** Changed in: tracker (Ubuntu) Importance: Undecided => High ** Changed in: tracker (Ubuntu Yakkety) Importance: Undecided => High
** Changed in: tracker (Ubuntu Xenial) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tracker in Ubuntu. https://bugs.launchpad.net/bugs/1648921 Title: Sandbox the tracker extractor Status in Tracker: Fix Released Status in tracker package in Ubuntu: Fix Released Status in tracker source package in Xenial: New Status in tracker source package in Yakkety: Fix Committed Bug description: * SECURITY UPDATE: extractor now runs in a sandbox confined by libseccomp - extractor's filesystem and network access is limited to being read and local only (LP: #1648921) - No CVE number The tracker developers have recently confined their extractor to attempt to make tracker more resilient to attacks, especially involving flaws in gstreamer parsers. There is no CVE number assigned to this issue. https://lwn.net/Articles/708196/ https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html The gstreamer security fixes are being handled separately. See bug 1619600 To manage notifications about this bug go to: https://bugs.launchpad.net/tracker/+bug/1648921/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
