changing
      an existing subdir into a symlink to e. g. /etc/, and finally getting
      that piped to rm. This also changes the find command to not use GNU
      extensions.  Thanks to Stephane Chazelas for discovering this!
      (LP: #357024, CVE-2009-1295)
    - Other fixes were already cherrypicked in the previous upload.

  [ Matt Zimmerman ]
  * package-hooks/source_linux.py: Attach info for linux-restricted-modules
    and linux-backports-modules

Date: Thu, 30 Apr 2009 09:08:29 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/apport/1.1.1-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 30 Apr 2009 09:08:29 +0200
Source: apport
Binary: apport python-problem-report python-apport apport-retrace apport-gtk apport-qt
Architecture: source
Version: 1.1.1-0ubuntu1
Distribution: karmic
Urgency: low
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 apport     - automatically generate crash reports for debugging
 apport-gtk - GTK+ frontend for the apport crash report system
 apport-qt  - Qt4 frontend for the apport crash report system
 apport-retrace - tools for reprocessing Apport crash reports
 python-apport - apport crash report handling library
 python-problem-report - Python library to handle problem reports
Launchpad-Bugs-Fixed: 357024
Changes: 
 apport (1.1.1-0ubuntu1) karmic; urgency=low
 .
   [ Martin Pitt ]
   * New upstream security update:
     - etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
       descend into subdirectories of /var/crash/. Doing so might be exploited by
       a race condition between find traversing a huge directory tree, changing
       an existing subdir into a symlink to e. g. /etc/, and finally getting
       that piped to rm. This also changes the find command to not use GNU
       extensions.  Thanks to Stephane Chazelas for discovering this!
       (LP: #357024, CVE-2009-1295)
     - Other fixes were already cherrypicked in the previous upload.
 .
   [ Matt Zimmerman ]
   * package-hooks/source_linux.py: Attach info for linux-restricted-modules
     and linux-backports-modules
Checksums-Sha1: 
 308e4b216e99658f01441b17a73a2b4752766fa0 1241 apport_1.1.1-0ubuntu1.dsc
 fb6f404849cc561506bf2fa6a6b75bb29586bd32 298794 apport_1.1.1.orig.tar.gz
 1ec97479241b2ba1adc865f7698c718d7e30885d 73762 apport_1.1.1-0ubuntu1.diff.gz
Checksums-Sha256: 
 469ce676ea9565829f6f585b116530e3f07d0844f2842fb18dc7bb20513bb91a 1241 apport_1.1.1-0ubuntu1.dsc
 14eb7a0e8562f5f7f79ce2c8261f03807c1b1461aa40742437385bdcce5b645d 298794 apport_1.1.1.orig.tar.gz
 03d82d9690fd9b324996a490dc3c77abba3d5aefb01e14470c75f59c4bdbfe14 73762 apport_1.1.1-0ubuntu1.diff.gz
Files: 
 ea75b572e0882f5584968c0330985e94 1241 utils optional apport_1.1.1-0ubuntu1.dsc
 877d2ae66465c8fa1fd05edddfa0d2e1 298794 utils optional apport_1.1.1.orig.tar.gz
 98ba8c54377508264d4a7dade98190c2 73762 utils optional apport_1.1.1-0ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkn5ToMACgkQDecnbV4Fd/KG9gCeKYcL4viM1leDHIVmEF2L3Tk5
2qIAoIK2rxel8Lbi+9drMTn3rIzqJX8S
=1m09
-----END PGP SIGNATURE-----


More information about the Karmic-changes mailing list