* SECURITY UPDATE: code execution through path traversal in
.crash files (LP: #1700573)
- apport/report.py, test/test_ui.py: fix traversal issue
and add a test for that.
- debian/apport.install, setup.py, xdg-mime/apport.xml: removes
apport as a file handler for .crash files. Thanks to Brian
Murray for the patch and Felix Wilhelm for discovering this.
- CVE-2017-10708
This bug was fixed in the package apport - 2.20.3-0ubuntu8.7
---------------
apport (2.20.3-0ubuntu8.7) yakkety-security; urgency=medium
* SECURITY UPDATE: code execution through path traversal in apport. install, setup.py, xdg-mime/ apport. xml: removes
.crash files (LP: #1700573)
- apport/report.py, test/test_ui.py: fix traversal issue
and add a test for that.
- debian/
apport as a file handler for .crash files. Thanks to Brian
Murray for the patch and Felix Wilhelm for discovering this.
- CVE-2017-10708
-- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Jul 2017 08:43:41 -0300