This bug was fixed in the package update-manager - 1:0.150.5.1
--------------- update-manager (1:0.150.5.1) natty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via directory traversal (LP: #881548) - UpdateManager/Core/DistUpgradeFetcherCore.py: verify signature before unpacking the tarball. - CVE-2011-3152 * SECURITY UPDATE: information leak via insecure temp file (LP: #881541) - DistUpgrade/DistUpgradeViewKDE.py: use mkstemp instead of mktemp. - CVE-2011-3154 -- Marc Deslauriers <email address hidden> Wed, 23 Nov 2011 09:27:14 -0500
This bug was fixed in the package update-manager - 1:0.150.5.1
---------------
update-manager (1:0.150.5.1) natty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via directory traversal Core/DistUpgrad eFetcherCore. py: verify signature before DistUpgradeView KDE.py: use mkstemp instead of mktemp.
(LP: #881548)
- UpdateManager/
unpacking the tarball.
- CVE-2011-3152
* SECURITY UPDATE: information leak via insecure temp file (LP: #881541)
- DistUpgrade/
- CVE-2011-3154
-- Marc Deslauriers <email address hidden> Wed, 23 Nov 2011 09:27:14 -0500