lp:~ubuntu-core-dev/ubuntu/vivid/apport/ubuntu

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

1 recipe using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1370259: apport fails to collect nvram specific information -- attach_root_command_outputs() does not work for binary data	Undecided	Fix Released
Bug #1384358: /usr/share/apport/whoopsie-upload-all:FileNotFoundError:process_report:add_gdb_info:/usr/share/apport/whoopsie-upload-all@161:collect_info:process_report	Medium	Fix Released
Bug #1418262: apport hook to detect wayland sessions	High	Fix Released
Bug #1436328: FFe apport-kde qt5 port	Undecided	Fix Released
Bug #1439784: [apport-kde] apport-collect: Can not import module PyQt5.QtCore	Medium	Fix Released
Bug #1443659: Apport crashes when I try to report a bug on update-manager-kde	Medium	Fix Released
Bug #1452239: root escalation with fs.suid_dumpable=2	Undecided	Fix Released
Bug #1453900: root escalation via race condition	Critical	Fix Released
Bug #1470572: native-origins.d information causes apport to strip origin information from Package	High	Fix Released
Bug #1485787: package_hook does not include package version	High	Fix Released
Bug #1492570: /usr/share/apport/kernel_crashdump accesses files in insecure manner	High	Fix Released
Bug #1500450: /usr/share/apport/package_hook:FileExistsError:/usr/share/apport/package_hook@64:make_report_file	High	Fix Released
Bug #1507480: Privilege escalation through Python module imports	High	Fix Released

Link a bug report

Related blueprints

2436. By Martin Pitt on 2015-10-27

releasing package apport version 2.17.2-0ubuntu1.7

2435. By Martin Pitt on 2015-10-27

SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)

2434. By Martin Pitt on 2015-10-27

test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids
random test failures due to leaking paths from previous test cases.

2433. By Martin Pitt on 2015-10-27

releasing package apport version 2.17.2-0ubuntu1.6

2432. By Martin Pitt on 2015-10-27

Consistently intercept "report file already exists" errors in all writers of
report files (package_hook, kernel_crashdump, and similar) to avoid
unhandled exceptions on those. (LP: #1500450)

2431. By Martin Pitt on 2015-09-21

releasing package apport version 2.17.2-0ubuntu1.5

2430. By Martin Pitt on 2015-09-21

SECURITY FIX: Fix all writers of report files to open the report file
exclusively.
Fix package_hook, kernel_crashdump, and similar hooks to fail if the
report already exists. This prevents privilege escalation through symlink
attacks. Note that this will also prevent overwriting previous reports
with the same same. Thanks to halfdog for discovering this!
(CVE-2015-1338, LP: #1492570)

2429. By Martin Pitt on 2015-09-21

SECURITY FIX: kernel_crashdump: Enforce that the log/dmesg files are not a
symlink.
This prevents normal users from pre-creating a symlink to the predictable
.crash file, and thus triggering a "fill up disk" DoS attack when the
.crash report tries to include itself. Also clean up the code to make this
easier to read: Drop the "vmcore_root" alias, move the vmcore and
vmcore.log cleanup into the "no kdump" section, and replace the buggy
os.walk() loop with a glob to only catch direct timestamp subdirectories
of /var/crash/.
Thanks to halfdog for discovering this!
(CVE-2015-1338, part of LP #1492570)

2428. By Brian Murray on 2015-08-26

Fix the pocket for 2.17.2-0ubuntu1.4

2427. By Brian Murray on 2015-08-26

resolve test failures