Ubuntu
gwibber package

gwibber.log attached by apport contains private information

Bug #651764 reported by Stuart Bishop
268
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Gwibber
Invalid
Undecided
Unassigned
gwibber (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

Binary package hint: gwibber

Account names are included in gwibber.log, so this log file is not suitable for apport to include as an attachment.

Kees Cook (kees)
Changed in gwibber (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
visibility: private → public
Revision history for this message
Victor Vargas (kamus) wrote :

gwibber.log is still showing usernames inside (tested under Ubuntu Natty), so marked as triaged for now.

Changed in gwibber (Ubuntu):
status: Confirmed → Triaged
Jamie Strandboge (jdstrand)
Changed in gwibber (Ubuntu):
assignee: nobody → Ubuntu Desktop Bugs (desktop-bugs)
Revision history for this message
Bilal Shahid (s9iper1) wrote :

Thank your for taking time in filing the bug to make ubuntu better.
can you reproduce it ?
if so than which version you are now ?
i dont see any issue now..

Changed in gwibber:
status: New → Incomplete
Changed in gwibber (Ubuntu):
status: Triaged → Incomplete
assignee: Ubuntu Desktop Bugs (desktop-bugs) → nobody
Revision history for this message
Stuart Bishop (stub) wrote :

Account names are still in gwibber.log with current Oneiric. I have no idea if gwibber.log is still being uploaded unsanitized by apport.

Revision history for this message
Bilal Shahid (s9iper1) wrote :

see sometimes the apport get the coredump or some files and that have the private info like id's and passwords etc. now i have not seen such issue. are you affected now.? if so than which version of gwibber are you using ?

Revision history for this message
Stuart Bishop (stub) wrote :

I'm not affected now because gwibber is not crashing now. I have no idea if gwibber.log is still being attached to public bug reports when gwibber crashes.

The private information I refer to in the bug description are account names. These are still being logged to gwibber.log, which seems fine. However account names are not suitable for attaching to public bug reports, at least without asking.

Bilal Shahid (s9iper1)
Changed in gwibber:
status: Incomplete → Invalid
Changed in gwibber (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.