* New upstream security/bug fix release:
- SECURITY FIX: For setuid programs which drop their privileges after
startup, make the report and core dumps owned by root, to avoid possible
data disclosure. Also, change core dump files to permissions "0600".
Thanks to Martin Carpenter for discovering this!
(CVE-2013-1067, LP: #1242435)
- sandboxutils.needed_runtime_packages(): Create cache directory for
Contents.gz if missing. (LP: #933199)
- apt/dpkg: Recognize options in apt sources.list. (LP: #1238620)
* Move Vcs-Bzr to trusty branch.
-- Martin Pitt <email address hidden> Fri, 25 Oct 2013 06:49:19 +0200
This bug was fixed in the package apport - 2.12.6-0ubuntu1
---------------
apport (2.12.6-0ubuntu1) trusty; urgency=low
* New upstream security/bug fix release: CVE-2013- 1067, LP: #1242435) needed_ runtime_ packages( ): Create cache directory for
- SECURITY FIX: For setuid programs which drop their privileges after
startup, make the report and core dumps owned by root, to avoid possible
data disclosure. Also, change core dump files to permissions "0600".
Thanks to Martin Carpenter for discovering this!
(
- sandboxutils.
Contents.gz if missing. (LP: #933199)
- apt/dpkg: Recognize options in apt sources.list. (LP: #1238620)
* Move Vcs-Bzr to trusty branch.
-- Martin Pitt <email address hidden> Fri, 25 Oct 2013 06:49:19 +0200