Comment 21 for bug 881548

This bug was fixed in the package update-notifier - 0.99.3ubuntu0.1

---------------
update-notifier (0.99.3ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: hotfix for arbitrary code execution via directory
    traversal in update-manager on iso media (LP: #881548)
    - data/cddistupgrader: patch update-manager that is pulled off an
      upgrade cd.
    - debian/update-manager-downloader-fix2.diff: hotfix to verify
      signature before unpacking the tarball in
      UpdateManager/Core/DistUpgradeFetcherCore.py.
    - debian/update-notifier-common.*: ship new hotfix in package.
    - CVE-2011-3152
 -- Marc Deslauriers <email address hidden> Thu, 24 Nov 2011 13:02:45 -0500