Apport 2.19

Milestone information

Project:
Apport
Series:
trunk
Version:
2.19
Released:
2015-09-24  
Registrant:
Martin Pitt
Release registered:
2015-09-24
Active:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
No users assigned to blueprints and bugs.
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon apport-2.19.tar.gz (md5, sig) release tarball 49
last downloaded 9 weeks ago
Total downloads: 49

Release notes 

* apport: Drop re-nicing. This might decrease the time a user has to wait for
   apport to finish the core dump for a crashed/hanging foreground process.
   (See LP #1278780)
 * SECURITY FIX: kernel_crashdump: Enforce that the log/dmesg files are not a
   symlink. This prevents normal users from pre-creating a symlink to the
   predictable .crash file, and thus triggering a "fill up disk" DoS attack
   when the .crash report tries to include itself. Thanks to halfdog for
   discovering this!
   (CVE-2015-1338, part of LP #1492570)
 * SECURITY FIX: Fix all writers of report files (package_hook,
   kernel_crashdump, and similar) to open the report file exclusively, i. e.
   fail if they already exist. This prevents privilege escalation through
   symlink attacks. Note that this will also prevent overwriting previous
   reports with the same same. Thanks to halfdog for discovering this!
   (CVE-2015-1338, LP: #1492570)
 * apport: Ignore process restarts from systemd's watchdog. Their traces are
   usually useless as they don't have any information about the actual reasaon
   why processes hang (like VM suspends or kernel lockups with bad hardware)
   (LP: #1433320)
 * Switch all executables to use Python 3 by default.

Changelog 

This release does not have a changelog.

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.