Ubuntu
unity-scope-gdrive package

Dash/Unity search feature logs search terms to syslog

Bug #1509076 reported by Skeletor999
272
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unity-scope-gdrive (Ubuntu)
Fix Released
Undecided
Unassigned
Trusty
Confirmed
Medium
Marc Deslauriers
Vivid
Won't Fix
Medium
Marc Deslauriers
Wily
Won't Fix
Medium
Marc Deslauriers

Bug Description

Note that I believe this was before I set "include online search results" to off from Dash:

0. Fresh install of 15.10
1. Alt-F2
2. Enter search terms, e.g. "settings" or "terminal"
3. See syslog with a utility of your choice

Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: ''
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 's'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'so'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'sof'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'soft'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: ''
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 't'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'te'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'ter'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'term'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'termi'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 's'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'se'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'set'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'sett'

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: compiz-core 1:0.9.12.2+15.10.20151015-0ubuntu1
ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
Uname: Linux 4.2.0-16-generic x86_64
.tmp.unity.support.test.0:

ApportVersion: 2.19.1-0ubuntu3
Architecture: amd64
BootLog:

CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CompositorRunning: compiz
CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0'
CompositorUnredirectFSW: true
CurrentDesktop: Unity
Date: Thu Oct 22 22:55:43 2015
DistUpgraded: Fresh install
DistroCodename: wily
DistroVariant: ubuntu
ExecutablePath: /usr/bin/compiz
GraphicsCard:
 Advanced Micro Devices, Inc. [AMD/ATI] Barts PRO [Radeon HD 6850] [1002:6739] (prog-if 00 [VGA controller])
   Subsystem: Micro-Star International Co., Ltd. [MSI] Device [1462:2520]
InstallationDate: Installed on 2015-10-22 (0 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
MachineType: Hewlett-Packard HPE-515sc
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.2.0-16-generic.efi.signed root=UUID=6381166e-e45d-4466-9167-0c6eaeb135f3 ro quiet splash vt.handoff=7
SourcePackage: compiz
UdevLog: Error: [Errno 2] No such file or directory: '/var/log/udev'
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 05/17/2011
dmi.bios.vendor: AMI
dmi.bios.version: 7.14
dmi.board.name: 2AB6
dmi.board.vendor: PEGATRON CORPORATION
dmi.board.version: 1.04
dmi.chassis.asset.tag: CZC1271WZC
dmi.chassis.type: 3
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias: dmi:bvnAMI:bvr7.14:bd05/17/2011:svnHewlett-Packard:pnHPE-515sc:pvr1.04:rvnPEGATRONCORPORATION:rn2AB6:rvr1.04:cvnHewlett-Packard:ct3:cvr:
dmi.product.name: HPE-515sc
dmi.product.version: 1.04
dmi.sys.vendor: Hewlett-Packard
version.compiz: compiz 1:0.9.12.2+15.10.20151015-0ubuntu1
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.64-1
version.libgl1-mesa-dri: libgl1-mesa-dri 11.0.2-1ubuntu4
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 11.0.2-1ubuntu4
version.xserver-xorg-core: xserver-xorg-core 2:1.17.2-1ubuntu9
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.9.2-1ubuntu1
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.5.0+git20150819-0ubuntu1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20150808-0ubuntu4
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.11-1ubuntu3
xserver.bootTime: Thu Oct 22 20:55:04 2015
xserver.configfile: default
xserver.devices:
 input Power Button KEYBOARD, id 6
 input Power Button KEYBOARD, id 7
 input PIXART USB OPTICAL MOUSE MOUSE, id 8
 input NOVATEK HP USB Multimedia Keyboard KEYBOARD, id 9
 input NOVATEK HP USB Multimedia Keyboard KEYBOARD, id 10
xserver.errors:

xserver.logfile: /var/log/Xorg.0.log
xserver.version: 2:1.17.2-1ubuntu9
xserver.video_driver: radeon

CVE References

Revision history for this message
Skeletor999 (skeletor999) wrote :
Seth Arnold (seth-arnold)
affects: compiz (Ubuntu) → unity (Ubuntu)
Marc Deslauriers (mdeslaur)
affects: unity (Ubuntu) → unity-scope-gdrive (Ubuntu)
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This is CVE-2015-1343

Changed in unity-scope-gdrive (Ubuntu Trusty):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in unity-scope-gdrive (Ubuntu Vivid):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in unity-scope-gdrive (Ubuntu Wily):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Skeletor999 (skeletor999) wrote :

So... any news?

Revision history for this message
Seth Arnold (seth-arnold) wrote :

I'm sorry Skeletor999, I don't know where we lost track of this issue.

This code, and a huge raft of other debugging print() statements that should probably be removed, still exist in 14.04 LTS, 16.04 LTS, and 17.04.

Thanks for the report and the re-poke.

Alex Murray (alexmurray)
Changed in unity-scope-gdrive (Ubuntu Wily):
status: Confirmed → Won't Fix
Changed in unity-scope-gdrive (Ubuntu Vivid):
status: Confirmed → Won't Fix
Changed in unity-scope-gdrive (Ubuntu):
status: New → Fix Released
Seth Arnold (seth-arnold)
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.