Vulnerability Key Information Vulnerability Description Description: The module in the package uses downloaded tarfiles before validating them, leading to security issues. The problem lies in the use of in the file, which introduces risks of path traversal and arbitrary code execution. Affected Versions Ubuntu Versions: Hardy, Lucid, Maverick, Natty, Oneiric, Precise Status: - All affected versions have been fixed or marked as Vulnerability Details CVE References: - CVE-2011-3152 - CVE-2011-3154 Patch Timeline: Although no explicit timeline is provided, all affected versions have already received patch releases. Patches and Fixes Patch Submissions: Multiple patches were submitted by Michael Vogt to address this issue. Patch Status: All patches have been merged and released, resolving the original security vulnerability. Vulnerability Fixes Fixed Versions: - update-manager 1:0.152.25.5 oneiric-security - update-notifier 0.111ubuntu2.1 natty-security - update-manager 1:0.150.5.1 natty-security; urgency=low - update-notifier 0.105ubuntu1.1 maverриck-security; urgency=low - update-manager 1:0.142.23.1 maverick-security; urgency=low - update-notifier 0.99.3ubuntu0.1 lucid-security; urgency=low