The fixes have been released and the CVE has been made public:
*
https://blog.qualys.com/vulnerabilities-threat-research/2025/05/29/qualys-tru-discovers-two-local-information-disclosure-vulnerabilities-in-apport-and-systemd-coredump-cve-2025-5054-and-cve-2025-4598
* https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt
** Summary changed:
- Three bypasses
+ Local information disclosure in apport (Three bypasses)
** Information type changed from Private Security to Public Security
** Also affects: apport
Importance: Undecided
Status: New
** Changed in: apport
Milestone: None => 2.33.0
** Changed in: apport (Ubuntu)
Status: Triaged => Fix Released
** Changed in: apport
Importance: Undecided => High
** Changed in: apport
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2107472
Title:
Local information disclosure in apport (Three bypasses)
To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/2107472/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
