| 2009-07-08 07:20:27 |
William Grant |
description |
When an apport bug containing a coredump is filed, the bug is marked as private. When this bug gets retraced by the Apport retracing service, the coredump is removed and the bug is marked as public. However, when the Apport retracing service marks this bug as duplicate of another (master) bug, an e-mail containing a link to the coredump.gz is sent to subscribers of the master bug.
As the coredump may contain sensitive information, this is a security issue.
For example, those lines are in the e-mail I received (link censored):
** Tags removed: need-amd64-retrace
** Attachment removed: "CoreDump.gz"
http://launchpadlibrarian.net/xxxxxxxx/CoreDump.gz
That link actually opens the coredump.
Expected behavior: e-mail sent to subscribers of the master bug should not contain the link to the CoreDump.gz. |
When an apport bug containing a coredump is filed, the bug is marked as private. When this bug gets retraced by the Apport retracing service, the coredump is removed and the bug is marked as public. However, when the Apport retracing service marks this bug as duplicate of another (master) bug, an e-mail containing a link to the coredump.gz is sent to subscribers of the master bug.
As the coredump may contain sensitive information, this is a security issue.
For example, those lines are in the e-mail I received (link censored):
** Tags removed: need-amd64-retrace
** Attachment removed: "CoreDump.gz"
http://launchpadlibrarian.net/xxxxxxxx/CoreDump.gz
That link actually opens the coredump.
Expected behavior: e-mail sent to subscribers of the master bug should not contain the link to the CoreDump.gz.
The librarian URL is also visible in the bug's activity log. |
|
