I think package_hook was broken by the following change with the
apport's last upload:
- SECURITY FIX: Fix all writers of report files (package_hook,
kernel_crashdump, and similar) to open the report file exclusively,
i. e. fail if they already exist. This prevents privilege escalation
through symlink attacks. Note that this will also prevent overwriting
previous reports with the same same. Thanks to halfdog for discovering
this! (CVE-2015-1338, LP: #1492570)
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1338
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1500450
Title:
/usr/share/apport/package_hook:FileExistsError:/usr/share/apport/package_hook@64:make_report_file
Status in apport package in Ubuntu:
Confirmed
Bug description:
The Ubuntu Error Tracker has been receiving reports about a problem
regarding apport. This problem was most recently seen with version
2.19-0ubuntu1, the problem page at
https://errors.ubuntu.com/problem/df0a3ad32b9c2a7f173b2959a64b16b7ed139af4
contains more details.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1500450/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
