lp:~laney/apport/no-yalign
- Get this branch:
- bzr branch lp:~laney/apport/no-yalign
Branch merges
- Martin Pitt (community): Approve
-
Diff: 12 lines (+1/-1)1 file modifiedgtk/apport-gtk.ui (+1/-1)
Recent revisions
- 2967. By Iain Lane
-
Use GtkWidget::valign property instead of GtkMisc::yalign which is deprecated in GTK 3.16
- 2966. By Launchpad Translations on behalf of apport-hackers
-
Launchpad automatic translations update.
- 2965. By Martin Pitt
-
Fix backend_
apt_dpkg. test_install_ packages_ permanent_ sandbox test to restore proxy settings at the right time - 2963. By Martin Pitt
-
* Enable suid_dumpable in the init.d script to also get Apport reports about suid, unreadable, and otherwise protected binaries. These will be "system reports" owned and readable by root only.
- 2962. By Martin Pitt
-
* Fix backend_
apt_dpkg. test_install_ packages_ permanent_ sandbox test to more carefully restore the environment and apt config. - 2960. By Martin Pitt
-
* test/run: Run UI tests under dbus-launch, newer GTK versions require this now.
- 2958. By Martin Pitt
-
SECURITY UPDATE: Fix core dump file injection
When writing a core dump file for a crashed packaged program, don't close and
reopen the .crash report file but just rewind and re-read it. This prevents the
user from modifying the .crash report file while "apport" is running to inject
data and creating crafted core dump files.By itself this is not a vulnerability, but in conjunction with the previous
vulnerability of writing core dump files to arbitrary directories
(CVE-2015-1324) this could be exploited to gain root privileges, by writing a
crafted "core" file to /etc/sudoers.d/, /etc/cron.d, or similar.Thanks to Philip Pettersson for discovering this issue!
CVE-2015-1325
LP: #1453900
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:~apport-hackers/apport/trunk