Ritesh: Please package the upcoming 2.17.2 instead, which will disable this feature entirely and thus fix that bug too.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1444518 Title: Insecure /proc/net/unix parsing Status in Apport crash detection/reporting: Fix Committed Status in apport package in Ubuntu: In Progress Status in apport source package in Trusty: Fix Released Status in apport source package in Utopic: Fix Released Status in apport source package in Vivid: In Progress Bug description: The fix in USN-2569-1 introduced a vulnerability when parsing /proc/net/unix. There is a known issue in the kernel where newlines aren't being escaped properly: http://www.spinics.net/lists/netdev/msg320556.html Resulting in Tavis Ormandy finding a new issue: http://www.openwall.com/lists/oss-security/2015/04/14/18 To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1444518/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
