-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2011-11-23 09:58:49 UTC
-
mfrom:
(144.1.6 hardy-proposed)
-
Revision ID:
package-import@ubuntu.com-20111123095849-pchoop99rwjo9yo7
Tags: 1:0.87.31.1
* SECURITY UPDATE: arbitrary code execution via directory traversal
(LP: #881548)
- UpdateManager/Core/DistUpgradeFetcherCore.py: verify signature before
unpacking the tarball.
- CVE-2011-3152
* SECURITY UPDATE: information leak via insecure temp file (LP: #881541)
- DistUpgrade/DistUpgradeViewKDE.py: use mkstemp instead of mktemp.
- CVE-2011-3154