Comment 9 for bug 2016023

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 2.23.1-0ubuntu3.2

---------------
apport (2.23.1-0ubuntu3.2) kinetic-security; urgency=medium

  * Let apport depend on recent python3-problem-report for recent bug fix
  * SECURITY UPDATE: viewing an apport-cli crash with default pager could
    escalate privilege (LP: #2016023)
    - d/p/refactor-Introduce-run_as_real_user.patch: Introduce
      run_as_real_user()
    - d/p/fix-Only-open-browser-as-user-via-sudo-if-running-as-root.patch:
      Only open browser as user (via sudo) if running as root
    - d/p/Replace-sudo-by-dropping-privileges-ourselves.patch: Replace sudo by
      dropping privileges ourselves
    - debian/patches/CVE-2023-1326.patch: drops privilege to users environment
      before execution
    - CVE-2023-1326

 -- Benjamin Drung <email address hidden> Wed, 12 Apr 2023 12:38:24 +0200