Ubuntu
whoopsie package

Change logs for whoopsie source package in Focal

  1. Focal (20.04)
  2. Change log 
  • whoopsie (0.2.69ubuntu0.3) focal; urgency=medium

  * src/whoopsie.c: modify server_response() so that it does not incorrectly
    assume that data is null-terminated and actually use the size of the data.
    (LP: #1914481)

 -- Brian Murray <email address hidden>  Thu, 04 Feb 2021 18:37:17 -0800
  • whoopsie (0.2.69ubuntu0.2) focal; urgency=medium

  * Attempt to fix double free issue (LP: #1899100)
    - src/whoopsie.c: reject duplicate keys, re-order certain operations.
    - src/tests/data/crash/invalid_key_duplicate,
      src/tests/test_parse_report.c: added test for duplicate keys.

 -- Brian Murray <email address hidden>  Wed, 02 Dec 2020 09:29:08 -0800
  • whoopsie (0.2.69ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
    - lib/bson/*: updated to latest upstream release.
    - CVE-2020-12135
  * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982)
    - src/whoopsie.c, src/tests/test_parse_report.c: properly handle
      GHashTable.
    - CVE-2020-11937
  * SECURITY UPDATE: DoS via large data length (LP: #1882180)
    - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit
      the size of a report file.
    - CVE-2020-15570

 -- Marc Deslauriers <email address hidden>  Fri, 24 Jul 2020 08:55:26 -0400
  • whoopsie (0.2.69) focal; urgency=medium

  * SECURITY REGRESSION: segfault when sending crash report (LP: #1850608)
    - use uint32_t instead of size_t and INT32_MAX instead of INT_MAX
      as bson expects variable sizes to be 32 bits long.

 -- Tiago Stürmer Daitx <email address hidden>  Mon, 04 Nov 2019 23:33:08 +0000
  • whoopsie (0.2.68) focal; urgency=medium

  * lib/bson/bson.c: properly initialize bson_size variable.

 -- Tiago Stürmer Daitx <email address hidden>  Wed, 30 Oct 2019 13:36:27 +0000
  • whoopsie (0.2.67) focal; urgency=medium

  * SECURITY UPDATE: Integer overflow when handling large bson
    objects (LP: #1830865)
    - lib/bson/bson.c, lib/bson/bson.h, src/whoopsie.c: use size_t
      for size instead of int to prevent integer overflows.
    - lib/bson/bson.c: ensure bson objects are not bigger than INT_MAX.
    - CVE-2019-11484
  * src/whoopsie.c: prevent freeing a NULL server response string.

 -- Tiago Stürmer Daitx <email address hidden>  Wed, 30 Oct 2019 04:35:24 +0000
  • whoopsie (0.2.66) eoan; urgency=medium

  * Use GLIb's appendable string class GString instead of hand crafting
    strings. Thanks to Iain Lane for the changes.

 -- Brian Murray <email address hidden>  Mon, 15 Jul 2019 16:35:09 -0700