[ubuntu/natty-security] update-manager_0.150.5.3_i386_translations.tar.gz, update-manager, update-manager_0.150.5.3_powerpc_translations.tar.gz, dist-upgrader_0.150.5.3_all.tar.gz, update-manager_0.150.5.3_armel_translations.tar.gz, update-manager_0.150.5.3_amd64_translations.tar.gz 1:0.150.5.3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu May 17 18:35:05 UTC 2012 

update-manager (1:0.150.5.3) natty-security; urgency=low

  * SECURITY UPDATE: Incorrect permissions on system_state archive may
    expose repo passwords (LP: #954483)
    - DistUpgrade/DistUpgradeMain.py: create file with proper permissions.
    - debian/update-manager-core.postinst: clean up permissions on existing
      files.
    - CVE-2012-0948
  * SECURITY UPDATE: Apport hook may upload system_state archive containing
    repo passwords (LP: #954483)
    - debian/source_update-manager.py: don't upload system_state archives.
    - CVE-2012-0949

Date: Wed, 16 May 2012 15:31:19 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Michael Vogt <michael.vogt at ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/update-manager/1:0.150.5.3
-------------- next part --------------
Format: 1.8
Date: Wed, 16 May 2012 15:31:19 -0400
Source: update-manager
Binary: update-manager-core update-manager update-manager-text update-manager-kde auto-upgrade-tester
Architecture: source
Version: 1:0.150.5.3
Distribution: natty-security
Urgency: low
Maintainer: Michael Vogt <michael.vogt at ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 auto-upgrade-tester - Test release upgrades in a virtual environment
 update-manager - GNOME application that manages apt updates
 update-manager-core - manage release upgrades
 update-manager-kde - Support modules for KPackageKit
 update-manager-text - Text application that manages apt updates
Launchpad-Bugs-Fixed: 954483
Changes: 
 update-manager (1:0.150.5.3) natty-security; urgency=low
 .
   * SECURITY UPDATE: Incorrect permissions on system_state archive may
     expose repo passwords (LP: #954483)
     - DistUpgrade/DistUpgradeMain.py: create file with proper permissions.
     - debian/update-manager-core.postinst: clean up permissions on existing
       files.
     - CVE-2012-0948
   * SECURITY UPDATE: Apport hook may upload system_state archive containing
     repo passwords (LP: #954483)
     - debian/source_update-manager.py: don't upload system_state archives.
     - CVE-2012-0949
Checksums-Sha1: 
 5a89126aaad5c3e84ed7372dcfcc1d77624742b4 1781 update-manager_0.150.5.3.dsc
 28fd59472ea903d0f3309bf860aa6d1e67db0da7 2940895 update-manager_0.150.5.3.tar.gz
Checksums-Sha256: 
 2c7141af326cfe7c48194e9d32c7d5e01dfea8be86ccd72867c63ac964ca4af7 1781 update-manager_0.150.5.3.dsc
 45b11b2d8aaa0e7eacdacaa0c04ef68d4d1ff356ea48618e853380e592590e93 2940895 update-manager_0.150.5.3.tar.gz
Files: 
 0486b09a486ae6b5b379d2d214891df7 1781 gnome optional update-manager_0.150.5.3.dsc
 b2113a675d7a32f56d0c000e668b4ae2 2940895 gnome optional update-manager_0.150.5.3.tar.gz

More information about the Natty-changes mailing list