libreport is vulnerable to information disclosure. Changes made by a user in files that are included in a crash report are discarded when the dump directory’s files are reviewed during crash reporting. This allows remote attackers to obtain confidential information such as host names, IP addresses or command line options.
lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html
rhn.redhat.com/errata/RHSA-2015-2504.html
rhn.redhat.com/errata/RHSA-2015-2505.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
www.securityfocus.com/bid/77685
access.redhat.com/errata/RHSA-2015:2504
access.redhat.com/errata/RHSA-2015:2505
access.redhat.com/security/cve/CVE-2015-5302
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1270903
github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360
rhn.redhat.com/errata/RHSA-2015-2504.html