lp:~ubuntu-core-dev/ubuntu/precise/apport/ubuntu

Created by Martin Pitt on 2011-10-12 and last modified on 2015-05-21
Get this branch:
bzr branch lp:~ubuntu-core-dev/ubuntu/precise/apport/ubuntu
Members of Ubuntu Core Development Team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu Core Development Team
Status:
Development

Recent revisions

2002. By Martin Pitt on 2015-05-13

releasing package apport version 2.0.1-0ubuntu17.9

2001. By Martin Pitt on 2015-05-13

Add test case to ensure that users cannot inject arbitrary core dump file
contents (CVE-2015-1325). This version is not affected, but having the
test will ensure that backported changes don't introduce this
vulnerability. (LP: #1453900)

2000. By Martin Pitt on 2015-05-13

SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
program that is suid root or not readable for the user would create
root-owned core files in the current directory of that program. Creating
specially crafted core files in /etc/logrotate.d or similar could then
lead to arbitrary code execution with root privileges. Now core files do
not get written for these kinds of programs, in accordance with the
intention of core(5).
Thanks to Sander Bos for discovering this issue!
(CVE-2015-1324, LP: #1452239)

1999. By Martin Pitt on 2015-05-08

test_signal_crashes(): Drop hardcoded /tmp/ path in do_crash(),
test_nonwritable_cwd() uses a different dir.

1998. By Martin Pitt on 2015-05-08

releasing package apport version 2.0.1-0ubuntu17.8

1997. By Martin Pitt on 2015-05-08

report.py, add_gdb_info(): Check for truncated core dumps, and set
UnreportableReason and raise an IOError on them. Handle this in
apport-retrace and whoopsie-upload-all to fail properly instead of
silently producing broken Stacktraces. (LP: #1354571)

1996. By Andy Whitcroft on 2014-08-06

releasing package apport version 2.0.1-0ubuntu17.7

1995. By Andy Whitcroft on 2014-08-06

* fix up apport reporting for linux-lts-raring kernels (LP: #1352829)
  - add links for linux-lts-trusty to the package to map those to
    the source_linux.py hooks.

1994. By Andy Whitcroft on 2014-08-06

* SECURITY UPDATE: incorrect permissions on setuid process core dumps
  (LP: #1242435)
  - use correct permissions when writing the core file in data/apport,
    added test to test/test_signal_crashes.py.
  - Thanks to Martin Pitt for the patch!
  - CVE-2013-1067

1993. By Andy Whitcroft on 2013-09-24

releasing version 2.0.1-0ubuntu17.5

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.