Comment 25 for bug 881548

This bug was fixed in the package update-manager - 1:0.154.5

---------------
update-manager (1:0.154.5) precise; urgency=low

  [ Nicholas Skaggs ]
  * lp:~nskaggs/update-manager/fix-for-702418:
    - Removed gnome-power-manager dbus interface completely and
      only use freedesktop interface.
      Thanks to Nicholas Skaggs (LP: #702418)

  [ Gabor Kelemen ]
  * Replace gettext.install() with bindtextdomain() calls.
    Work around crash in OptionParser when displaying
    localized --help text, to not regress on bug LP: #557804
  * Extract strings for translation from u-m-t and u-s-s executables

  [ Marc Deslauriers ]
  * SECURITY UPDATE: arbitrary code execution via directory traversal
    (LP: #881548)
    - UpdateManager/Core/DistUpgradeFetcherCore.py: verify signature before
      unpacking the tarball.
    - CVE-2011-3152
  * SECURITY UPDATE: information leak via insecure temp file (LP: #881541)
    - DistUpgrade/DistUpgradeViewKDE.py: use mkstemp instead of mktemp.
    - CVE-2011-3154

  [ Michael Vogt ]
  * UpdateManager/UpdateManager.py:
    - ensure that the origin headers state of "select all/dselect all"
      is consistent
 -- Michael Vogt <email address hidden> Tue, 29 Nov 2011 09:58:15 +0100