* test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids
random test failures due to leaking paths from previous test cases.
* SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)
-- Martin Pitt <email address hidden> Thu, 22 Oct 2015 15:05:43 +0200
This bug was fixed in the package apport - 2.17.2-0ubuntu1.7
---------------
apport (2.17.2-0ubuntu1.7) vivid-security; urgency=medium
* test_backend_ apt_dpkg. py: Reset internal apt caches between tests. Avoids
random test failures due to leaking paths from previous test cases.
* SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)
-- Martin Pitt <email address hidden> Thu, 22 Oct 2015 15:05:43 +0200