Ubuntu
apport package

  1. Trusty (14.04)
  2. Bug #1648806
  3. Comment #34

Comment 34 for bug 1648806

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 2.20.3-0ubuntu8.2

---------------
apport (2.20.3-0ubuntu8.2) yakkety-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Use ast.literal_eval in apport/ui.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806
  * SECURITY UPDATE: path traversal vulnerability with hooks execution
    - Clean path in apport/report.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806

  [ Steve Beattie ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Only offer restarting the application when processing a
      crash file in /var/crash in apport/ui.py, gtk/apport-gtk,
      and kde/apport-kde. Add testcases to test/test_ui.py,
      test/test_ui_gtk.py, and test_ui_kde.py.
    - No CVE number
    - LP: #1648806

 -- Marc Deslauriers <email address hidden> Tue, 13 Dec 2016 10:55:09 -0800