File apport-lp357024.diff of Package apport

From: Martin Pitt <martin.pitt@ubuntu.com>

 etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
 descend into subdirectories of /var/crash/. Doing so might be exploited by
 a symlink attack in an evil fuse file system or a race condition between
 find traversing a huge directory tree, changing an existing subdir into a
 symlink to e. g. /etc/, and finally getting that piped to rm. Thanks to
 Stephane Chazelas for discovering this! (LP: #357024)

---
 debian/apport.cron.daily |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Index: b/debian/apport.cron.daily
===================================================================
--- a/debian/apport.cron.daily
+++ b/debian/apport.cron.daily
@@ -1,5 +1,5 @@
 #!/bin/sh -e
 # clean all crash reports which are older than a week.
 [ -d /var/crash ] || exit 0
-find /var/crash -mindepth 1 -mtime +7 -print0 | xargs -0 rm -f
-find /var/crash -mindepth 1 -empty -print0 | xargs -0 rm -f
+find /var/crash -mindepth 1 -maxdepth 1 \( -type f -o -type l \) -mtime +7 -print0 | xargs -0 rm -f
+find /var/crash -mindepth 1 -maxdepth 1 \( -type f -o -type l \) -empty -print0 | xargs -0 rm -f