Format: 1.8
Date: Mon, 12 Dec 2016 07:27:21 -0500
Source: apport
Binary: apport python-problem-report python3-problem-report python-apport python3-apport apport-retrace apport-valgrind apport-gtk apport-kde dh-apport apport-noui
Architecture: source
Version: 2.14.1-0ubuntu3.23
Distribution: trusty-security
Urgency: medium
Maintainer: Martin Pitt <martin.pitt@ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 apport     - automatically generate crash reports for debugging
 apport-gtk - GTK+ frontend for the apport crash report system
 apport-kde - KDE frontend for the apport crash report system
 apport-noui - tools for automatically reporting Apport crash reports
 apport-retrace - tools for reprocessing Apport crash reports
 apport-valgrind - valgrind wrapper that first downloads debug symbols
 dh-apport  - debhelper extension for the apport crash report system
 python-apport - Python library for Apport crash report handling
 python-problem-report - Python library to handle problem reports
 python3-apport - Python 3 library for Apport crash report handling
 python3-problem-report - Python 3 library to handle problem reports
Launchpad-Bugs-Fixed: 1648806
Changes: 
 apport (2.14.1-0ubuntu3.23) trusty-security; urgency=medium
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: code execution via malicious crash files
     - Use ast.literal_eval in apport/ui.py, added test to test/test_ui.py.
     - No CVE number
     - LP: #1648806
   * SECURITY UPDATE: path traversal vulnerability with hooks execution
     - Clean path in apport/report.py, added test to test/test_ui.py.
     - No CVE number
     - LP: #1648806
 .
   [ Steve Beattie ]
   * SECURITY UPDATE: code execution via malicious crash files
     - Only offer restarting the application when processing a
       crash file in /var/crash in apport/ui.py, gtk/apport-gtk,
       and kde/apport-kde. Add testcases to test/test_ui.py,
       test/test_ui_gtk.py, and test_ui_kde.py.
     - No CVE number
     - LP: #1648806
Checksums-Sha1: 
 caf867d011eb2e9090b261df0670ce4d5e667e22 2826 apport_2.14.1-0ubuntu3.23.dsc
 dcdcf59e6c458566874502a2d767680c49e93ac4 160321 apport_2.14.1-0ubuntu3.23.diff.gz
Checksums-Sha256: 
 5eb42bfcbdd0f83860fe5fbd26460d4e2047f782cd3e0d035c3f24ab27042b62 2826 apport_2.14.1-0ubuntu3.23.dsc
 8bd86b5bc32db86d541b23287b13cd7b95be22e72eb470d31ebaf26a9cabb2d1 160321 apport_2.14.1-0ubuntu3.23.diff.gz
Files: 
 813e60bd5abc2314b8babe32a899bcf8 2826 utils optional apport_2.14.1-0ubuntu3.23.dsc
 015b33939a89bad3bb12a77fa2cee6e5 160321 utils optional apport_2.14.1-0ubuntu3.23.diff.gz