*** This bug is a security vulnerability *** You have been subscribed to a public security bug:
See the bug report https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/1738564 created with ubuntu-bug. Apport includes the file JournalErrors.txt This file includes e.g. the following line. Dez 16 19:11:31 hostname /usr/lib/gdm3/gdm-x-session[9679]: dbus-update-activation-environment: setting [email protected] Normally it would be not problem that gdm-x-session write this to the journal, because the journal is not intended to be published on the internet. Setting confidential informations via environment is maybe not the best idea, but a legal procedure and for `mpc` the only way to set this information. IMHO the apport utility is here the problem, because it includes the file with risky information to a public visible bug report. Note: I manually delete the attachment in the mentioned bug report. But how can I sure that a web crawlser hasn't read/preserved that attachment? ** Affects: apport (Ubuntu) Importance: Undecided Status: New -- apport leaks environment variables (including passwords!) to bug reports https://bugs.launchpad.net/bugs/1738581 You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
