On Friday 25 October 2013 10:12 AM, Martin Pitt wrote: > Package: apport > Severity: important > Version: 2.9-1 > Tags: security patch upstream > > Hey Ritesh, > > I just released 2.21.6. This release fixes an information disclosure > for programs which are setuid root and drop their privileges back to > the user later on. In those cases, if you run apport and enable core > dump files (with ulimit -c), these core dump files previously were > owned by the user; they should be owned by root as the program > temporarily ran with root privileges and thus might have internal > state which is not accessible to the user. This internal state is > exposed in the core dump. > > Details, links to the trunk and backported patches etc. are in > https://launchpad.net/bugs/1242435 . In particular, the fix is > http://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/2723 > but I suppose for experimental you might just want to update to the > 2.21.6 directly? > >
Thanks Martin. Yes. I'll soon prepare a new upload (2.21.6) directly for experimental. -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System
signature.asc
Description: OpenPGP digital signature

