apport 2.20.4-0ubuntu1 source package in Ubuntu
Changelog
apport (2.20.4-0ubuntu1) zesty; urgency=medium * New upstream release: - SECURITY FIX: Restrict a report's CrashDB field to literals. Use ast.literal_eval() instead of the generic eval(), to prevent arbitrary code execution from malicious .crash files. A user could be tricked into opening a crash file whose CrashDB field contains an exec(), open(), or similar commands; this is fairly easy as we install a MIME handler for these. Thanks to Donncha O'Cearbhaill for discovering this! (CVE-2016-9949, LP: #1648806) - SECURITY FIX: Fix path traversal vulnerability with hooks execution. Ensure that Package: and SourcePackage: fields loaded from reports do not contain directories. Until now, an attacker could trick a user into opening a malicious .crash file containing "Package: ../../../../some/dir/foo" which would execute /some/dir/foo.py with arbitrary code. Thanks to Donncha O'Cearbhaill for discovering this! (CVE-2016-9950, LP: #1648806) - SECURITY FIX: apport-{gtk,kde}: Only offer "Relaunch" for recent /var/crash crashes. It only makes sense to offer relaunching for crashes that just happened and the apport UI got triggered on those. When opening a .crash file copied from somewhere else or after the crash happened, this is even actively dangerous as a malicious crash file can specify any arbitrary command to run. Thanks to Donncha O'Cearbhaill for discovering this! (CVE-2016-9951, LP: #1648806) - backends/packaging-apt-dpkg.py: provide a fallback method if using zgrep to search for a file in Contents.gz fails due to a lack of memory. Thanks Brian Murray. - bin/apport-retrace: When --core-file is used instead of loading the core file and adding it to the apport report just pass the file reference to gdb. * debian/control: Adjust Vcs-Bzr: for zesty branch. -- Martin Pitt <email address hidden> Wed, 14 Dec 2016 21:28:57 +0100
Upload details
- Uploaded by:
- Martin Pitt
- Uploaded to:
- Zesty
- Original maintainer:
- Martin Pitt
- Architectures:
- all
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
apport_2.20.4.orig.tar.gz | 1.1 MiB | 4836252a61184fbc6ee526032bb5334db216efcf4ac3069ff1a9ab4fa130b985 |
apport_2.20.4-0ubuntu1.diff.gz | 149.6 KiB | 1f1d1cda22203dc0fdcf812ed559aad4a4919619b9985a109865fe2e5f08ae53 |
apport_2.20.4-0ubuntu1.dsc | 3.0 KiB | 386b055c7c3163e2bb596ba273ae716d12e1f86ce0b0f3f083472c74400ea1f9 |
Available diffs
- diff from 2.20.3-0ubuntu8 to 2.20.4-0ubuntu1 (166.8 KiB)
Binary packages built by this source
- apport: No summary available for apport in ubuntu zesty.
No description available for apport in ubuntu zesty.
- apport-gtk: No summary available for apport-gtk in ubuntu zesty.
No description available for apport-gtk in ubuntu zesty.
- apport-kde: No summary available for apport-kde in ubuntu zesty.
No description available for apport-kde in ubuntu zesty.
- apport-noui: No summary available for apport-noui in ubuntu zesty.
No description available for apport-noui in ubuntu zesty.
- apport-retrace: No summary available for apport-retrace in ubuntu zesty.
No description available for apport-retrace in ubuntu zesty.
- apport-valgrind: No summary available for apport-valgrind in ubuntu zesty.
No description available for apport-valgrind in ubuntu zesty.
- dh-apport: No summary available for dh-apport in ubuntu zesty.
No description available for dh-apport in ubuntu zesty.
- python-apport: No summary available for python-apport in ubuntu zesty.
No description available for python-apport in ubuntu zesty.
- python-problem-report: No summary available for python-problem-report in ubuntu zesty.
No description available for python-
problem- report in ubuntu zesty.
- python3-apport: No summary available for python3-apport in ubuntu zesty.
No description available for python3-apport in ubuntu zesty.
- python3-problem-report: No summary available for python3-problem-report in ubuntu zesty.
No description available for python3-
problem- report in ubuntu zesty.