*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Alex Murray (alexmurray):
When I apport-bug certain packages such as firefox for example, it uploads the WifiSyslog.txt file. The WifiSyslog may contain a list of all system connections enumerated in /etc/NetworkManager/system-connections, i.e. all SSIDs the user has ever connected to that are found in the system-connections. This is a serious privacy risk and completely unnecessary information for most bug reports. Should either remove WifiSyslog as a requirement for packages that don't need it (should I report this to https://bugs.launchpad.net/ubuntu/+source/firefox/ ?), or redact information that may contain usernames and SSIDs from the log file. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: apport 2.20.9-0ubuntu7.4 ProcVersionSignature: User Name 4.15.0-38.41-generic 4.15.18 Uname: Linux 4.15.0-38-generic x86_64 ApportLog: ApportVersion: 2.20.9-0ubuntu7.4 Architecture: amd64 CrashReports: 640:1000:117:62475:2018-11-01 19:17:29.982295751 -0400:2018-11-01 19:17:30.982295751 -0400:/var/crash/_usr_bin_gnome-screenshot.1000.crash CurrentDesktop: ubuntu:GNOME Date: Fri Nov 2 11:24:20 2018 EcryptfsInUse: Yes InstallationDate: Installed on 2018-09-12 (50 days ago) InstallationMedia: Ubuntu 16.04.5 LTS "Xenial Xerus" - Release amd64 (20180731) PackageArchitecture: all ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: apport UpgradeStatus: Upgraded to bionic on 2018-09-28 (34 days ago) ** Affects: apport (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic -- apport uploading WifiSyslog to public bug reports is a major privacy risk https://bugs.launchpad.net/bugs/1801383 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
