Comment 22 for bug 881548

This bug was fixed in the package update-manager - 1:0.134.11.1

---------------
update-manager (1:0.134.11.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via directory traversal
    (LP: #881548)
    - UpdateManager/Core/DistUpgradeFetcherCore.py: verify signature before
      unpacking the tarball.
    - CVE-2011-3152
  * SECURITY UPDATE: information leak via insecure temp file (LP: #881541)
    - DistUpgrade/DistUpgradeViewKDE.py: use mkstemp instead of mktemp.
    - CVE-2011-3154
 -- Marc Deslauriers <email address hidden> Wed, 23 Nov 2011 09:31:48 -0500