Hi! On Thu, Dec 15, 2016 at 08:04:05PM +0530, Ritesh Raj Sarraf wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Control: tag -1 +pending > Control: fixed -1 2.20.4-1 > > Hello Salvatore, > > Thank you very much for the bug report. > > On Thu, 2016-12-15 at 06:49 +0100, Salvatore Bonaccorso wrote: > > Source: apport > > Version: 2.16.2-1 > > Severity: grave > > Tags: security upstream patch > > Justification: user security hole > > > > I am just curious how you came up with that version because it is quite old. > apport is only available through Experimental and its current version in > experimental is: 2.20.3-1
Because that was the oldest still affected version, which seem present in experimental (not checked further), as as well per https://www.ubuntu.com/usn/usn-3157-1/ as well back to older 2.x versions. Thanks a lot for your quick action, I have updated the security-tracker with the fixed version. > Thanks. Upstream has mentioned that all vulnerabilities are fixed in version > 2.20.4, for which I've made an upload. It should clear ftp-masters queue soon. > > Since this is an experimental only package, is there anywhere else, any action > is required ? No all done! Thanks a lot for your work. Regards, Salvatore
