[Touch-packages] [Bug 1492570] Re: /usr/share/apport/kernel_crashdump accesses files in insecure manner

** Changed in: apport (Ubuntu Precise) Importance: Undecided => High ** Changed in: apport (Ubuntu Trusty) Importance: Undecided => High ** Changed in: apport (Ubuntu Vivid) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1492570] Re: /usr/share/apport/kernel_crashdump accesses files in insecure manner

This bug was fixed in the package apport - 2.19-0ubuntu1 --- apport (2.19-0ubuntu1) wily; urgency=medium * New upstream release: - apport: Drop re-nicing. This might decrease the time a user has to wait for apport to finish the core dump for a crashed/hanging foreground

[Touch-packages] [Bug 1492570] Re: /usr/share/apport/kernel_crashdump accesses files in insecure manner

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1492570 Title: /usr/share/apport/kernel_crashdump

[Touch-packages] [Bug 1492570] Re: /usr/share/apport/kernel_crashdump accesses files in insecure manner

New upstream release that contains the fixes: https://launchpad.net/apport/trunk/2.19 ** Changed in: apport Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu.

[Touch-packages] [Bug 1492570] Re: /usr/share/apport/kernel_crashdump accesses files in insecure manner

** Changed in: apport (Ubuntu Wily) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1492570 Title:

[Touch-packages] [Bug 1492570] Re: /usr/share/apport/kernel_crashdump accesses files in insecure manner

This bug was fixed in the package apport - 2.14.1-0ubuntu3.15 --- apport (2.14.1-0ubuntu3.15) trusty-security; urgency=medium [ Martin Pitt ] * SECURITY FIX: kernel_crashdump: Enforce that the log/dmesg files are not a symlink. This prevents normal users from pre-creating

[Touch-packages] [Bug 1492570] Re: /usr/share/apport/kernel_crashdump accesses files in insecure manner

I pushed the fixes to trunk. Will do a new release and upload to wily after beta freeze. ** Changed in: apport Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu.

[Touch-packages] [Bug 1492570] Re: /usr/share/apport/kernel_crashdump accesses files in insecure manner

** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1492570 Title: /usr/share/apport/kernel_crashdump accesses files in insecure manner Status in Apport: