Maik

Name of the Vulnerable Software and Affected Versions: openjdk-lts (affected versions not specified) Description: A issue was found in the `read file()` function in `apport/hookutils.py`, which could follow symbolic links or open FIFOs. This could potentially expose private data to other local users when used by the openjdk-lts package apport hooks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: openjdk-8 (affected versions not specified) Description: A issue was found where the `read file()` function in apport/hookutils.py could follow symbolic links or open FIFOs, potentially exposing private data to other local users when used by the openjdk-8 package apport hooks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: openjdk-13 (affected versions not specified) Description: A issue was found where the `read file()` function in apport/hookutils.py could follow symbolic links or open FIFOs, potentially exposing private data to other local users when used by the openjdk-13 package apport hooks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: openjdk-15 (affected versions not specified) Description: The issue is related to the `read file()` function in `apport/hookutils.py`, which can follow symbolic links or open FIFOs. This could potentially expose private data to other local users when the function is used by the `openjdk-15` package apport hooks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openjdk-16 (affected versions not specified) **Description** The issue is related to the `read file()` function in `apport/hookutils.py`, which can follow symbolic links or open FIFOs. This could potentially expose private data to other local users when the function is used by the `openjdk-16` package apport hooks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openjdk-17 **Description** A issue was found where the `read file()` function in apport/hookutils.py could follow symbolic links or open FIFOs, potentially exposing private data to other local users when used by the openjdk-17 package apport hooks. **Recommendations** For openjdk-17, consider restricting access to the `read file()` function in apport/hookutils.py to prevent potential data exposure until a patch is available.

**Name of the Vulnerable Software and Affected Versions** No specific software or version information is provided. **Description** A issue was found in the get modified conffiles() function, located in backends/packaging-apt-dpkg.py, which allowed the injection of modified package names. This could potentially confuse the dpkg(1) call. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** No specific software or version information is provided. **Description** A security issue was found in the process report() function, which allowed arbitrary file writes via symlinks. This could potentially lead to unauthorized data modification. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.