It was discovered that process_crash() in data/apport in Canonicals Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
The product assigns an owner to a resource, but the owner is outside of the intended control sphere.