@Benjamin: Argh, I had to uncommit/recommit these three as the CVE
numbers came in at the last minute, and apparently got the commit
messages the wrong way around (meh @ not having rebase in bzr..) I did
some surgery on the branch and the commit messages are correct now.
When I created the fixes
@benjaoming Looks like commit notes mixed up between 3114 and 3112.
The eval fix (CVE-2016-9949) is in 3112:
https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3112/
The patch in 3114 fixes CVE-2016-9951 (Relaunch code execution).
--
You received this bug notification because
Question:
The release notes state: "Use ast.literal_eval() instead of the generic
eval(), to prevent arbitrary code execution from malicious .crash files"
The change should be in ui.py in this revision:
http://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3114
Just to be clear:
This bug was fixed in the package apport - 2.20.4-0ubuntu1
---
apport (2.20.4-0ubuntu1) zesty; urgency=medium
* New upstream release:
- SECURITY FIX: Restrict a report's CrashDB field to literals.
Use ast.literal_eval() instead of the generic eval(), to prevent
The attachment "proposed fix for CrashDB code execution" seems to be a
patch. If it isn't, please remove the "patch" flag from the attachment,
remove the "patch" tag, and if you are a member of the ~ubuntu-
reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1648806
Title:
Arbitrary code execution through crafted CrashDB or Package/Source
fields in .crash
This bug was fixed in the package apport - 2.20.3-0ubuntu8.2
---
apport (2.20.3-0ubuntu8.2) yakkety-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: code execution via malicious crash files
- Use ast.literal_eval in apport/ui.py, added test to test/test_ui.py.
This bug was fixed in the package apport - 2.14.1-0ubuntu3.23
---
apport (2.14.1-0ubuntu3.23) trusty-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: code execution via malicious crash files
- Use ast.literal_eval in apport/ui.py, added test to
** Branch linked: lp:apport
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1648806
Title:
Arbitrary code execution through crafted CrashDB or Package/Source
fields in
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1648806
Title:
Arbitrary code execution through crafted
New upstream release with the fixes:
https://launchpad.net/apport/trunk/2.20.4
Note that Brian committed some changes to trunk in the last 1.5 hours,
so we had some mid-air collection. I force-pushed trunk and will put
back his commits on top.
** Changed in: apport
Status: In Progress =>
11 matches
Mail list logo
