Ubuntu
ebox package

Bug reporting in eBox discloses too much information

Bug #219343 reported by Isaac Clerencia on 2008-04-18

260

Affects		Status	Importance	Assigned to	Milestone
	ebox (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

When a crash occurs in eBox, the user is given the option to submit a bug report.

This generates a bundle including logs from the machine and other sensitive
information, like RIP passwords, CA passwords, ...

This is only useful for debugging purposes and until there is a way to completely
anonimize the bug report bundle, it should be disabled.

Related branches

lp:ubuntu/karmic/ebox

lp:ubuntu/lucid/libebox

Revision history for this message

Javier Uruen Val (juruen) wrote on 2008-04-18:

It's really dangerous if people post the bug report in public web sites such as launchpad. So I strongly recommend to disable that feature.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-04-21:

This bug was fixed in the package ebox - 0.11.99-0ubuntu11

---------------
ebox (0.11.99-0ubuntu11) hardy; urgency=low

  * debian/patches/15_disable_bug_report.dpatch
    - Dont disclose bug information in bug reports. It might contain
      sensitive information. (LP: #219343)

-- Chuck Short <email address hidden> Mon, 21 Apr 2008 08:17:21 -0400

Changed in ebox:
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuebox package