[ubuntu/trusty-security] apport 2.14.1-0ubuntu3.23 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Wed Dec 14 22:10:49 UTC 2016

apport (2.14.1-0ubuntu3.23) trusty-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Use ast.literal_eval in apport/ui.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806
  * SECURITY UPDATE: path traversal vulnerability with hooks execution
    - Clean path in apport/report.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806

  [ Steve Beattie ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Only offer restarting the application when processing a
      crash file in /var/crash in apport/ui.py, gtk/apport-gtk,
      and kde/apport-kde. Add testcases to test/test_ui.py,
      test/test_ui_gtk.py, and test_ui_kde.py.
    - No CVE number
    - LP: #1648806

apport (2.14.1-0ubuntu3.21) trusty-proposed; urgency=medium

  * apport-bug: Stop checking the autoreport flag and calling
    whoopsie-upload-all; these two are different tasks, and that breaks bug
    reporting. (LP: #1339663)

apport (2.14.1-0ubuntu3.20) trusty-proposed; urgency=medium

  * Disambiguate overly generic Python exceptions in duplicate signature
    computation: dbus-glib's DBusException wraps a "real" server-side
    exception, so add the class of that to disambiguate different crashes;
    for OSError that is not a known subclass like FileNotFoundError, add the
    errno. (LP: #989819)

apport (2.14.1-0ubuntu3.19) trusty-proposed; urgency=medium

  * apport/ui.py: set "_MarkForUpload" field to False for cases where the
    apport report is damaged, about a not installed package, or when an
    error occurred processing the report. (LP: #1512902)

Date: 2016-12-13 21:27:19.129341+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list