Package "apport-gtk"

Name:	apport-gtk
Description:	GTK+ frontend for the apport crash report system
Latest version:	2.20.11-0ubuntu27.30
Release:	focal (20.04)
Level:	security
Repository:	main
Head package:	apport
Homepage:	https://wiki.ubuntu.com/Apport

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "apport-gtk"

All arch deb package

APT INSTALL

Other versions of "apport-gtk" in Focal

Repository	Area	Version
base	main	2.20.11-0ubuntu27
updates	main	2.20.11-0ubuntu27.30

Changelog

Version: 2.20.11-0ubuntu27.21 2021-10-25 12:06:23 UTC

Version: 2.20.11-0ubuntu27.21	2021-10-25 12:06:23 UTC
apport (2.20.11-0ubuntu27.21) focal-security; urgency=medium * SECURITY UPDATE: Privilege escalation via core files - refactor privilege dropping and create core files in a well-known directory in apport/fileutils.py, apport/report.py, data/apport, test/test_fileutils.py, test/test_report.py, test/test_signal_crashes.py, test/test_ui.py. - use systemd-tmpfiles to create and manage the well-known core file directory in setup.py, data/systemd/apport.conf, debian/apport.install. -- Marc Deslauriers <email address hidden> Mon, 18 Oct 2021 07:48:31 -0400
Source diff to previous version

apport (2.20.11-0ubuntu27.21) focal-security; urgency=medium * SECURITY UPDATE: Privilege escalation via core files - refactor privilege dropping and create core files in a well-known directory in apport/fileutils.py, apport/report.py, data/apport, test/test_fileutils.py, test/test_report.py, test/test_signal_crashes.py, test/test_ui.py. - use systemd-tmpfiles to create and manage the well-known core file directory in setup.py, data/systemd/apport.conf, debian/apport.install. -- Marc Deslauriers <email address hidden> Mon, 18 Oct 2021 07:48:31 -0400

Source diff to previous version

Version: 2.20.11-0ubuntu27.20 2021-09-14 13:06:20 UTC

apport (2.20.11-0ubuntu27.20) focal-security; urgency=medium * SECURITY UPDATE: Arbitrary file read (LP: #1934308) - data/general-hooks/ubuntu.py: don't attempt to include emacs byte-compilation logs, they haven't been generated by the emacs packages in a long time. - CVE-2021-3709 * SECURITY UPDATE: Info disclosure via path traversal (LP: #1933832) - apport/hookutils.py, test/test_hookutils.py: detect path traversal attacks, and directory symlinks. - CVE-2021-3710 -- Marc Deslauriers <email address hidden> Thu, 26 Aug 2021 10:30:01 -0400

Source diff to previous version

CVE-2021-3709	RESERVED
CVE-2021-3710	RESERVED

Version: 2.20.11-0ubuntu27.18 2021-05-25 18:06:32 UTC

apport (2.20.11-0ubuntu27.18) focal-security; urgency=medium * SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904) - apport/hookutils.py: don't follow symlinks and make sure the file isn't a FIFO in read_file(). - test/test_hookutils.py: added symlink tests. - CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550, CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554, CVE-2021-32555 * SECURITY UPDATE: info disclosure via modified config files spoofing (LP: #1917904) - backends/packaging-apt-dpkg.py: properly terminate arguments in get_modified_conffiles. - CVE-2021-32556 * SECURITY UPDATE: arbitrary file write (LP: #1917904) - data/whoopsie-upload-all: don't follow symlinks and make sure the file isn't a FIFO in process_report(). - CVE-2021-32557 -- Marc Deslauriers <email address hidden> Tue, 18 May 2021 09:15:10 -0400

Source diff to previous version

CVE-2021-32547	RESERVED
CVE-2021-32548	RESERVED
CVE-2021-32549	RESERVED
CVE-2021-32550	RESERVED
CVE-2021-32551	RESERVED
CVE-2021-32552	RESERVED
CVE-2021-32553	RESERVED
CVE-2021-32554	RESERVED
CVE-2021-32555	RESERVED
CVE-2021-32556	RESERVED
CVE-2021-32557	RESERVED

Version: 2.20.11-0ubuntu27.16 2021-02-02 19:06:56 UTC

apport (2.20.11-0ubuntu27.16) focal-security; urgency=medium * SECURITY UPDATE: multiple security issues (LP: #1912326) - CVE-2021-25682: error parsing /proc/pid/status - CVE-2021-25683: error parsing /proc/pid/stat - CVE-2021-25684: stuck reading fifo - data/apport: make sure existing report is a regular file. - apport/fileutils.py: move some logic here to skip over manipulated process names and filenames. - test/test_fileutils.py: added some parsing tests. -- Marc Deslauriers <email address hidden> Tue, 26 Jan 2021 07:21:46 -0500

Source diff to previous version

CVE-2021-25682	RESERVED
CVE-2021-25683	RESERVED
CVE-2021-25684	RESERVED

Version: 2.20.11-0ubuntu27.12 2020-11-12 16:07:42 UTC

apport (2.20.11-0ubuntu27.12) focal-security; urgency=medium * Various security hardening fixes (LP: #1903332) - apport/fileutils.py: drop privileges in the correct order, limit settings file size. - apport/apport/report.py: properly drop privileges, limit ignore file size. - data/apport: drop supplemental groups. -- Marc Deslauriers <email address hidden> Tue, 10 Nov 2020 15:03:57 -0500

1903332

Apport get_config incorrectly drops privileges

About - Send Feedback to @ubuntu_updates

Package "apport-gtk"

Links

Download "apport-gtk"

Other versions of "apport-gtk" in Focal

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates