Ubuntu
sosreport package

apt plugin should ignore /etc/apt/auth.conf and remove username:password in url

Bug #1804600 reported by Yuan-Chen Cheng
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sosreport (Ubuntu)
Fix Released
Undecided
Yuan-Chen Cheng

Bug Description

1. apt plugin make a copy of /etc/apt/auth.conf
2. no code to remove username and password in source url if they have.

Hard to say if this is a security issue, however, it's bad from my POV that it's not properly handled.

Revision history for this message
Yuan-Chen Cheng (ycheng-twn) wrote :

upstream bug: https://github.com/sosreport/sos/issues/1514

Yuan-Chen Cheng (ycheng-twn)
Changed in sosreport (Ubuntu):
status: New → In Progress
assignee: nobody → Yuan-Chen Cheng (ycheng-twn)
Revision history for this message
Yuan-Chen Cheng (ycheng-twn) wrote :

pull request for 1: https://github.com/sosreport/sos/pull/1523

information type: Private Security → Public
Revision history for this message
Yuan-Chen Cheng (ycheng-twn) wrote :

merged for 1
https://github.com/sosreport/sos/commit/9dc6b75f76062315c58196c51ffe9d1319988520#diff-d7d3c9ca39d610cbf8eb4c0bb5719a9f

Revision history for this message
Eric Desrochers (slashd) wrote :

Fixed upstream in :
https://github.com/sosreport/sos/commit/9dc6b75f76062315c58196c51ffe9d1319988520

First introduced in sos v3.7

Every Ubuntu stable releases have 3.9 and up.

I'm marking this bug as 'Fix Released'

- Eric

Changed in sosreport (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.