CVE-2012-0950 Information

Description

The Apport hook (DistUpgradeApport.py) in Update Manager as used by Ubuntu 12.04 LTS 11.10 and 11.04 uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.

Reference

http://www.ubuntu.com/usn/USN-1443-2 https://bugs.launchpad.net/ubuntu/2Bsource/update-manager/2Bbug/1004503