[ubuntu/questing-proposed] apport 2.33.0-0ubuntu1 (Accepted)

Benjamin Drung bdrung at ubuntu.com
Fri Jun 6 15:01:16 UTC 2025 

apport (2.33.0-0ubuntu1) questing; urgency=medium

  * New upstream release
    - SECURITY UPDATE: Report file insecure permissions (LP: #2106338)
      + Do not change report group to report owner's primary group.
      + CVE-2025-5467
    - SECURITY UPDATE: Race condition when forwarding core files to containers
      (LP: #2107472)
      + apport: move consistency_checks call further up
      + apport: do not override options.pid
      + apport: open /proc/<pid> as early as possible
      + fileutils: respect proc_pid_fd in get_core_path
      + apport: use opened /proc/<pid> everywhere
      + apport: do consistency check before forwarding crashes
      + apport: require --dump-mode to be specified
      + apport: determine report owner by dump_mode
      + apport: do not forward crash for dump_mode == 2
      + apport: support pidfd (%F) parameter from kernel
      + CVE-2025-5054
    - test: support coreutils rename to gnu-coreutils (LP: #2111595)
    - setuptools/java: use snakecase for option name (LP: #2111595)
    - apport: look for the exe within the proc root mount (LP: #2112272)
  * Depend on gnu-coreutils for integration/system tests
  * Depend on python3-pytest-cov in addition to python3-pytest
  * Drop patches applied upstream and refresh remaining patches
  * Address some Pyright complaints in ubuntu general hook

Date: Fri, 06 Jun 2025 13:53:15 +0200
Changed-By: Benjamin Drung <bdrung at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.33.0-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 06 Jun 2025 13:53:15 +0200
Source: apport
Built-For-Profiles: noudeb
Architecture: source
Version: 2.33.0-0ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Benjamin Drung <bdrung at ubuntu.com>
Launchpad-Bugs-Fixed: 2106338 2107472 2111595 2112272
Changes:
 apport (2.33.0-0ubuntu1) questing; urgency=medium
 .
   * New upstream release
     - SECURITY UPDATE: Report file insecure permissions (LP: #2106338)
       + Do not change report group to report owner's primary group.
       + CVE-2025-5467
     - SECURITY UPDATE: Race condition when forwarding core files to containers
       (LP: #2107472)
       + apport: move consistency_checks call further up
       + apport: do not override options.pid
       + apport: open /proc/<pid> as early as possible
       + fileutils: respect proc_pid_fd in get_core_path
       + apport: use opened /proc/<pid> everywhere
       + apport: do consistency check before forwarding crashes
       + apport: require --dump-mode to be specified
       + apport: determine report owner by dump_mode
       + apport: do not forward crash for dump_mode == 2
       + apport: support pidfd (%F) parameter from kernel
       + CVE-2025-5054
     - test: support coreutils rename to gnu-coreutils (LP: #2111595)
     - setuptools/java: use snakecase for option name (LP: #2111595)
     - apport: look for the exe within the proc root mount (LP: #2112272)
   * Depend on gnu-coreutils for integration/system tests
   * Depend on python3-pytest-cov in addition to python3-pytest
   * Drop patches applied upstream and refresh remaining patches
   * Address some Pyright complaints in ubuntu general hook
Checksums-Sha1:
 0faf620a330c666389274d0c82be41aab425884e 3709 apport_2.33.0-0ubuntu1.dsc
 65e9ae69cc892b497ff689f18b676be71895b126 688744 apport_2.33.0.orig.tar.xz
 376fecf7d16e8c025b3323e0021219e37db494bd 833 apport_2.33.0.orig.tar.xz.asc
 9e6039db59b4fcff679dea443fe9832fa7eddc72 150036 apport_2.33.0-0ubuntu1.debian.tar.xz
 4edfaa9141f6ab70ee7e37b30b958d7da502a3a1 10038 apport_2.33.0-0ubuntu1_source.buildinfo
Checksums-Sha256:
 28b3c32b80d79b04d37041361302f12ef596cc9216dcc3b8fbdfa74f34d187f9 3709 apport_2.33.0-0ubuntu1.dsc
 649a3300bc819f18d459764a5b16a26c695ec2e475ce3ae23074f81d8334461f 688744 apport_2.33.0.orig.tar.xz
 2b1829cb5e407ea6f8f1755c0df6579b0053178b2d7c11c61f288786ca4b9a7d 833 apport_2.33.0.orig.tar.xz.asc
 2303f49620ca84a9d736e2889234f12c53804de389425925ea2a5f8af5c4ceaa 150036 apport_2.33.0-0ubuntu1.debian.tar.xz
 8ac11f960b907f4e1fd54dffb772e5698ac029a8be96525082a906aff1a57f72 10038 apport_2.33.0-0ubuntu1_source.buildinfo
Files:
 5b465ce0779bf1c8f34e214f1a3b39bb 3709 utils optional apport_2.33.0-0ubuntu1.dsc
 c087a1a3f1ef3557057d2e5c624d1cae 688744 utils optional apport_2.33.0.orig.tar.xz
 d68debf40db048ba36cc8a4e74abef0d 833 utils optional apport_2.33.0.orig.tar.xz.asc
 9151923a9ca874b6fee599bbfd38809d 150036 utils optional apport_2.33.0-0ubuntu1.debian.tar.xz
 53e71f93d9f7a13b8773b1271d90a55a 10038 utils optional apport_2.33.0-0ubuntu1_source.buildinfo

More information about the Questing-changes mailing list