[ubuntu/lucid-security] update-manager_0.134.11.1_i386_translations.tar.gz, update-manager, update-manager_0.134.11.1_powerpc_translations.tar.gz, dist-upgrader_0.134.11.1_all.tar.gz, update-manager_0.134.11.1_sparc_translations.tar.gz, update-manager_0.134.11.1_armel_translations.tar.gz, update-manager_0.134.11.1_amd64_translations.tar.gz, update-manager_0.134.11.1_ia64_translations.tar.gz 1:0.134.11.1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Nov 28 16:06:31 UTC 2011
update-manager (1:0.134.11.1) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via directory traversal
(LP: #881548)
- UpdateManager/Core/DistUpgradeFetcherCore.py: verify signature before
unpacking the tarball.
- CVE-2011-3152
* SECURITY UPDATE: information leak via insecure temp file (LP: #881541)
- DistUpgrade/DistUpgradeViewKDE.py: use mkstemp instead of mktemp.
- CVE-2011-3154
Date: Wed, 23 Nov 2011 09:31:48 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Michael Vogt <michael.vogt at ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/update-manager/1:0.134.11.1
-------------- next part --------------
Format: 1.8
Date: Wed, 23 Nov 2011 09:31:48 -0500
Source: update-manager
Binary: update-manager-core update-manager update-manager-hildon update-manager-text update-manager-kde auto-upgrade-tester
Architecture: source
Version: 1:0.134.11.1
Distribution: lucid-security
Urgency: low
Maintainer: Michael Vogt <michael.vogt at ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
auto-upgrade-tester - Test release upgrades in a virtual environement
update-manager - GNOME application that manages apt updates
update-manager-core - manage release upgrades
update-manager-hildon - Hildon application that manages apt updates
update-manager-kde - Support modules for Update Notifier KDE
update-manager-text - Text application that manages apt updates
Launchpad-Bugs-Fixed: 881541 881548
Changes:
update-manager (1:0.134.11.1) lucid-security; urgency=low
.
* SECURITY UPDATE: arbitrary code execution via directory traversal
(LP: #881548)
- UpdateManager/Core/DistUpgradeFetcherCore.py: verify signature before
unpacking the tarball.
- CVE-2011-3152
* SECURITY UPDATE: information leak via insecure temp file (LP: #881541)
- DistUpgrade/DistUpgradeViewKDE.py: use mkstemp instead of mktemp.
- CVE-2011-3154
Checksums-Sha1:
9cfb593823446b0f8cba1ecbccbc8c902e3f077c 1855 update-manager_0.134.11.1.dsc
6a155a459a87c2b93c6295524e3bbfbdae9848ed 2728583 update-manager_0.134.11.1.tar.gz
Checksums-Sha256:
5ca2eb3ef6f5798b6bdd8e0e42e2d981cb8217785525b8c8196570ec52c80799 1855 update-manager_0.134.11.1.dsc
6abf3f1d828a6b65acab896dfcd8fee12da3043ef3a282f9bb8d4125ab640ab2 2728583 update-manager_0.134.11.1.tar.gz
Files:
3e58b4dd8a3d45eeff48d7a8dd6ca780 1855 gnome optional update-manager_0.134.11.1.dsc
8e57a5aaf67a24fd61e258777d4d6043 2728583 gnome optional update-manager_0.134.11.1.tar.gz
More information about the Lucid-changes
mailing list