[ubuntu/zesty-security] apport 2.20.4-0ubuntu4.5 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Jul 18 18:05:52 UTC 2017
apport (2.20.4-0ubuntu4.5) zesty-security; urgency=medium
* SECURITY UPDATE: code execution through path traversal in
.crash files (LP: #1700573)
- apport/report.py, test/test_ui.py: fix traversal issue
and add a test for that.
- debian/apport.install, setup.py, xdg-mime/apport.xml: removes
apport as a file handler for .crash files. Thanks to Brian
Murray for the patch and Felix Wilhelm for discovering this.
- CVE-2017-10708
Date: 2017-07-17 22:37:13.164118+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Zesty-changes
mailing list