lp://qastaging/~mpt/apport/1448636-occured
- Get this branch:
- bzr branch lp://qastaging/~mpt/apport/1448636-occured
Branch merges
- Martin Pitt (community): Approve
-
Diff: 15 lines (+2/-2)1 file modifieddata/apportcheckresume (+2/-2)
Related bugs
Related blueprints
Branch information
Recent revisions
- 2950. By Launchpad Translations on behalf of apport-hackers
-
Launchpad automatic translations update.
- 2948. By Martin Pitt
-
* SECURITY UPDATE: Disable crash forwarding to containers. The previous fix in 2.17.1 was not sufficient against all attack scenarios. By binding to specially crafted sockes, a normal user program could forge arbitrary entries in /proc/net/unix. We cannot currently rely on a kernel-side solution for this; this feature will be re-enabled once it gets re-done to be secure. (LP: #1444518)
- 2947. By Martin Pitt
-
* Really create a better duplicate signature for recoverable problems, using ExecutablePath. Thanks Brian Murray. (LP: #1316763)
- 2946. By Martin Pitt
-
* apport-kde: Fix crash when showing byte array values. Thanks Jonathan Riddell. (LP: #1443659)
- 2943. By Martin Pitt
-
SECURITY UPDATE: Fix root privilege escalation through crash forwarding to containers
Version 2.13 introduced forwarding a crash to a container's apport. By crafting
a specific file system structure, entering it as a namespace ("container"), and
crashing something in it, a local user could access arbitrary files on the host
system with root privileges. Thanks to Stéphane Graber for discovering and
fixing this!CVE-2015-1318
LP: #1438758 - 2942. By Launchpad Translations on behalf of apport-hackers
-
Launchpad automatic translations update.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/~apport-hackers/apport/trunk