CVE-2021-32557

It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.

CVE-2021-32556

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.

CVE-2021-25684

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.

CVE-2021-25682

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.

CVE-2021-25683

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.

CVE-2021-3709

Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior ...

CVE-2021-3710

An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior...