UbuntuUpdates.org

Package "whoopsie"

Name: whoopsie

Description:

Ubuntu error tracker submission
Latest version: 0.2.62ubuntu0.5
Release: bionic (18.04)
Level: security
Repository: main
Homepage: http://wiki.ubuntu.com/ErrorTracker

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "whoopsie"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "whoopsie" in Bionic

Repository Area Version
base main 0.2.62
updates main 0.2.62ubuntu0.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.2.62ubuntu0.5 2020-08-04 19:07:03 UTC

  whoopsie (0.2.62ubuntu0.5) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
    - lib/bson/*: updated to latest upstream release.
    - CVE-2020-12135
  * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982)
    - src/whoopsie.c, src/tests/test_parse_report.c: properly handle
      GHashTable.
    - CVE-2020-11937
  * SECURITY UPDATE: DoS via large data length (LP: #1882180)
    - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit
      the size of a report file.
    - CVE-2020-15570

 -- Marc Deslauriers <email address hidden> Fri, 24 Jul 2020 08:55:26 -0400
Source diff to previous version
1872560 integer overflow in whoopsie 0.2.69
1881982 DoS vulnerability: cause resource exhaustion
1882180 DoS vulnerability: fail to allocate
CVE-2020-12135 bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() par
CVE-2020-11937 RESERVED
CVE-2020-15570 The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denia

Version: 0.2.62ubuntu0.4 2019-11-05 04:07:11 UTC

  whoopsie (0.2.62ubuntu0.4) bionic-security; urgency=medium

  * SECURITY REGRESSION: segfault when sending crash report (LP: #1830865)
    - use uint32_t instead of size_t and INT32_MAX instead of INT_MAX
      as bson expects variable sizes to be 32 bits long.

 -- Tiago Stürmer Daitx <email address hidden> Mon, 04 Nov 2019 23:33:08 +0000
Source diff to previous version
1830865 Integer overflow in bson_ensure_space (bson.c:613)

Version: 0.2.62ubuntu0.3 2019-10-30 16:06:31 UTC

  whoopsie (0.2.62ubuntu0.3) bionic-security; urgency=medium

  * SECURITY REGRESSION: segfault when sending crash report (LP: #1850608)
    - lib/bson/bson.c: properly initialize value.

 -- Marc Deslauriers <email address hidden> Wed, 30 Oct 2019 09:01:42 -0400
Source diff to previous version

Version: 0.2.62ubuntu0.2 2019-10-30 05:07:06 UTC

  whoopsie (0.2.62ubuntu0.2) bionic-security; urgency=high

  * SECURITY UPDATE: Integer overflow when handling large bson
    objects (LP: #1830865)
    - lib/bson/bson.c, lib/bson/bson.h, src/whoopsie.c: use size_t
      for size instead of int to prevent integer overflows.
    - lib/bson/bson.c: ensure bson objects are not bigger than INT_MAX.
    - CVE-2019-11484

 -- Tiago Stürmer Daitx <email address hidden> Mon, 14 Oct 2019 14:16:56 +0000
Source diff to previous version
1830865 Integer overflow in bson_ensure_space (bson.c:613)
CVE-2019-11484 RESERVED

Version: 0.2.62ubuntu0.1 2019-07-09 01:08:12 UTC

  whoopsie (0.2.62ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflow when handling large crash dumps (LP:
    #1830863)
    - src/whoopsie.c: Don't use signed integer types for lengths to ensure
      large crash dumps do not cause signed integer overflow
    - CVE-2019-11476

 -- Alex Murray <email address hidden> Fri, 5 Jul 2019 14:15:25 +0930
CVE-2019-11476 RESERVED


About   -   Send Feedback to @ubuntu_updates