UbuntuUpdates.org

Package "apport-retrace"

Name: apport-retrace

Description:

tools for reprocessing Apport crash reports

Latest version: 2.0.1-0ubuntu17.16
Release: precise (12.04)
Level: updates
Repository: main
Head package: apport
Homepage: https://wiki.ubuntu.com/Apport

Links


Download "apport-retrace"


Other versions of "apport-retrace" in Precise

Repository Area Version
base main 2.0.1-0ubuntu5
security main 2.0.1-0ubuntu17.16

Changelog

Version: 2.0.1-0ubuntu17.16 2021-05-03 15:06:21 UTC

  apport (2.0.1-0ubuntu17.16) precise-security; urgency=medium

  * Disable apport as it is excluded from ESM.

 -- Brian Murray <email address hidden> Fri, 27 Oct 2017 12:22:21 -0700

Source diff to previous version

Version: 2.0.1-0ubuntu17.15 2016-12-15 00:07:31 UTC

  apport (2.0.1-0ubuntu17.15) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: path traversal vulnerability with hooks execution
    - Clean path in apport/report.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806

  [ Steve Beattie ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Only offer restarting the application when processing a
      crash file in /var/crash in apport/ui.py, gtk/apport-gtk,
      and kde/apport-kde. Add testcases to test/test_ui.py,
      test/test_ui_gtk.py, and test_ui_kde.py.
    - No CVE number
    - LP: #1648806

 -- Marc Deslauriers <email address hidden> Mon, 12 Dec 2016 07:34:52 -0500

Source diff to previous version
1648806 Arbitrary code execution through crafted CrashDB or Package/Source fields in .crash files

Version: 2.0.1-0ubuntu17.13 2015-10-27 15:06:22 UTC

  apport (2.0.1-0ubuntu17.13) precise-security; urgency=medium

  * SECURITY FIX: When determining the path of a Python module for a program
    like "python -m module_name", avoid actually importing and running the
    module; this could lead to local root privilege escalation. Thanks to
    Gabriel Campana for discovering this and the fix!
    (CVE-2015-1341, LP: #1507480)

 -- Martin Pitt Thu, 22 Oct 2015 15:50:47 +0200

Source diff to previous version
1507480 Privilege escalation through Python module imports
CVE-2015-1341 RESERVED

Version: 2.0.1-0ubuntu17.11 2015-09-29 21:06:40 UTC

  apport (2.0.1-0ubuntu17.11) precise-proposed; urgency=medium

  * report.py, add_package_info(): Add "[origin: unknown]" tag to
    Package/Dependencies fields for a package whose origin cannot
    be determined. (LP: #1148116)

 -- Brian Murray Thu, 24 Sep 2015 12:48:19 -0700

Source diff to previous version
1148116 not all packages from PPAs have '[origin: ' in Package section

Version: 2.0.1-0ubuntu17.10 2015-09-24 14:06:23 UTC

  apport (2.0.1-0ubuntu17.10) precise-security; urgency=medium

  * SECURITY FIX: kernel_crashdump: Enforce that the log/dmesg files are not a
    symlink.
    This prevents normal users from pre-creating a symlink to the predictable
    .crash file, and thus triggering a "fill up disk" DoS attack when the
    .crash report tries to include itself. Thanks to halfdog for discovering
    this! (CVE-2015-1338, part of LP #1492570)
  * SECURITY FIX: Fix all writers of report files to open the report file
    exclusively.
    Fix package_hook, kernel_crashdump, and similar hooks to fail if the
    report already exists. This prevents privilege escalation through symlink
    attacks. Note that this will also prevent overwriting previous reports
    with the same same. Thanks to halfdog for discovering this!
    (CVE-2015-1338, LP: #1492570)
  * debian/tests/upstream-system: Change directory to /tmp, so that tests
    actually run against the installed package.

 -- Martin Pitt Mon, 21 Sep 2015 11:58:45 +0200

1492570 /usr/share/apport/kernel_crashdump accesses files in insecure manner
CVE-2015-1338 RESERVED



About   -   Send Feedback to @ubuntu_updates