[ubuntu/hirsute-proposed] apport 2.20.11-0ubuntu57 (Accepted)
Brian Murray
brian at ubuntu.com
Wed Feb 3 01:00:11 UTC 2021
apport (2.20.11-0ubuntu57) hirsute; urgency=medium
* SECURITY UPDATE: multiple security issues (LP: #1912326)
- CVE-2021-25682: error parsing /proc/pid/status
- CVE-2021-25683: error parsing /proc/pid/stat
- CVE-2021-25684: stuck reading fifo
- data/apport: make sure existing report is a regular file.
- apport/fileutils.py: move some logic here to skip over manipulated
process names and filenames.
- test/test_fileutils.py: added some parsing tests.
Date: Tue, 02 Feb 2021 12:42:44 -0800
Changed-By: Brian Murray <brian at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu57
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 02 Feb 2021 12:42:44 -0800
Source: apport
Architecture: source
Version: 2.20.11-0ubuntu57
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Brian Murray <brian at ubuntu.com>
Launchpad-Bugs-Fixed: 1912326
Changes:
apport (2.20.11-0ubuntu57) hirsute; urgency=medium
.
* SECURITY UPDATE: multiple security issues (LP: #1912326)
- CVE-2021-25682: error parsing /proc/pid/status
- CVE-2021-25683: error parsing /proc/pid/stat
- CVE-2021-25684: stuck reading fifo
- data/apport: make sure existing report is a regular file.
- apport/fileutils.py: move some logic here to skip over manipulated
process names and filenames.
- test/test_fileutils.py: added some parsing tests.
Checksums-Sha1:
f2c2ffdf2e3831c939f2cd69af16fa653d686101 2662 apport_2.20.11-0ubuntu57.dsc
7c38dee09df03fc4b51a018bf10c32fc97fd7c02 1402502 apport_2.20.11-0ubuntu57.tar.gz
c77d963250c9dea68d8f3efdd23352917c079a78 8602 apport_2.20.11-0ubuntu57_source.buildinfo
Checksums-Sha256:
076a0e47f363b3e5ced493c8c027034446d4e4b766c52a790e5575a7485221de 2662 apport_2.20.11-0ubuntu57.dsc
a23535b51b21d1a8326b83282efd62133f4d175f015f4c8bb41f40a202651167 1402502 apport_2.20.11-0ubuntu57.tar.gz
f3324320a99e633608fb364270c8ec0de2354bc858b73b59d733eca4909e8bf3 8602 apport_2.20.11-0ubuntu57_source.buildinfo
Files:
d8a134d0cb5ea0f799db20e081fb27b4 2662 utils optional apport_2.20.11-0ubuntu57.dsc
6723287f10d5432907e439a3d62d8de2 1402502 utils optional apport_2.20.11-0ubuntu57.tar.gz
5b3add2196875455ba414237aad6e0ed 8602 utils optional apport_2.20.11-0ubuntu57_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfS610FljvwXMts5kHpGLZnZbPjEFAmAZuVgACgkQHpGLZnZb
PjFL6w/+L9sdITiuvDiu31ZT6u8ZXEc3lue+J2rOx+IEwf7TT/v0UdLXICyABxlp
E/gv92I6Z/l2gfp4g2fqVNX+oJWTn8h/TXJ1qStM9qnfxNQgRh7Teo5Go9gkW/rJ
I48ymf5uRZ1KWEO1Trlw92j7eyi74yOI3+Wh1v+cH8heNh8RjwVS6lIyg6zBhhPo
BxvexhpapjrJ2oztUN6Qgvio3uaM1GKFYqxKjq++ynt4KzlxUE7juxjiYjNs07Cv
fKtFgdZgipqbe9F+DquH0OHv1Ia3uJ7Z/KWcgyjQn7OD0im7Y9DJ/qi3NWhlk9T3
pvp55k0vk35hmIZb5IIpZnOcgmGnZVkyF6aW4gwKJMyV6Ls+ol2AAcxMcg5nq7pG
V491kZP3zB1Utu7Wi2QFZBYFfAAxc3J3X9xa96e1DcDZ74fcn+kTCqE4eztxoELm
XsoJ3U4wzVUL6YrrOpq+/DlcSiSAu5eiVx7aSxjVFB+z0jmW1CJeoKWKJr97u/tG
rFBok3iahaOFQe+mnUeRSF58hqqmIE2JIPWjq7e05AMiOyYI4eIsiApYu5wM1Mj6
mcTzX9Z1GsvuEVUBOrc/p0oVUM+Zlz4iF9zSxHlWljkcoe1CQB4MARCRELuibkef
oQ9XS7MFNcJkHpb2DqpjdA5DhlOqTfnMC3qlMi6Q7fBq1iYAnu4=
=sXfu
-----END PGP SIGNATURE-----
More information about the Hirsute-changes
mailing list