Comment 5 for bug 893821

This bug was fixed in the package acpid - 1:2.0.10-1ubuntu3

---------------
acpid (1:2.0.10-1ubuntu3) precise; urgency=low

  * SECURITY UPDATE: Arbitrary code execution in the power button handling
    script (LP: #893821)
    - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment
      variable is only read from a process owned by the user that will be
      evaluating the variable.
    - CVE-2011-2777
  * SECURITY UPDATE: Unprivileged users may be able to write to directories
    and read files created by event handler scripts
    - event.c: Set a restrictive umask of 0077 before running an event handler
      script. Based on upstream patch.
    - CVE-2011-4578
 -- Tyler Hicks <email address hidden> Wed, 07 Dec 2011 16:33:35 -0600