[Bug 2114137] [NEW] [SRU] SRU 1.33
Anshul Singh
2114137 at bugs.launchpad.net
Thu Jun 12 05:07:30 UTC 2025
Public bug reported:
* New upstream release
- SECURITY UPDATE: Report file insecure permissions (LP: #2106338)
+ Do not change report group to report owner's primary group.
+ CVE-2025-5467
- SECURITY UPDATE: Race condition when forwarding core files to containers
(LP: #2107472)
+ apport: move consistency_checks call further up
+ apport: do not override options.pid
+ apport: open /proc/<pid> as early as possible
+ fileutils: respect proc_pid_fd in get_core_path
+ apport: use opened /proc/<pid> everywhere
+ apport: do consistency check before forwarding crashes
+ apport: require --dump-mode to be specified
+ apport: determine report owner by dump_mode
+ apport: do not forward crash for dump_mode == 2
+ apport: support pidfd (%F) parameter from kernel
+ CVE-2025-5054
- test: support coreutils rename to gnu-coreutils (LP: #2111595)
- setuptools/java: use snakecase for option name (LP: #2111595)
- apport: look for the exe within the proc root mount (LP: #2112272)
* Depend on gnu-coreutils for integration/system tests
* Depend on python3-pytest-cov in addition to python3-pytest
* Drop patches applied upstream and refresh remaining patches
* Address some Pyright complaints in ubuntu general hook
** Affects: apport (Ubuntu)
Importance: Undecided
Assignee: Anshul Singh (levihackerman-102)
Status: New
** Changed in: apport (Ubuntu)
Assignee: (unassigned) => Anshul Singh (levihackerman-102)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/2114137
Title:
[SRU] SRU 1.33
Status in apport package in Ubuntu:
New
Bug description:
* New upstream release
- SECURITY UPDATE: Report file insecure permissions (LP: #2106338)
+ Do not change report group to report owner's primary group.
+ CVE-2025-5467
- SECURITY UPDATE: Race condition when forwarding core files to containers
(LP: #2107472)
+ apport: move consistency_checks call further up
+ apport: do not override options.pid
+ apport: open /proc/<pid> as early as possible
+ fileutils: respect proc_pid_fd in get_core_path
+ apport: use opened /proc/<pid> everywhere
+ apport: do consistency check before forwarding crashes
+ apport: require --dump-mode to be specified
+ apport: determine report owner by dump_mode
+ apport: do not forward crash for dump_mode == 2
+ apport: support pidfd (%F) parameter from kernel
+ CVE-2025-5054
- test: support coreutils rename to gnu-coreutils (LP: #2111595)
- setuptools/java: use snakecase for option name (LP: #2111595)
- apport: look for the exe within the proc root mount (LP: #2112272)
* Depend on gnu-coreutils for integration/system tests
* Depend on python3-pytest-cov in addition to python3-pytest
* Drop patches applied upstream and refresh remaining patches
* Address some Pyright complaints in ubuntu general hook
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/2114137/+subscriptions
More information about the foundations-bugs
mailing list