lp://staging/ubuntu/oneiric-security/update-manager

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

367. By Marc Deslauriers on 2012-05-31

* SECURITY UPDATE: Incomplete fix for CVE-2012-0949 (LP: #1004503)
  - DistUpgrade/DistUpgradeApport.py: use a whitelist of files so we
    don't upload system_state archives.
  - tests/test_apport_crash.py: add test.
  - CVE-2012-0950

366. By Marc Deslauriers on 2012-05-15

* SECURITY UPDATE: Incorrect permissions on system_state archive may
  expose repo passwords (LP: #954483)
  - DistUpgrade/DistUpgradeMain.py: create file with proper permissions.
  - debian/update-manager-core.postinst: clean up permissions on existing
    files.
  - CVE-2012-0948
* SECURITY UPDATE: Apport hook may upload system_state archive containing
  repo passwords (LP: #954483)
  - debian/source_update-manager.py: don't upload system_state archives.
  - CVE-2012-0949

365. By Marc Deslauriers on 2012-02-15

* REGRESSION FIX:
  - DistUpgrade/DistUpgradeViewKDE.py: fix regression caused by improper
    return value handling. (LP: #933225)
* This package does _not_ contain the changes from (1:0.152.25.6) and
  (1:0.152.25.7) in oneiric-proposed.

364. By Marc Deslauriers on 2011-11-23

* SECURITY UPDATE: arbitrary code execution via directory traversal
  (LP: #881548)
  - UpdateManager/Core/DistUpgradeFetcherCore.py: verify signature before
    unpacking the tarball.
  - CVE-2011-3152
* SECURITY UPDATE: information leak via insecure temp file (LP: #881541)
  - DistUpgrade/DistUpgradeViewKDE.py: use mkstemp instead of mktemp.
  - CVE-2011-3154

363. By Michael Vogt on 2011-10-10

* DistUpgrade/DistUpgradeController.py:
  - add workaround for a python-apt bug that causes the release
    upgrade to import the old version of "DistInfo" intead of the
    one that is bundled with the release-upgrader (LP: #871007)

362. By Stéphane Graber on 2011-10-08

* AutoUpgradeTester/profile/eduubuntu/DistUpgrade.cfg:
  - Fix typo, renaming to edubuntu instead

361. By Michael Vogt on 2011-10-07

* tests/test_update_origin.py, Janitor/computerjanitor/plugin.py:
  - fix tests
* .bzr-builddeb/default.conf:
  - re-enable pre-build script to ensure we get a updated
    base-installer, demotions and html Announcements

360. By Michael Vogt on 2011-09-30

* DistUpgrade/DistUpgradeQuirks.py:
  - increase the amd64 cache size to 48mb to workaround bug
    LP: #854090 during the natty -> oneiric upgrade

359. By Michael Vogt on 2011-09-30

* DistUpgrade/DistUpgradeQuirks.py:
  - increase the default cache size on a multiarch system to
    avoid potential crash in natty apt (LP: #854090)
* DistUpgrade/DistUpgradeController.py, UpdateManager/Core/utils.py:
  - do not leak password from sources.list entries into the logfile
    (LP: #839094)
* UpdateManager/UpdateManager.py:
  - do not crash if a package can not be put into "install" state,
    instead, just keep the old (unmarked) state (LP: #850482)
* UpdateManager/DistUpgradeFetcher.py:
  - fix crash for changed gtk2 -> gtk3 API (LP: #859862)
* UpdateManager/backend/InstallBackendAptdaemon.py:
  - remove debug output (LP: #855495)

358. By Michael Vogt on 2011-09-21

* DistUpgrade/DistUpgradeCache.py:
  - do not use O_SYNC for the apt.log, its not important enough
    to justify the slowdown (LP: #852128)