PublicDateAtUSN: 2013-10-24
Candidate: CVE-2013-1067
PublicDate: 2013-10-25 23:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1067
 https://ubuntu.com/security/notices/USN-2007-1
Description:
 Apport 2.12.5 and earlier uses weak permissions for core dump files created
 by setuid binaries, which allows local users to obtain sensitive
 information by reading the file.
Ubuntu-Description: 
Notes: 
 mdeslaur> apport on lucid is disabled now, and desktop is out of support
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1242435
Priority: medium
Discovered-by: Martin Carpenter
Assigned-to: 
CVSS: 

Patches_apport:
upstream_apport: needs-triage
lucid_apport: ignored
precise_apport: released (2.0.1-0ubuntu17.6)
quantal_apport: released (2.6.1-0ubuntu13)
raring_apport: released (2.9.2-0ubuntu8.5)
saucy_apport: released (2.12.5-0ubuntu2.1)
devel_apport: released (2.12.6-0ubuntu1)