I think package_hook was broken by the following change with the apport's last upload:
- SECURITY FIX: Fix all writers of report files (package_hook,
kernel_crashdump, and similar) to open the report file exclusively,
i. e. fail if they already exist. This prevents privilege escalation
through symlink attacks. Note that this will also prevent overwriting
previous reports with the same same. Thanks to halfdog for discovering
this! (CVE-2015-1338, LP: #1492570)
I think package_hook was broken by the following change with the apport's last upload:
- SECURITY FIX: Fix all writers of report files (package_hook, crashdump, and similar) to open the report file exclusively,
kernel_
i. e. fail if they already exist. This prevents privilege escalation
through symlink attacks. Note that this will also prevent overwriting
previous reports with the same same. Thanks to halfdog for discovering
this! (CVE-2015-1338, LP: #1492570)