I've assigned CVE-2019-11481 for this issue. (There may be a case for splitting this to two CVEs, one for reading the config with root privileges, and one for reading an unbounded amount of data, but that feels like busywork. We can assign a second one later if we decide it will help address the issue.)
Brian -- is the apport configuration support used anywhere? This bug report was the first I heard of the feature. Do we need to keep it?
Thanks Kev,
I've assigned CVE-2019-11481 for this issue. (There may be a case for splitting this to two CVEs, one for reading the config with root privileges, and one for reading an unbounded amount of data, but that feels like busywork. We can assign a second one later if we decide it will help address the issue.)
Brian -- is the apport configuration support used anywhere? This bug report was the first I heard of the feature. Do we need to keep it?
Thanks