[ubuntu/impish-proposed] apport 2.20.11-0ubuntu67 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue May 25 19:23:10 UTC 2021
apport (2.20.11-0ubuntu67) impish; urgency=medium
* SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904)
- apport/hookutils.py: don't follow symlinks and make sure the file
isn't a FIFO in read_file().
- test/test_hookutils.py: added symlink tests.
- CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550,
CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554,
CVE-2021-32555
* SECURITY UPDATE: info disclosure via modified config files spoofing
(LP: #1917904)
- backends/packaging-apt-dpkg.py: properly terminate arguments in
get_modified_conffiles.
- CVE-2021-32556
* SECURITY UPDATE: arbitrary file write (LP: #1917904)
- data/whoopsie-upload-all: don't follow symlinks and make sure the
file isn't a FIFO in process_report().
- CVE-2021-32557
Date: Tue, 18 May 2021 09:15:10 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Brian Murray <brian at ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu67
-------------- next part --------------
Format: 1.8
Date: Tue, 18 May 2021 09:15:10 -0400
Source: apport
Built-For-Profiles: noudeb
Architecture: source
Version: 2.20.11-0ubuntu67
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Launchpad-Bugs-Fixed: 1917904
Changes:
apport (2.20.11-0ubuntu67) impish; urgency=medium
.
* SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904)
- apport/hookutils.py: don't follow symlinks and make sure the file
isn't a FIFO in read_file().
- test/test_hookutils.py: added symlink tests.
- CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550,
CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554,
CVE-2021-32555
* SECURITY UPDATE: info disclosure via modified config files spoofing
(LP: #1917904)
- backends/packaging-apt-dpkg.py: properly terminate arguments in
get_modified_conffiles.
- CVE-2021-32556
* SECURITY UPDATE: arbitrary file write (LP: #1917904)
- data/whoopsie-upload-all: don't follow symlinks and make sure the
file isn't a FIFO in process_report().
- CVE-2021-32557
Checksums-Sha1:
07eb8a7b8ebc8693ef20e3631434119d793b3d8a 2621 apport_2.20.11-0ubuntu67.dsc
ec8e23cc78f951b97a22af4b63d3676951f3e495 1403658 apport_2.20.11-0ubuntu67.tar.gz
d616caff156a0e30b892f729cd6d269e635548d6 10130 apport_2.20.11-0ubuntu67_source.buildinfo
Checksums-Sha256:
354e7e8632cd32fbe4e256e4f84d36e85c9f2014a78325e9d9d85b7e8eafc887 2621 apport_2.20.11-0ubuntu67.dsc
54295c52b1d457f7872c8e2df0695855c36a29cab07436ccbe2114ae82a65362 1403658 apport_2.20.11-0ubuntu67.tar.gz
42981c206f305b8f75575b16042d561441a6bc99a69bf7814813f3d7151297e7 10130 apport_2.20.11-0ubuntu67_source.buildinfo
Files:
3e632402593c5452d21b0d285ffccdd1 2621 utils optional apport_2.20.11-0ubuntu67.dsc
61831411b1e9194f3c196205392efdb8 1403658 utils optional apport_2.20.11-0ubuntu67.tar.gz
09f8f621ed4619e83583bd4830e7635e 10130 utils optional apport_2.20.11-0ubuntu67_source.buildinfo
More information about the impish-changes
mailing list