UbuntuUpdates.org

Package "libwhoopsie0"

Name: libwhoopsie0

Description:

Ubuntu error tracker submission - shared library

Latest version: 0.2.62ubuntu0.6
Release: bionic (18.04)
Level: updates
Repository: main
Head package: whoopsie
Homepage: http://wiki.ubuntu.com/ErrorTracker

Links


Download "libwhoopsie0"


Other versions of "libwhoopsie0" in Bionic

Repository Area Version
base main 0.2.62
security main 0.2.62ubuntu0.5

Changelog

Version: 0.2.62ubuntu0.6 2020-12-14 21:07:11 UTC

  whoopsie (0.2.62ubuntu0.6) bionic; urgency=medium

  * Attempt to fix double free issue (LP: #1899100)
    - src/whoopsie.c: reject duplicate keys, re-order certain operations.
    - src/tests/data/crash/invalid_key_duplicate,
      src/tests/test_parse_report.c: added test for duplicate keys.

 -- Brian Murray <email address hidden> Wed, 02 Dec 2020 09:35:52 -0800

Source diff to previous version
1899100 whoopsie assert failure: double free or corruption (fasttop)

Version: 0.2.62ubuntu0.5 2020-08-04 20:06:36 UTC

  whoopsie (0.2.62ubuntu0.5) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
    - lib/bson/*: updated to latest upstream release.
    - CVE-2020-12135
  * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982)
    - src/whoopsie.c, src/tests/test_parse_report.c: properly handle
      GHashTable.
    - CVE-2020-11937
  * SECURITY UPDATE: DoS via large data length (LP: #1882180)
    - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit
      the size of a report file.
    - CVE-2020-15570

 -- Marc Deslauriers <email address hidden> Fri, 24 Jul 2020 08:55:26 -0400

Source diff to previous version
1872560 integer overflow in whoopsie 0.2.69
1881982 DoS vulnerability: cause resource exhaustion
1882180 DoS vulnerability: fail to allocate
CVE-2020-12135 bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() par
CVE-2020-11937 RESERVED
CVE-2020-15570 The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denia

Version: 0.2.62ubuntu0.4 2019-11-05 05:07:10 UTC

  whoopsie (0.2.62ubuntu0.4) bionic-security; urgency=medium

  * SECURITY REGRESSION: segfault when sending crash report (LP: #1830865)
    - use uint32_t instead of size_t and INT32_MAX instead of INT_MAX
      as bson expects variable sizes to be 32 bits long.

 -- Tiago Stürmer Daitx <email address hidden> Mon, 04 Nov 2019 23:33:08 +0000

Source diff to previous version
1830865 Integer overflow in bson_ensure_space (bson.c:613)

Version: 0.2.62ubuntu0.3 2019-10-30 16:06:32 UTC

  whoopsie (0.2.62ubuntu0.3) bionic-security; urgency=medium

  * SECURITY REGRESSION: segfault when sending crash report (LP: #1850608)
    - lib/bson/bson.c: properly initialize value.

 -- Marc Deslauriers <email address hidden> Wed, 30 Oct 2019 09:01:42 -0400

Source diff to previous version

Version: 0.2.62ubuntu0.2 2019-10-30 06:06:55 UTC

  whoopsie (0.2.62ubuntu0.2) bionic-security; urgency=high

  * SECURITY UPDATE: Integer overflow when handling large bson
    objects (LP: #1830865)
    - lib/bson/bson.c, lib/bson/bson.h, src/whoopsie.c: use size_t
      for size instead of int to prevent integer overflows.
    - lib/bson/bson.c: ensure bson objects are not bigger than INT_MAX.
    - CVE-2019-11484

 -- Tiago Stürmer Daitx <email address hidden> Mon, 14 Oct 2019 14:16:56 +0000

1830865 Integer overflow in bson_ensure_space (bson.c:613)
CVE-2019-11484 RESERVED



About   -   Send Feedback to @ubuntu_updates