UbuntuUpdates.org

Package "libwhoopsie0"

Name: libwhoopsie0

Description:

Ubuntu error tracker submission - shared library

Latest version: 0.2.52.5ubuntu0.5
Release: xenial (16.04)
Level: security
Repository: main
Head package: whoopsie
Homepage: http://wiki.ubuntu.com/ErrorTracker

Links


Download "libwhoopsie0"


Other versions of "libwhoopsie0" in Xenial

Repository Area Version
base main 0.2.52
updates main 0.2.52.5ubuntu0.5

Changelog

Version: 0.2.52.5ubuntu0.5 2020-08-04 19:07:00 UTC

  whoopsie (0.2.52.5ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
    - lib/bson/*: updated to latest upstream release.
    - CVE-2020-12135
  * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982)
    - src/whoopsie.c, src/tests/test_parse_report.c: properly handle
      GHashTable.
    - CVE-2020-11937
  * SECURITY UPDATE: DoS via large data length (LP: #1882180)
    - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit
      the size of a report file.
    - CVE-2020-15570

 -- Marc Deslauriers <email address hidden> Fri, 24 Jul 2020 08:55:26 -0400

Source diff to previous version
1872560 integer overflow in whoopsie 0.2.69
1881982 DoS vulnerability: cause resource exhaustion
1882180 DoS vulnerability: fail to allocate
CVE-2020-12135 bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() par
CVE-2020-11937 RESERVED
CVE-2020-15570 The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denia

Version: 0.2.52.5ubuntu0.4 2019-11-05 04:07:09 UTC

  whoopsie (0.2.52.5ubuntu0.4) xenial-security; urgency=medium

  * SECURITY REGRESSION: segfault when sending crash report (LP: #1830865)
    - use uint32_t instead of size_t and INT32_MAX instead of INT_MAX
      as bson expects variable sizes to be 32 bits long.

 -- Tiago Stürmer Daitx <email address hidden> Mon, 04 Nov 2019 23:33:08 +0000

Source diff to previous version
1830865 Integer overflow in bson_ensure_space (bson.c:613)

Version: 0.2.52.5ubuntu0.3 2019-10-30 16:06:28 UTC

  whoopsie (0.2.52.5ubuntu0.3) xenial-security; urgency=medium

  * SECURITY REGRESSION: segfault when sending crash report (LP: #1850608)
    - lib/bson/bson.c: properly initialize value.

 -- Marc Deslauriers <email address hidden> Wed, 30 Oct 2019 09:03:35 -0400

Source diff to previous version

Version: 0.2.52.5ubuntu0.2 2019-10-30 05:07:05 UTC

  whoopsie (0.2.52.5ubuntu0.2) xenial-security; urgency=high

  * SECURITY UPDATE: Integer overflow when handling large bson
    objects (LP: #1830865)
    - lib/bson/bson.c, lib/bson/bson.h, src/whoopsie.c: use size_t
      for size instead of int to prevent integer overflows.
    - lib/bson/bson.c: ensure bson objects are not bigger than INT_MAX.
    - CVE-2019-11484

 -- Tiago Stürmer Daitx <email address hidden> Mon, 14 Oct 2019 14:17:30 +0000

Source diff to previous version
1830865 Integer overflow in bson_ensure_space (bson.c:613)
CVE-2019-11484 RESERVED

Version: 0.2.52.5ubuntu0.1 2019-07-09 01:08:04 UTC

  whoopsie (0.2.52.5ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow when handling large crash dumps (LP:
    #1830863)
    - src/whoopsie.c: Don't use signed integer types for lengths to ensure
      large crash dumps do not cause signed integer overflow
    - CVE-2019-11476

 -- Alex Murray <email address hidden> Fri, 5 Jul 2019 14:15:25 +0930

CVE-2019-11476 RESERVED



About   -   Send Feedback to @ubuntu_updates