On Fri, May 25, 2012 at 01:47:26PM -0000, Marc Deslauriers wrote:
> Michael,
Hi,
> Do you have an idea of the best way to fix this?
Urgh, nasty! Here is a potential fix:
=== modified file 'DistUpgrade/DistUpgradeApport.py'
--- DistUpgrade/DistUpgradeApport.py 2011-08-29 17:11:26 +0000
+++ DistUpgrade/DistUpgradeApport.py 2012-05-25 14:13:17 +0000
@@ -27,6 +27,9 @@
f = os.path.join("/var/log/dist-upgrade",fname)
if not os.path.isfile(f) or os.path.getsize(f) == 0: continue
+ # never include system-state data
+ if "system_state" in f:
+ continue report[f.replace(".","").replace("-","")] = (open(f), ) report.add_to_existing('/var/crash/_usr_bin_update-manager.0.crash')
return True
But let me actually sit down and write a test case before it gets
commited.
Cheers,
Michael
> Thanks!
>
> ** Changed in: update-manager (Ubuntu Natty)
> Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
>
> ** Changed in: update-manager (Ubuntu Oneiric)
> Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
>
> ** Changed in: update-manager (Ubuntu Precise)
> Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
>
> ** Changed in: update-manager (Ubuntu Natty)
> Importance: Undecided => High
>
> ** Changed in: update-manager (Ubuntu Oneiric)
> Importance: Undecided => High
>
> ** Changed in: update-manager (Ubuntu Precise)
> Importance: Undecided => High
>
> ** Changed in: update-manager (Ubuntu Quantal)
> Importance: Undecided => High
>
> ** Changed in: update-manager (Ubuntu Quantal)
> Assignee: (unassigned) => Michael Vogt (mvo)
>
> ** Changed in: update-manager (Ubuntu Natty)
> Status: New => Confirmed
>
> ** Changed in: update-manager (Ubuntu Oneiric)
> Status: New => Confirmed
>
> ** Changed in: update-manager (Ubuntu Precise)
> Status: New => Confirmed
>
> ** Changed in: update-manager (Ubuntu Quantal)
> Status: New => Confirmed
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1004503
>
> Title:
> Incomplete fix for CVE-2012-0949
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1004503/+subscriptions
On Fri, May 25, 2012 at 01:47:26PM -0000, Marc Deslauriers wrote:
> Michael,
Hi,
> Do you have an idea of the best way to fix this?
Urgh, nasty! Here is a potential fix: DistUpgradeAppo rt.py' DistUpgradeAppo rt.py 2011-08-29 17:11:26 +0000 DistUpgradeAppo rt.py 2012-05-25 14:13:17 +0000 join("/ var/log/ dist-upgrade" ,fname)
continue
report[ f.replace( ".","") .replace( "-","") ] = (open(f), )
report. add_to_ existing( '/var/crash/ _usr_bin_ update- manager. 0.crash' )
=== modified file 'DistUpgrade/
--- DistUpgrade/
+++ DistUpgrade/
@@ -27,6 +27,9 @@
f = os.path.
if not os.path.isfile(f) or os.path.getsize(f) == 0:
+ # never include system-state data
+ if "system_state" in f:
+ continue
return True
But let me actually sit down and write a test case before it gets
commited.
Cheers,
Michael
> Thanks! /bugs.launchpad .net/bugs/ 1004503 /bugs.launchpad .net/ubuntu/ +source/ update- manager/ +bug/1004503/ +subscriptions
>
> ** Changed in: update-manager (Ubuntu Natty)
> Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
>
> ** Changed in: update-manager (Ubuntu Oneiric)
> Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
>
> ** Changed in: update-manager (Ubuntu Precise)
> Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
>
> ** Changed in: update-manager (Ubuntu Natty)
> Importance: Undecided => High
>
> ** Changed in: update-manager (Ubuntu Oneiric)
> Importance: Undecided => High
>
> ** Changed in: update-manager (Ubuntu Precise)
> Importance: Undecided => High
>
> ** Changed in: update-manager (Ubuntu Quantal)
> Importance: Undecided => High
>
> ** Changed in: update-manager (Ubuntu Quantal)
> Assignee: (unassigned) => Michael Vogt (mvo)
>
> ** Changed in: update-manager (Ubuntu Natty)
> Status: New => Confirmed
>
> ** Changed in: update-manager (Ubuntu Oneiric)
> Status: New => Confirmed
>
> ** Changed in: update-manager (Ubuntu Precise)
> Status: New => Confirmed
>
> ** Changed in: update-manager (Ubuntu Quantal)
> Status: New => Confirmed
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Incomplete fix for CVE-2012-0949
>
> To manage notifications about this bug go to:
> https:/