Apport

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1700573
Comment #12

Comment 12 for bug 1700573

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-07-18:

#12

This bug was fixed in the package apport - 2.20.4-0ubuntu4.5

---------------
apport (2.20.4-0ubuntu4.5) zesty-security; urgency=medium

  * SECURITY UPDATE: code execution through path traversal in
    .crash files (LP: #1700573)
    - apport/report.py, test/test_ui.py: fix traversal issue
      and add a test for that.
    - debian/apport.install, setup.py, xdg-mime/apport.xml: removes
      apport as a file handler for .crash files. Thanks to Brian
      Murray for the patch and Felix Wilhelm for discovering this.
    - CVE-2017-10708

-- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Jul 2017 08:43:27 -0300