[ubuntu/oneiric-security] dist-upgrader_0.152.25.11_all.tar.gz, update-manager, update-manager_0.152.25.11_i386_translations.tar.gz, update-manager_0.152.25.11_armel_translations.tar.gz, update-manager_0.152.25.11_powerpc_translations.tar.gz, update-manager_0.152.25.11_amd64_translations.tar.gz 1:0.152.25.11 (Accepted)

Thu May 17 18:34:35 UTC 2012

update-manager (1:0.152.25.11) oneiric-security; urgency=low

  * SECURITY UPDATE: Incorrect permissions on system_state archive may
    expose repo passwords (LP: #954483)
    - DistUpgrade/DistUpgradeMain.py: create file with proper permissions.
    - debian/update-manager-core.postinst: clean up permissions on existing
      files.
    - CVE-2012-0948
  * SECURITY UPDATE: Apport hook may upload system_state archive containing
    repo passwords (LP: #954483)
    - debian/source_update-manager.py: don't upload system_state archives.
    - CVE-2012-0949

Date: Tue, 15 May 2012 08:24:51 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Michael Vogt <michael.vogt at ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/update-manager/1:0.152.25.11
-------------- next part --------------
Format: 1.8
Date: Tue, 15 May 2012 08:24:51 -0400
Source: update-manager
Binary: update-manager-core update-manager update-manager-text update-manager-kde auto-upgrade-tester
Architecture: source
Version: 1:0.152.25.11
Distribution: oneiric-security
Urgency: low
Maintainer: Michael Vogt <michael.vogt at ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 auto-upgrade-tester - Test release upgrades in a virtual environment
 update-manager - GNOME application that manages apt updates
 update-manager-core - manage release upgrades
 update-manager-kde - Support modules for KPackageKit
 update-manager-text - Text application that manages apt updates
Launchpad-Bugs-Fixed: 954483
Changes: 
 update-manager (1:0.152.25.11) oneiric-security; urgency=low
 .
   * SECURITY UPDATE: Incorrect permissions on system_state archive may
     expose repo passwords (LP: #954483)
     - DistUpgrade/DistUpgradeMain.py: create file with proper permissions.
     - debian/update-manager-core.postinst: clean up permissions on existing
       files.
     - CVE-2012-0948
   * SECURITY UPDATE: Apport hook may upload system_state archive containing
     repo passwords (LP: #954483)
     - debian/source_update-manager.py: don't upload system_state archives.
     - CVE-2012-0949
Checksums-Sha1: 
 cd40a6babf3b0cb4de9cf11263411a6ee8e6149e 1769 update-manager_0.152.25.11.dsc
 ffbf0d874b39d8ddacbaea20ff108ffc7dbdf21c 3240396 update-manager_0.152.25.11.tar.gz
Checksums-Sha256: 
 330dc845c0839eab3f15393b07cb98f37bbdf23604f0b680c09bfd2d1dd26b03 1769 update-manager_0.152.25.11.dsc
 b19ca2461544b33003bbe81c344d6224ba256fba82db6884ee6e36d65cea1d26 3240396 update-manager_0.152.25.11.tar.gz
Files: 
 a754671cedd9490c4dc62e1c38e6dacb 1769 gnome optional update-manager_0.152.25.11.dsc
 00435a657842ac3144b7f8385af990fc 3240396 gnome optional update-manager_0.152.25.11.tar.gz