[ Nicholas Skaggs ]
* lp:~nskaggs/update-manager/fix-for-702418:
- Removed gnome-power-manager dbus interface completely and
only use freedesktop interface.
Thanks to Nicholas Skaggs (LP: #702418)
[ Gabor Kelemen ]
* Replace gettext.install() with bindtextdomain() calls.
Work around crash in OptionParser when displaying
localized --help text, to not regress on bug LP: #557804
* Extract strings for translation from u-m-t and u-s-s executables
[ Marc Deslauriers ]
* SECURITY UPDATE: arbitrary code execution via directory traversal
(LP: #881548)
- UpdateManager/Core/DistUpgradeFetcherCore.py: verify signature before
unpacking the tarball.
- CVE-2011-3152
* SECURITY UPDATE: information leak via insecure temp file (LP: #881541)
- DistUpgrade/DistUpgradeViewKDE.py: use mkstemp instead of mktemp.
- CVE-2011-3154
[ Michael Vogt ]
* UpdateManager/UpdateManager.py:
- ensure that the origin headers state of "select all/dselect all"
is consistent
-- Michael Vogt <email address hidden> Tue, 29 Nov 2011 09:58:15 +0100
This bug was fixed in the package update-manager - 1:0.154.5
---------------
update-manager (1:0.154.5) precise; urgency=low
[ Nicholas Skaggs ]
* lp:~nskaggs/update-manager/fix-for-702418:
- Removed gnome-power-manager dbus interface completely and
only use freedesktop interface.
Thanks to Nicholas Skaggs (LP: #702418)
[ Gabor Kelemen ]
* Replace gettext.install() with bindtextdomain() calls.
Work around crash in OptionParser when displaying
localized --help text, to not regress on bug LP: #557804
* Extract strings for translation from u-m-t and u-s-s executables
[ Marc Deslauriers ] Core/DistUpgrad eFetcherCore. py: verify signature before DistUpgradeView KDE.py: use mkstemp instead of mktemp.
* SECURITY UPDATE: arbitrary code execution via directory traversal
(LP: #881548)
- UpdateManager/
unpacking the tarball.
- CVE-2011-3152
* SECURITY UPDATE: information leak via insecure temp file (LP: #881541)
- DistUpgrade/
- CVE-2011-3154
[ Michael Vogt ] UpdateManager. py:
* UpdateManager/
- ensure that the origin headers state of "select all/dselect all"
is consistent
-- Michael Vogt <email address hidden> Tue, 29 Nov 2011 09:58:15 +0100