lp://qastaging/~ubuntu-core-dev/ubuntu/impish/apport/ubuntu

Related source package recipes

1 recipe using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1929292: ubiquity crashes whilst trying to use ubuntu-bug	Low	Fix Released
Bug #1933832: Path traversal leads to arbitrary file read	Undecided	Fix Released
Bug #1934308: Arbitrary file read in general hook (ubuntu.py)	Critical	Fix Released

Link a bug report

Related blueprints

2872. By Brian Murray on 2021-10-26

* SECURITY UPDATE: Privilege escalation via core files
  - refactor privilege dropping and create core files in a well-known
    directory in apport/fileutils.py, apport/report.py, data/apport,
    test/test_fileutils.py, test/test_report.py,
    test/test_signal_crashes.py, test/test_ui.py.
  - use systemd-tmpfiles to create and manage the well-known core file
    directory in setup.py, data/systemd/apport.conf,
    debian/apport.install.

2871. By Brian Murray on 2021-10-06

releasing package apport version 2.20.11-0ubuntu70

2870. By Brian Murray on 2021-10-06

* etc/apport/crashdb.conf: Disable Launchpad crash reports for 21.10
  release.
* debian/tests/upstream-system: Set /proc/sys/kernel/core_uses_pid to 0 as
  that's the easiest way to fix tests that expect the core file to be named
  core and not core.PID

2869. By Brian Murray on 2021-09-16

releasing package apport version 2.20.11-0ubuntu69

2868. By Brian Murray on 2021-09-16

* SECURITY UPDATE: Arbitrary file read (LP: #1934308)
  - data/general-hooks/ubuntu.py: don't attempt to include emacs
    byte-compilation logs, they haven't been generated by the emacs
    packages in a long time.
  - CVE-2021-3709
* SECURITY UPDATE: Info disclosure via path traversal (LP: #1933832)
  - apport/hookutils.py, test/test_hookutils.py: detect path traversal
    attacks, and directory symlinks.
  - CVE-2021-3710

2867. By Brian Murray on 2021-08-19

releasing package apport version 2.20.11-0ubuntu68

2866. By Brian Murray on 2021-08-19

* backends/packaging-apt-dpkg.py: check to see if there is a different
  package which provides the dependency.
* test/test_report.py: with glibc 2.34 abort tests started failing as the
  backtrace didn't have a program counter value in frame 1 so check frame 1
  or frame 2.

2865. By Brian Murray on 2021-05-27

data/package-hooks/source_ubiquity.py: confirm that the key exists in the
report before trying to manipulate it. (LP: #1929292)

2864. By Brian Murray on 2021-05-27

releasing package apport version 2.20.11-0ubuntu67

2863. By Brian Murray on 2021-05-27

* SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904)
  - apport/hookutils.py: don't follow symlinks and make sure the file
    isn't a FIFO in read_file().
  - test/test_hookutils.py: added symlink tests.
  - CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550,
    CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554,
    CVE-2021-32555
* SECURITY UPDATE: info disclosure via modified config files spoofing
  (LP: #1917904)
  - backends/packaging-apt-dpkg.py: properly terminate arguments in
    get_modified_conffiles.
  - CVE-2021-32556
* SECURITY UPDATE: arbitrary file write (LP: #1917904)
  - data/whoopsie-upload-all: don't follow symlinks and make sure the
    file isn't a FIFO in process_report().
  - CVE-2021-32557