UbuntuUpdates.org

Package "apport"

Name: apport

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • KDE frontend for the apport crash report system
  • tools for automatically reporting Apport crash reports
  • valgrind wrapper that first downloads debug symbols
  • debhelper extension for the apport crash report system
Latest version: 2.20.11-0ubuntu71.2
Release: impish (21.10)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "apport" in Impish

Repository Area Version
base main 2.20.11-0ubuntu70
base universe 2.20.11-0ubuntu70
security universe 2.20.11-0ubuntu71.2
security main 2.20.11-0ubuntu71.2
updates main 2.20.11-0ubuntu71.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.20.11-0ubuntu71.2 2022-05-17 19:06:31 UTC

  apport (2.20.11-0ubuntu71.2) impish-security; urgency=medium

  * SECURITY UPDATE: Fix multiple security issues
    - test/test_report.py: Fix flaky test.
    - data/apport: Fix too many arguments for error_log().
    - data/apport: Use proper argument variable name executable_path.
    - etc/init.d/apport: Set core_pipe_limit to a non-zero value to make
      sure the kernel waits for apport to finish before removing the /proc
      information.
    - apport/fileutils.py, data/apport: Search for executable name if one
      wan't provided such as when being called in a container.
    - data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654,
      CVE-2022-28656)
    - data/apport, apport/fileutils.py, test/test_fileutils.py: Validate
      D-Bus socket location. (CVE-2022-28655)
    - apport/fileutils.py, test/test_fileutils.py: Turn off interpolation
      in get_config() to prevent DoS attacks. (CVE-2022-28652)
    - Refactor duplicate code into search_map() function.
    - Switch from chroot to container to validating socket owner.
      (CVE-2022-1242, CVE-2022-28657)
    - data/apport: Clarify error message.
    - apport/fileutils.py: Fix typo in comment.
    - apport/fileutils.py: Do not call str in loop.
    - data/apport, etc/init.d/apport: Switch to using non-positional
      arguments. Get real UID and GID from the kernel and make sure they
      match the process. Also fix executable name space handling in
      argument parsing. (CVE-2022-28658, CVE-2021-3899)

 -- Marc Deslauriers <email address hidden> Tue, 10 May 2022 09:23:35 -0400
Source diff to previous version
CVE-2022-28654 RESERVED
CVE-2022-28656 RESERVED
CVE-2022-28655 RESERVED
CVE-2022-28652 RESERVED
CVE-2022-1242 RESERVED
CVE-2022-28657 RESERVED
CVE-2022-28658 RESERVED
CVE-2021-3899 RESERVED

Version: 2.20.11-0ubuntu71.1 2022-03-30 15:06:23 UTC

  apport (2.20.11-0ubuntu71.1) impish; urgency=medium

  * apport/ui.py: Error out when -w option is used on wayland (LP: #1952947).

 -- Nick Rosbrook <email address hidden> Wed, 16 Feb 2022 12:16:27 -0500
Source diff to previous version
1952947 ubuntu-bug -w (using xprop) doesn't work under wayland

Version: 2.20.11-0ubuntu71 2021-10-25 12:06:27 UTC

  apport (2.20.11-0ubuntu71) impish-security; urgency=medium

  * SECURITY UPDATE: Privilege escalation via core files
    - refactor privilege dropping and create core files in a well-known
      directory in apport/fileutils.py, apport/report.py, data/apport,
      test/test_fileutils.py, test/test_report.py,
      test/test_signal_crashes.py, test/test_ui.py.
    - use systemd-tmpfiles to create and manage the well-known core file
      directory in setup.py, data/systemd/apport.conf,
      debian/apport.install.

 -- Marc Deslauriers <email address hidden> Mon, 18 Oct 2021 07:48:31 -0400


About   -   Send Feedback to @ubuntu_updates