update-manager (1:0.156.14.4) precise-security; urgency=low
* SECURITY UPDATE: Incorrect permissions on system_state archive may
expose repo passwords (LP: #954483)
- DistUpgrade/DistUpgradeMain.py: create file with proper permissions.
- debian/update-manager-core.postinst: clean up permissions on existing
files.
- CVE-2012-0948
* SECURITY UPDATE: Apport hook may upload system_state archive containing
repo passwords (LP: #954483)
- debian/source_update-manager.py: don't upload system_state archives.
- CVE-2012-0949
* This package does _not_ contain the changes from (1:0.156.14.2) in
precise-proposed.
-- Marc Deslauriers <email address hidden> Tue, 15 May 2012 08:13:39 -0400