Package: apport Severity: important Version: 2.9-1 Tags: security patch upstream
Hey Ritesh, I just released 2.21.6. This release fixes an information disclosure for programs which are setuid root and drop their privileges back to the user later on. In those cases, if you run apport and enable core dump files (with ulimit -c), these core dump files previously were owned by the user; they should be owned by root as the program temporarily ran with root privileges and thus might have internal state which is not accessible to the user. This internal state is exposed in the core dump. Details, links to the trunk and backported patches etc. are in https://launchpad.net/bugs/1242435 . In particular, the fix is http://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/2723 but I suppose for experimental you might just want to update to the 2.21.6 directly? Thanks, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
