ubuntuone bug reports lists possibly private filenames/paths

Bug #419895 reported by Martin Erik Werner on 2009-08-27
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
ubuntuone-client (Ubuntu)

Bug Description

Binary package hint: ubuntuone-client

A recent crash in ubuntuone ( Bug #419821 ) generated a bug report attachment which contains the filenames and paths of all files in ubuntuone. This is possibly private data and should not automatically be added to a bug report.

Attached is the concerned report file, with some sed masking preformed.

Related branches

Martin Erik Werner (arand) wrote :

These reports seem to normally default to private, but after mine was declared a duplicate, it was set to public: Is that a bug in apport retracing service?

Changed in apport (Ubuntu):
status: New → Invalid
Martin Erik Werner (arand) wrote :

apport issue reported as separate: Bug #419929

Martin Erik Werner (arand) wrote :
security vulnerability: no → yes
Elliot Murphy (statik) on 2009-08-30
Changed in ubuntuone-client (Ubuntu):
assignee: nobody → Elliot Murphy (statik)
status: New → In Progress
Elliot Murphy (statik) wrote :

Attaching a debdiff which modifies the apport hook to no longer attach the two logfiles that typically have filenames in them.

Changed in ubuntuone-client (Ubuntu):
status: In Progress → Confirmed
assignee: Elliot Murphy (statik) → nobody
status: Confirmed → Fix Committed
StefanPotyra (sistpoty) wrote :

looks good, uploading. Please merge into bzr. Thanks.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntuone-client - 0.93.1-0ubuntu2

ubuntuone-client (0.93.1-0ubuntu2) karmic; urgency=low

  * Don't attach logs containing filenames in the apport
    hook, as this is a privacy concern (LP: #419895)

 -- Elliot Murphy <email address hidden> Sat, 29 Aug 2009 21:58:37 -0400

Changed in ubuntuone-client (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers