Source: apport Version: 2.16.2-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://launchpad.net/bugs/1700573
Hi, the following vulnerability was published for apport. CVE-2017-10708[0]: | An issue was discovered in Apport through 2.20.x. In apport/report.py, | Apport sets the ExecutablePath field and it then uses the path to run | package specific hooks without protecting against path traversal. This | allows remote attackers to execute arbitrary code via a crafted .crash | file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10708 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10708 Please adjust the affected versions in the BTS as needed. Regards, Salvatore