This bug was fixed in the package whoopsie - 0.2.71
---
whoopsie (0.2.71) groovy; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
- lib/bson/*: updated to latest upstream release.
- CVE-2020-12135
* SECURITY UPDATE:
** Tags removed: rls-ff-incoming
** Changed in: whoopsie (Ubuntu Eoan)
Status: Confirmed => Won't Fix
** Changed in: whoopsie (Ubuntu Groovy)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
This bug was fixed in the package whoopsie - 0.2.62ubuntu0.5
---
whoopsie (0.2.62ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
- lib/bson/*: updated to latest upstream release.
- CVE-2020-12135
* SECURITY
This bug was fixed in the package whoopsie - 0.2.69ubuntu0.1
---
whoopsie (0.2.69ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
- lib/bson/*: updated to latest upstream release.
- CVE-2020-12135
* SECURITY
This bug was fixed in the package whoopsie - 0.2.52.5ubuntu0.5
---
whoopsie (0.2.52.5ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
- lib/bson/*: updated to latest upstream release.
- CVE-2020-12135
* SECURITY
** Also affects: whoopsie (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: whoopsie (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: whoopsie (Ubuntu Groovy)
Importance: High
Assignee: Marc Deslauriers (mdeslaur)
Status:
https://github.com/sungjungk/apport-vuln
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
integer overflow in whoopsie 0.2.69
Status in whoopsie package in
** Changed in: whoopsie (Ubuntu)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: whoopsie (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in
** Changed in: whoopsie (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
integer overflow in whoopsie 0.2.69
I am utilizing the 8GB of RAM and pre-compiled version of Ubuntu 18.04.
Could you tell me how much ram do you have in that machine?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
I still can't reproduce this issue.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
integer overflow in whoopsie 0.2.69
Status in whoopsie package in
Sure. This issue is also reproducible with pre-compiled version of
0.2.62ubuntu0.4.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
integer overflow in
Sorry, I meant "Are you able to reproduce the issue with the pre-
compiled version of Whoopsie that comes with it?"
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Thanks for the video, but I still can't reproduce the issue.
What version of Ubuntu are you running in the video?
How much ram do you have in that machine?
Are you able to reproduce the issue with the pre-compiled version of Ubuntu
that comes with it?
--
You received this bug notification
Thank you for your reply.
Please check the following video.
https://youtu.be/pGfOzcgd5CU
It also affects on whoopsie 0.2.69.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
Hi,
What release did you use to reproduce this? I tried reproducing it in
Ubuntu 18.04 LTS, but whoopsie parses the file without segfaulting.
I tried both
$ python -c "print('A' * 0x + ' : ' + 'B')" >
/var/crash/fake.crash
and
$ python -c "print('A' * 0xFFFE + ' : ' + 'B')" >
** Changed in: whoopsie (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
integer overflow in whoopsie 0.2.69
Use CVE-2020-12135.
Thanks
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12135
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
It looks like bson.c in whoopsie was originally taken from here:
https://github.com/10gen-archive/mongo-c-driver-legacy/tree/master/src
The upstream repo has seen a lot of security fixes since the code was
copied, perhaps we should investigate re-syncing it before attempting to
fix it ourselves.
Hi,
Thanks for reporting this issue. We are currently investigating it.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
integer overflow in whoopsie
** Changed in: whoopsie (Ubuntu)
Importance: Undecided => High
** Tags added: rls-ff-incoming
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
integer
** Summary changed:
- heap-based buffer overflow in bson.c
+ integer overflow in whoopsie 0.2.69
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
integer
22 matches
Mail list logo
