Bugzilla – Bug 1155478
VUL-1: CVE-2019-11481: apport: local denial of service via arbitrary user-controlled settings
Last modified: 2020-06-09 19:47:06 UTC
Apport reads the potentially arbitrary user-controlled settings file as the
I am not sure we can do anything about this issue in the given time and effort spent on it. We have in SLE-11 (the only distro where we have apport) apport-0.114-rev1189, whereas upstream (https://launchpad.net/apport) is on 2.20.4 (rev3266).
There is no proper analysis of the issue at https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830862, nor there is anywhere clear indication of the patch which fixes it.
My suggestion is WONTFIX, because fixing this would probably require much more work than we are willing to spent on it.