Changelog
apport (2.21.0-0ubuntu1) kinetic; urgency=medium
* New upstream release.
- data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654,
CVE-2022-28656)
- data/apport, apport/fileutils.py, test/test_fileutils.py: Validate
D-Bus socket location. (CVE-2022-28655)
- apport/fileutils.py, test/test_fileutils.py: Turn off interpolation
in get_config() to prevent DoS attacks. (CVE-2022-28652)
- Switch from chroot to container to validating socket owner.
(CVE-2022-1242, CVE-2022-28657)
- data/apport, etc/init.d/apport: Switch to using non-positional
arguments. Get real UID and GID from the kernel and make sure they
match the process. Also fix executable name space handling in
argument parsing. (CVE-2022-28658, CVE-2021-3899)
- Grab a slice of JournalErrors around the crash time (LP: #1962454)
* Switch to dpkg-source format 3.0 (quilt)
* Run unit and integration tests during package build
* Update autopkgtest (unit/integration and systems tests)
* Switch to debhelper 13
* Let apport depend on sensible-utils for sensible-pager
* Drop ancient X-Python3-Version
* Drop support for pre-cosmic upgrades
* Bump Standards-Version to 4.6.1
* Update debian/copyright
* Point Vcs-* URIs to git
* crashdb.conf: Enable Launchpad crash reports for kinetic
* Add upstream metadata
-- Benjamin Drung <email address hidden> Fri, 10 Jun 2022 11:37:56 +0200
