-
apport (2.14.1-0ubuntu3.29) trusty-security; urgency=medium
* data/apport: Properly handle crashes originating from a PID namespace.
(LP: #1746668)
- Thanks to Sander Bos for discovering this issue.
- CVE-2018-6552
-- Marc Deslauriers <email address hidden> Fri, 01 Jun 2018 08:12:01 -0400
-
apport (2.14.1-0ubuntu3.28) trusty-security; urgency=medium
* REGRESSION UPDATE: Fix regression that caused a Traceback in the
container support (LP: #1733366)
- data/apport: add a second os.path.exists check to ensure we do not
receive a Traceback in is_container_id() and add an exception handler in
case either name space can not be found.
-- Brian Murray <email address hidden> Fri, 20 Apr 2018 14:11:44 -0700
-
apport (2.14.1-0ubuntu3.27) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service via resource exhaustion and
privilege escalation when handling crashes of tainted processes
(LP: #1726372)
- When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
the user and group owning the /proc/<PID>/stat file is the same
user and group that started the process. Rather check the dump
mode of the crashed process and do not write a core file if its
value is 2. Thanks to Sander Bos for discovering this issue!
- CVE-2017-14177
* SECURITY UPDATE: Denial of service via resource exhaustion,
privilege escalation, and possible container escape when handling
crashes of processes inside PID namespaces (LP: #1726372)
- Change the method for determining if a crash is from a container
so that there are no false positives from software using PID
namespaces. Additionally, disable container crash forwarding by
ignoring crashes that occur in a PID namespace. This functionality
may be re-enabled in a future update. Thanks to Sander Bos for
discovering this issue!
- CVE-2017-14180
-- Brian Murray <email address hidden> Mon, 13 Nov 2017 08:54:04 -0800
-
apport (2.14.1-0ubuntu3.25) trusty-security; urgency=medium
* SECURITY UPDATE: code execution through path traversal in
.crash files (LP: #1700573)
- apport/report.py, test/test_ui.py: fix traversal issue
and add a test for that.
- debian/apport.install, setup.py, xdg-mime/apport.xml: removes
apport as a file handler for .crash files. Thanks to Brian
Murray for the patch and Felix Wilhelm for discovering this.
- CVE-2017-10708
-- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Jul 2017 08:43:04 -0300
-
apport (2.14.1-0ubuntu3.24) trusty; urgency=medium
* data/general/ubuntu.py: Collect a minimal version of /proc/cpuinfo in
every report. (LP: #1673557)
* data/general/ubuntu-gnome.py: The GNOME3 PPAs are no longer supported for
14.04 or 16.04 so set an UnreportableReason in those reports.
(LP: #1689093)
-- Brian Murray <email address hidden> Fri, 12 May 2017 12:29:08 -0700
-
apport (2.14.1-0ubuntu3.23) trusty-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: code execution via malicious crash files
- Use ast.literal_eval in apport/ui.py, added test to test/test_ui.py.
- No CVE number
- LP: #1648806
* SECURITY UPDATE: path traversal vulnerability with hooks execution
- Clean path in apport/report.py, added test to test/test_ui.py.
- No CVE number
- LP: #1648806
[ Steve Beattie ]
* SECURITY UPDATE: code execution via malicious crash files
- Only offer restarting the application when processing a
crash file in /var/crash in apport/ui.py, gtk/apport-gtk,
and kde/apport-kde. Add testcases to test/test_ui.py,
test/test_ui_gtk.py, and test_ui_kde.py.
- No CVE number
- LP: #1648806
-- Marc Deslauriers <email address hidden> Mon, 12 Dec 2016 07:27:21 -0500
-
apport (2.14.1-0ubuntu3.21) trusty-proposed; urgency=medium
* apport-bug: Stop checking the autoreport flag and calling
whoopsie-upload-all; these two are different tasks, and that breaks bug
reporting. (LP: #1339663)
-- Brian Murray <email address hidden> Mon, 16 May 2016 13:24:02 -0700
-
apport (2.14.1-0ubuntu3.20) trusty-proposed; urgency=medium
* Disambiguate overly generic Python exceptions in duplicate signature
computation: dbus-glib's DBusException wraps a "real" server-side
exception, so add the class of that to disambiguate different crashes;
for OSError that is not a known subclass like FileNotFoundError, add the
errno. (LP: #989819)
-- Martin Pitt <email address hidden> Fri, 01 Apr 2016 16:27:39 +0200
-
apport (2.14.1-0ubuntu3.19) trusty-proposed; urgency=medium
* apport/ui.py: set "_MarkForUpload" field to False for cases where the
apport report is damaged, about a not installed package, or when an
error occurred processing the report. (LP: #1512902)
-- Brian Murray <email address hidden> Fri, 06 Nov 2015 07:14:08 -0800
-
apport (2.14.1-0ubuntu3.18) trusty-security; urgency=medium
* test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids
random test failures due to leaking paths from previous test cases.
* SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)
-- Martin Pitt <email address hidden> Thu, 22 Oct 2015 15:15:37 +0200
-
apport (2.14.1-0ubuntu3.17) trusty-proposed; urgency=medium
* Consistently intercept "report file already exists" errors in all writers
of report files (package_hook, kernel_crashdump, and similar) to avoid
unhandled exceptions on those. (LP: #1500450)
-- Brian Murray <email address hidden> Fri, 16 Oct 2015 15:09:08 -0700
-
apport (2.14.1-0ubuntu3.16) trusty-proposed; urgency=medium
* Add data/general-hooks/powerpc.py: Collect some PowerPC[64] information.
Thanks to Thierry FAUCK! (LP: #1336462)
-- Brian Murray <email address hidden> Thu, 24 Sep 2015 13:02:09 -0700
-
apport (2.14.1-0ubuntu3.15) trusty-security; urgency=medium
[ Martin Pitt ]
* SECURITY FIX: kernel_crashdump: Enforce that the log/dmesg files are not a
symlink.
This prevents normal users from pre-creating a symlink to the predictable
.crash file, and thus triggering a "fill up disk" DoS attack when the
.crash report tries to include itself. Also clean up the code to make this
easier to read: Drop the "vmcore_root" alias, move the vmcore and
vmcore.log cleanup into the "no kdump" section, and replace the buggy
os.walk() loop with a glob to only catch direct timestamp subdirectories
of /var/crash/.
Thanks to halfdog for discovering this!
(CVE-2015-1338, part of LP #1492570)
* SECURITY FIX: Fix all writers of report files to open the report file
exclusively.
Fix package_hook, kernel_crashdump, and similar hooks to fail if the
report already exists. This prevents privilege escalation through symlink
attacks. Note that this will also prevent overwriting previous reports
with the same same. Thanks to halfdog for discovering this!
(CVE-2015-1338, LP: #1492570)
[ Marc Deslauriers ]
* This package does _not_ contain the changes from 2.14.1-0ubuntu3.14 in
trusty-proposed.
-- Marc Deslauriers <email address hidden> Wed, 23 Sep 2015 11:28:26 -0400
-
apport (2.14.1-0ubuntu3.14) trusty-proposed; urgency=medium
* Add data/general-hooks/powerpc.py: Collect some PowerPC[64] information.
Thanks to Thierry FAUCK! (LP: #1336462)
-- Brian Murray <email address hidden> Wed, 16 Sep 2015 11:30:47 -0700
-
apport (2.14.1-0ubuntu3.13) trusty-proposed; urgency=medium
* data/package_hook: when creating the problem report include the version of
the package. (LP: #1485787)
-- Brian Murray <email address hidden> Wed, 26 Aug 2015 16:16:52 -0700
-
apport (2.14.1-0ubuntu3.12) trusty-proposed; urgency=medium
* Keep "[origin: ...]" information in Package: and Dependencies: fields
for native-origins.d/ origins, so that it's possible to retrace them and
so that bugs are reported about the right project. (LP: #1470572)
* general-hooks/ubuntu.py: for reports where the ProblemType is Package
always include information about the apt and dpkg versions.
-- Brian Murray <email address hidden> Tue, 11 Aug 2015 12:33:43 -0700
-
apport (2.14.1-0ubuntu3.11) trusty-security; urgency=medium
* SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
program that is suid root or not readable for the user would create
root-owned core files in the current directory of that program. Creating
specially crafted core files in /etc/logrotate.d or similar could then
lead to arbitrary code execution with root privileges. Now core files do
not get written for these kinds of programs, in accordance with the
intention of core(5).
Thanks to Sander Bos for discovering this issue!
(CVE-2015-1324, LP: #1452239)
* SECURITY UPDATE: When writing a core dump file for a crashed packaged
program, don't close and reopen the .crash report file but just rewind and
re-read it. This prevents the user from modifying the .crash report file
while "apport" is running to inject data and creating crafted core dump
files. In conjunction with the above vulnerability of writing core dump
files to arbitrary directories this could be exploited to gain root
privileges.
Thanks to Philip Pettersson for discovering this issue!
(CVE-2015-1325, LP: #1453900)
* test_signal_crashes(): Drop hardcoded /tmp/ path in do_crash(),
test_nonwritable_cwd() uses a different dir.
-- Martin Pitt <email address hidden> Wed, 13 May 2015 11:53:18 +0200
-
apport (2.14.1-0ubuntu3.10) trusty-security; urgency=medium
* SECURITY UPDATE: insecure /proc/net/unix parsing (LP: #1444518)
- data/apport: temporarily disable container support until it can be
re-written in a secure manner.
- CVE number pending
-- Marc Deslauriers <email address hidden> Thu, 16 Apr 2015 07:56:02 -0400
-
apport (2.14.1-0ubuntu3.9) trusty-security; urgency=medium
* SECURITY UPDATE: privilege escalation through namespaces and crafted
chroot (LP: #1438345)
- data/apport: If crash comes from a container, rather than
chrooting into it, detect what LXC container it is and then use the
attach_wait API call to execute apport in the container.
- data/apport: Don't fail when encountering unicode characters.
(Thanks to Martin Pitt)
- test/test_signal_crashes.py: Test for the unicode fix.
(Thanks to Martin Pitt)
- CVE-2015-1318
-- Stephane Graber <email address hidden> Wed, 08 Apr 2015 13:16:27 -0400
-
apport (2.14.1-0ubuntu3.8) trusty-proposed; urgency=medium
* Backport changes from 14.10 to ensure that automatic crash reporting
works. (LP: #1431058)
- Refactor whoopsie-upload-all to behave more reliably in case of
overlapping crash processing.
- debian/apport-noui.upstart: refactor to make this an 'instance' job for
each incoming .crash file, and drop the racy handling of non-root .crash
files (as well as the unnecessary 'env MATCH' line).
- debian/apport-noui.upstart: remove early exit
- debian/apport-noui.dirs: create /var/lib/apport
- apport-noui: make the package installation automatically enable
autosubmission, and update the package description accordingly.
-- Brian Murray <email address hidden> Thu, 12 Mar 2015 15:58:32 -0700
-
apport (2.14.1-0ubuntu3.7) trusty-proposed; urgency=medium
* apport/ui.py: Only provide a UI to hooks if the crash db will accept the
report. This avoids asking questions if the report is merely sent to
whoopsie for Ubuntu stable releases. (LP: #1084979)
-- Brian Murray <email address hidden> Thu, 05 Feb 2015 10:09:15 -0800
-
apport (2.14.1-0ubuntu3.6) trusty-proposed; urgency=medium
* Stop setting $PATH in the init.d script. It breaks assumptions from
/lib/lsb/init-functions.d/ which might call other tools which are not in
/bin; also, we generally shouldn't meddle with $PATH in individual scripts.
(LP: #1372665)
-- Brian Murray <email address hidden> Tue, 28 Oct 2014 14:05:01 -0700
-
apport (2.14.1-0ubuntu3.5) trusty-proposed; urgency=medium
[ Martin Pitt ]
* report.py, add_gdb_info(): Check for truncated core dumps, and set
UnreportableReason and raise an IOError on them. Handle this in
apport-retrace and whoopsie-upload-all to fail properly instead of
silently producing broken Stacktraces. (LP: #1354571)
-- Brian Murray <email address hidden> Wed, 01 Oct 2014 11:28:57 -0700
-
apport (2.14.1-0ubuntu3.4) trusty-proposed; urgency=medium
* Write report even for crashes with UnreportableReasons, so that whoopsie
will upload more information. (LP: #1360417)
-- Brian Murray <email address hidden> Tue, 02 Sep 2014 09:53:41 -0700
-
apport (2.14.1-0ubuntu3.3) trusty-proposed; urgency=medium
* In apport-kde recommend gdb-minimal before gdb
LP: #1347565 "apport recommends gdb"
-- Jonathan Riddell <email address hidden> Wed, 23 Jul 2014 12:38:43 +0200
-
apport (2.14.1-0ubuntu3.2) trusty-proposed; urgency=medium
* Move duplicate signature creation for suspend resume failures from
apportcheckresume which does not have all the information we need to
the kernel package hook. (LP: #1316841)
-- Brian Murray <email address hidden> Fri, 16 May 2014 10:03:10 -0700
-
apport (2.14.1-0ubuntu3.1) trusty-proposed; urgency=medium
* Move error handling for invalid .crash files into collect_info(), so that
it also applies when using the "Show Details..." button in the UI.
Otherwise the UI just hangs eternally at this point when encountering
broken core dumps. Cherry-picked from trunk r2789. (LP: #1282349)
* Add kernel package version to the various kernel-related hooks. Thanks
Brian Murray. Cherry-picked from trunk r2799. (LP: #1316845)
* Add a duplicate signature to suspend resume failures. Thanks Brian Murray.
Cherry-picked from trunk r2800. (LP: #1316841)
-- Martin Pitt <email address hidden> Mon, 12 May 2014 16:28:57 +0200
-
apport (2.14.1-0ubuntu3) trusty; urgency=medium
* Cherry-pick from trunk: Delay the import of the glob and re modules in the
python apport hook, and only import them when needed. Speeds up
interpreter startup time by 50%. (LP: #1307684)
-- Matthias Klose <email address hidden> Tue, 15 Apr 2014 08:42:00 +0200
-
apport (2.14.1-0ubuntu2) trusty; urgency=medium
* etc/apport/crashdb.conf: Disable Launchpad crash/kernel reports for
the final release. Only report to http://errors.ubuntu.com from now on.
-- Brian Murray <email address hidden> Thu, 10 Apr 2014 14:26:24 -0700
-
apport (2.14.1-0ubuntu1) trusty; urgency=medium
* New upstream bug fix release:
- Fix FileNotFoundError from temporary launchpadlib cache dir cleanup.
(LP: #1300474)
- ui.py, open_url(): Skip any Python cleanup/atexit handlers in the forked
xdg-open child, to avoid calling them twice. (Side issue of LP #1300474
and #1282713)
- apport-kde: Work around crash in sip by skipping the destructors of SIP
objects. Thanks Rohan Garg! (LP: #1282713)
-- Martin Pitt <email address hidden> Fri, 04 Apr 2014 15:34:06 +0100
-
apport (2.14-0ubuntu1) trusty; urgency=medium
* New upstream release:
- Add KernelCrash reports when iwlwifi encounters a firmware error (via
the "error_dump" uevent and the new iwlwifi_error_dump helper). Thanks
Seth Forshee!
- launchpad: Really use a temporary launchpadlib cache dir by default.
This avoids piling up gigabytes of useless cached data over time, which
also tends to break every now and then.
- Fix crash in logind session detection. Thanks Dimitri Ledkov!
(LP: #1296026)
-- Martin Pitt <email address hidden> Mon, 31 Mar 2014 11:47:19 +0200
-
apport (2.13.3-0ubuntu1) trusty; urgency=medium
[ Martin Pitt ]
* New upstream release:
- etc/cron.daily/apport: Cleanup .drkonqi files after 7 days. Thanks Harald
Sitter.
- ui.py: Try to grab session D-BUS address from user's session when being
called through pkexec. (LP: #1287460)
[ Brian Murray ]
* data/package-hooks/source_linux.py: ensure dupe_sig1 and dupe_sig2 are
None if they are not found
-- Martin Pitt <email address hidden> Fri, 07 Mar 2014 16:34:45 +0100
-
apport (2.13.2-0ubuntu5) trusty; urgency=medium
* data/package-hooks/source_linux.py: remove line feed from
DuplicateSignature as it causes issues on the error tracker
-- Brian Murray <email address hidden> Tue, 18 Feb 2014 13:36:50 -0800
-
apport (2.13.2-0ubuntu4) trusty; urgency=medium
* data/kernel_oops: include the package version in addition to the name
-- Brian Murray <email address hidden> Fri, 14 Feb 2014 14:09:39 -0800
-
apport (2.13.2-0ubuntu3) trusty; urgency=medium
* package-hooks/source_linux.py: create a DuplicateSignature for kernel
oops reports thereby allowing them to be bucketed and consolidated in
the Ubuntu error tracker
-- Brian Murray <email address hidden> Thu, 13 Feb 2014 14:33:07 -0800
-
apport (2.13.2-0ubuntu2) trusty; urgency=medium
* Merge from trunk:
- Fix backend_apt_dpkg.test_get_file_package_uninstalled test that got
broken in the previous release.
apport (2.13.2-0ubuntu1) trusty; urgency=medium
* New upstream bug fix release:
- Fix crash if systemd cgroup is unreadable in /sys, such as in
containers. (LP: #1270783)
- apt/dpkg: Also consider Contents.gz from updates/security/proposed
pockets, so that e. g. apport-retrace works for crash reports with files
that are new in those. Thanks to Brian Murray for the initial patch.
(LP: #1271258)
- Only drop internal/private keys (starting with '_') from uploading to
the crash DB and from the UI report views, but not already when updating
the report. (LP: #1272505)
- data/apport: Fix stdout/stderr initialization of the error log, don't
close the original fd after dup2'ing as it is usually already fd 1. This
makes Apport work with Python 3.4. (LP: #1272355)
- Adjust report tests to work with Python 3.4 (LP: #1272355)
-- Martin Pitt <email address hidden> Mon, 27 Jan 2014 15:21:06 +0100
-
apport (2.13.2-0ubuntu1) trusty; urgency=medium
* New upstream bug fix release:
- Fix crash if systemd cgroup is unreadable in /sys, such as in
containers. (LP: #1270783)
- apt/dpkg: Also consider Contents.gz from updates/security/proposed
pockets, so that e. g. apport-retrace works for crash reports with files
that are new in those. Thanks to Brian Murray for the initial patch.
(LP: #1271258)
- Only drop internal/private keys (starting with '_') from uploading to
the crash DB and from the UI report views, but not already when updating
the report. (LP: #1272505)
- data/apport: Fix stdout/stderr initialization of the error log, don't
close the original fd after dup2'ing as it is usually already fd 1. This
makes Apport work with Python 3.4. (LP: #1272355)
- Adjust report tests to work with Python 3.4 (LP: #1272355)
-- Martin Pitt <email address hidden> Mon, 27 Jan 2014 11:33:51 +0100
-
apport (2.13.1-0ubuntu2) trusty; urgency=medium
* debian/apport.upstart: Use running-in-container instead of checking init's
environment.
* Re-enable Launchpad crash reports for Trusty. (LP: #1271887)
-- Martin Pitt <email address hidden> Fri, 24 Jan 2014 17:34:56 +0100
-
apport (2.13.1-0ubuntu1) trusty; urgency=medium
* New upstream release:
- Fix report.test_get_timestamp test for running in other time zones.
- Fix erroneous "gdb-multiarch not installed" warnings in ui tests.
- Fix ui.test_run_crash_older_session test for running as root.
- Fix ui.test_run_crash_older_session for different file system file
orders.
-- Martin Pitt <email address hidden> Fri, 10 Jan 2014 10:58:54 +0100
-
apport (2.13-0ubuntu1) trusty; urgency=medium
* New upstream release. Changes since our previous merge:
- Do not report keys starting with '_' to the crash database. This can be
used for keeping private keys in .crash files between crash and report
time, or to store data between hooks etc., without cluttering reports.
- UI: In "run all pending crashes" mode, skip reports that happened during
logout in a desktop (specifically, logind) session; they are
uninteresting and confusing to see at the next login. (LP: #1033932)
They can still be reported manually with running the .crash file
directly, but this sufficiently reduces the need to explicitly flag
whether the report concerns a logout crash. (LP: #1067646)
- Add support for PID namespaces (Linux containers): Crashes originating
from a container on a system running a >= 3.12 kernel will be
automatically redirected to apport inside the container, or ignored if
apport is not installed in the container. Thanks to Stéphane Graber!
- Print a warning when trying to retrace a report from a foreign
architecture and gdb-multiarch is not installed. (LP: #1239395)
- etc/init.d/apport: Don't change core_pattern when running in a
container, as this influences the host and other containers, too.
* apport/ui.py: Rename "MarkForUpload" whoopsie hack field to
"_MarkForUpload" and remove delta from launchpad.py. Fields starting with
'_' are now considered private.
* debian/apport.upstart: Add "%P" macro to core_pattern, to enable Linux
container handling with upstart.
* debian/apport.upstart: Don't change core_pattern when running in a
container, as this influences the host and other containers, too.
(LP: #1267728)
-- Martin Pitt <email address hidden> Fri, 10 Jan 2014 09:07:07 +0100
-
apport (2.12.7-0ubuntu6) trusty; urgency=medium
* Merge from trunk:
- setup.py: Make updating of hashbangs work when building without Java,
and also apply it on bin/.
* Bump Standards-Version to 3.9.5, no changes necessary.
-- Martin Pitt <email address hidden> Tue, 07 Jan 2014 18:41:12 +0100
-
apport (2.12.7-0ubuntu5) trusty; urgency=low
* Modify the location of apport/autoreport from /etc to /var/lib to be more
compatible with phablet images. Remove instance from apport-noui upstart
job. (LP: #1235436)
-- Brian Murray <email address hidden> Mon, 06 Jan 2014 13:00:41 -0800
-
apport (2.12.7-0ubuntu4) trusty; urgency=medium
* In python3 (unlike python2) file object does not have "splitlines()"
method, instead one iterate over the lines in the file directly. (LP:
#1265735)
-- Dimitri John Ledkov <email address hidden> Fri, 03 Jan 2014 08:36:55 +0000
-
apport (2.12.7-0ubuntu3) trusty; urgency=medium
* Merge from trunk:
- test_signal_crashes: Clean up unexpected reports after every test, to
avoid breaking all subsequent tests.
- test_signal_crashes: Stop checking that gdb prints nothing on stderr, as
latest gdb 7.6.50 now almost always prints some about missing source
files.
* During package build, only run subset of tests that work on buildds, and
make any failure fail the build. The full test suite is run as
autopkgtest.
-- Martin Pitt <email address hidden> Thu, 19 Dec 2013 08:29:02 +0100
-
apport (2.12.7-0ubuntu2) trusty; urgency=low
* data/package-hooks/source_ubiquity.py: only warn people about passwords in
the debug log file if they are running in debug mode (LP: #1257159)
* data/general-hooks/ubuntu.py: gather more information for dpkg already
installed and configured package install failures
-- Brian Murray <email address hidden> Mon, 09 Dec 2013 14:20:12 -0800
-
apport (2.12.7-0ubuntu1) trusty; urgency=low
[ Martin Pitt ]
* New upstream release:
- Properly fall back to lsb_release if /etc/os-release is invalid.
- report.py, add_proc_info(): Add "CurrentDesktop" field with the value of
$XDG_CURRENT_DESKTOP, if present. (LP: #1247904)
- fileutils.py, get_all_system_reports(): Filter out "guest..." users,
they might have a system UID. (LP: #1250679)
- apt/dpkg: Don't call dpkg-divert with full path, it moved in Ubuntu
14.04. (LP: #1252305)
* launchpad.py: Ignore "MarkForUpload" field, it's just for internal
communication with whoopsie.
[ Andy Whitcroft ]
* package-hooks/source_linux.py: pull forward fix to generify linux-meta
to linux mapping. (LP: #1229611)
* package-hooks/source_linux.py: pull forward kernel tagging for
linux-lts- family kernels. (LP: #1229611)
-- Martin Pitt <email address hidden> Tue, 19 Nov 2013 09:11:53 +0100
-
apport (2.12.6-0ubuntu1) trusty; urgency=low
* New upstream security/bug fix release:
- SECURITY FIX: For setuid programs which drop their privileges after
startup, make the report and core dumps owned by root, to avoid possible
data disclosure. Also, change core dump files to permissions "0600".
Thanks to Martin Carpenter for discovering this!
(CVE-2013-1067, LP: #1242435)
- sandboxutils.needed_runtime_packages(): Create cache directory for
Contents.gz if missing. (LP: #933199)
- apt/dpkg: Recognize options in apt sources.list. (LP: #1238620)
* Move Vcs-Bzr to trusty branch.
-- Martin Pitt <email address hidden> Fri, 25 Oct 2013 06:49:19 +0200
-
apport (2.12.5-0ubuntu2) saucy; urgency=low
* etc/apport/crashdb.conf: Disable Launchpad crash/kernel reports for the
final release. Only report to http://errors.ubuntu.com from now on.
-- Martin Pitt <email address hidden> Fri, 11 Oct 2013 12:11:45 +0200