Comment 14 for bug 1830858

This bug was fixed in the package apport - 2.20.9-0ubuntu7.7

---------------
apport (2.20.9-0ubuntu7.7) bionic-security; urgency=medium

  * SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
    files (LP: #1830858)
    - apport/report.py: Avoid TOCTOU issue on users ignore file by
      dropping privileges and then opening the file both test for access and
      open the file in a single operation, instead of using access() before
      reading the file which could be abused by a symlink to cause Apport to
      read and embed an arbitrary file in the resulting crash dump.
    - CVE-2019-7307

 -- Alex Murray <email address hidden> Thu, 04 Jul 2019 12:05:21 +0930