Comment 3 for bug 1700573

Hi Tyler,

thanks for looking into this. However, I disagree with your conclusion.

The attack scenario would be that an attacker tricks a victim into
opening a malicious crash file. On my Ubuntu system apport is the default handler for files ending in ".crash" so a simple click on a malicious email attachment is sufficient. Processing crash files should not lead to malicious code being executed in the same way processing a PDF or JPEG file should not lead to malicious code execution.

I think you actually fixed a very similar bug a couple of months ago and also assigned a CVE to it:
https://bugs.launchpad.net/apport/+bug/1648806