Security bug fix version 2.12.6 released
Written for Apport by Martin Pitt on 2013-10-25
This release fixes an information disclosure for programs which are setuid root and drop their privileges back to the user later on. In those cases, if you run apport and enable core dump files (with ulimit -c), these core dump files previously were owned by the user; they should be owned by root as the program temporarily ran with root privileges and thus might have internal state which is not accessible to the user. This internal state is exposed in the core dump.
Details, links to the trunk and backported patches etc. are in https:/
