UbuntuUpdates.org

Package "update-manager-core"

Name: update-manager-core

Description:

manage release upgrades

Latest version: 1:0.156.14.5
Release: precise (12.04)
Level: security
Repository: main
Head package: update-manager

Links


Download "update-manager-core"


Other versions of "update-manager-core" in Precise

Repository Area Version
base main 1:0.156.14
updates main 1:0.156.14.22

Changelog

Version: 1:0.156.14.5 2012-06-04 14:06:40 UTC

  update-manager (1:0.156.14.5) precise-security; urgency=low

  * SECURITY UPDATE: Incomplete fix for CVE-2012-0949 (LP: #1004503)
    - DistUpgrade/DistUpgradeApport.py: use a whitelist of files so we
      don't upload system_state archives.
    - tests/test_apport_crash.py: add test.
    - CVE-2012-0950
 -- Marc Deslauriers <email address hidden> Thu, 31 May 2012 13:05:04 -0400

Source diff to previous version
1004503 Incomplete fix for CVE-2012-0949
CVE-2012-0949 The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Laun
CVE-2012-0950 RESERVED

Version: 1:0.156.14.4 2012-05-17 19:06:46 UTC

  update-manager (1:0.156.14.4) precise-security; urgency=low

  * SECURITY UPDATE: Incorrect permissions on system_state archive may
    expose repo passwords (LP: #954483)
    - DistUpgrade/DistUpgradeMain.py: create file with proper permissions.
    - debian/update-manager-core.postinst: clean up permissions on existing
      files.
    - CVE-2012-0948
  * SECURITY UPDATE: Apport hook may upload system_state archive containing
    repo passwords (LP: #954483)
    - debian/source_update-manager.py: don't upload system_state archives.
    - CVE-2012-0949
  * This package does _not_ contain the changes from (1:0.156.14.2) in
    precise-proposed.
 -- Marc Deslauriers <email address hidden> Tue, 15 May 2012 08:13:39 -0400

CVE-2012-0949 The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Laun



About   -   Send Feedback to @ubuntu_updates