* SECURITY UPDATE: hotfix for arbitrary code execution via directory
traversal in update-manager on iso media (LP: #881548)
- data/cddistupgrader: patch update-manager that is pulled off an
upgrade cd.
- debian/update-manager-downloader-fix2.diff: hotfix to verify
signature before unpacking the tarball in
UpdateManager/Core/DistUpgradeFetcherCore.py.
- debian/update-notifier-common.*: ship new hotfix in package.
- CVE-2011-3152
-- Marc Deslauriers <email address hidden> Thu, 24 Nov 2011 12:57:39 -0500
This bug was fixed in the package update-notifier - 0.111ubuntu2.1
---------------
update-notifier (0.111ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: hotfix for arbitrary code execution via directory ader: patch update-manager that is pulled off an update- manager- downloader- fix2.diff: hotfix to verify ager/Core/ DistUpgradeFetc herCore. py. update- notifier- common. *: ship new hotfix in package.
traversal in update-manager on iso media (LP: #881548)
- data/cddistupgr
upgrade cd.
- debian/
signature before unpacking the tarball in
UpdateMan
- debian/
- CVE-2011-3152
-- Marc Deslauriers <email address hidden> Thu, 24 Nov 2011 12:57:39 -0500