CVE-2012-0949

Priority
Medium
Description
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and
11.04 uploads certain system state archive files when reporting bugs to
Launchpad, which allows remote attackers to read repository credentials by
viewing a public bug report.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):released (1:0.150.5.3)
Ubuntu 11.10 (Oneiric Ocelot):released (1:0.152.25.11)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:0.156.14.4)
Ubuntu 12.10 (Quantal Quetzal):not-affected (1:0.170)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-09-04 14:14:24 UTC (commit 5702)