Apport

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1242435
Comment #22

Comment 22 for bug 1242435

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-10-25:

#22

This bug was fixed in the package apport - 2.12.6-0ubuntu1

---------------
apport (2.12.6-0ubuntu1) trusty; urgency=low

  * New upstream security/bug fix release:
    - SECURITY FIX: For setuid programs which drop their privileges after
      startup, make the report and core dumps owned by root, to avoid possible
      data disclosure. Also, change core dump files to permissions "0600".
      Thanks to Martin Carpenter for discovering this!
      (CVE-2013-1067, LP: #1242435)
    - sandboxutils.needed_runtime_packages(): Create cache directory for
      Contents.gz if missing. (LP: #933199)
    - apt/dpkg: Recognize options in apt sources.list. (LP: #1238620)
  * Move Vcs-Bzr to trusty branch.
-- Martin Pitt <email address hidden> Fri, 25 Oct 2013 06:49:19 +0200