On Friday 25 October 2013 10:12 AM, Martin Pitt wrote:
> Package: apport
> Severity: important
> Version: 2.9-1
> Tags: security patch upstream
>
> Hey Ritesh,
>
> I just released 2.21.6. This release fixes an information disclosure
> for programs which are setuid root and drop their privileges back to
> the user later on. In those cases, if you run apport and enable core
> dump files (with ulimit -c), these core dump files previously were
> owned by the user; they should be owned by root as the program
> temporarily ran with root privileges and thus might have internal
> state which is not accessible to the user. This internal state is
> exposed in the core dump.
>
> Details, links to the trunk and backported patches etc. are in
> https://launchpad.net/bugs/1242435 . In particular, the fix is
> http://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/2723
> but I suppose for experimental you might just want to update to the
> 2.21.6 directly?
>
>

Thanks Martin. Yes. I'll soon prepare a new upload (2.21.6) directly for
experimental.

-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to