Bug reporting in eBox discloses too much information

Bug #219343 reported by Isaac Clerencia on 2008-04-18
Affects Status Importance Assigned to Milestone
ebox (Ubuntu)

Bug Description

When a crash occurs in eBox, the user is given the option to submit a bug report.

This generates a bundle including logs from the machine and other sensitive
information, like RIP passwords, CA passwords, ...

This is only useful for debugging purposes and until there is a way to completely
anonimize the bug report bundle, it should be disabled.

Javier Uruen Val (juruen) wrote :

It's really dangerous if people post the bug report in public web sites such as launchpad. So I strongly recommend to disable that feature.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ebox - 0.11.99-0ubuntu11

ebox (0.11.99-0ubuntu11) hardy; urgency=low

  * debian/patches/15_disable_bug_report.dpatch
    - Dont disclose bug information in bug reports. It might contain
      sensitive information. (LP: #219343)

 -- Chuck Short <email address hidden> Mon, 21 Apr 2008 08:17:21 -0400

Changed in ebox:
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers