UbuntuUpdates.org

Package "libwhoopsie0"

Name: libwhoopsie0

Description:

Ubuntu error tracker submission - shared library

Latest version: 0.2.69ubuntu0.3
Release: focal (20.04)
Level: security
Repository: main
Head package: whoopsie
Homepage: http://wiki.ubuntu.com/ErrorTracker

Links


Download "libwhoopsie0"


Other versions of "libwhoopsie0" in Focal

Repository Area Version
base main 0.2.69
updates main 0.2.69ubuntu0.3

Changelog

Version: 0.2.69ubuntu0.3 2021-02-18 11:07:09 UTC

  whoopsie (0.2.69ubuntu0.3) focal; urgency=medium

  * src/whoopsie.c: modify server_response() so that it does not incorrectly
    assume that data is null-terminated and actually use the size of the data.
    (LP: #1914481)

 -- Brian Murray <email address hidden> Thu, 04 Feb 2021 18:37:17 -0800

Source diff to previous version
1914481 use the size of the data when determining the server response

Version: 0.2.69ubuntu0.1 2020-08-04 19:07:06 UTC

  whoopsie (0.2.69ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
    - lib/bson/*: updated to latest upstream release.
    - CVE-2020-12135
  * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982)
    - src/whoopsie.c, src/tests/test_parse_report.c: properly handle
      GHashTable.
    - CVE-2020-11937
  * SECURITY UPDATE: DoS via large data length (LP: #1882180)
    - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit
      the size of a report file.
    - CVE-2020-15570

 -- Marc Deslauriers <email address hidden> Fri, 24 Jul 2020 08:55:26 -0400

1872560 integer overflow in whoopsie 0.2.69
1881982 DoS vulnerability: cause resource exhaustion
1882180 DoS vulnerability: fail to allocate
CVE-2020-12135 bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() par
CVE-2020-11937 RESERVED
CVE-2020-15570 The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denia



About   -   Send Feedback to @ubuntu_updates