* SECURITY UPDATE: Arbitrary code execution in the power button handling script (LP: #893821) - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment variable is only read from a process owned by the user that will be evaluating the variable. - CVE-2011-2777 * SECURITY UPDATE: Unprivileged users may be able to write to directories and read files created by event handler scripts - event.c: Set a restrictive umask of 0077 before running an event handler script. Based on upstream patch. - CVE-2011-4578