[ubuntu/lucid-security] puppet 0.25.4-2ubuntu6.2 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Thu Sep 29 02:03:48 UTC 2011 

puppet (0.25.4-2ubuntu6.2) lucid-security; urgency=low

  * SECURITY UPDATE: unauthenticated directory traversal allows writing of
    arbitrary files as puppet master (LP: #861182)
    - update lib/puppet/indirector.rb, lib/puppet/indirector/ssl_file.rb,
      lib/puppet/indirector/yaml.rb, spec/unit/indirector/ssl_file.rb and
      spec/unit/indirector/yaml.rb to perform proper input validation.
      Patch from upstream (Daniel Pittman <daniel at puppetlabs.com>)
      6e5a821cbf94b220dfc021ff7ebad0831c60e207
    - CVE-2011-3848
    - LP: #861182

Date: Wed, 28 Sep 2011 08:30:14 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/puppet/0.25.4-2ubuntu6.2
-------------- next part --------------
Format: 1.8
Date: Wed, 28 Sep 2011 08:30:14 -0500
Source: puppet
Binary: puppet puppetmaster puppet-common vim-puppet puppet-el puppet-testsuite
Architecture: source
Version: 0.25.4-2ubuntu6.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 puppet     - centralised configuration management for networks
 puppet-common - common files for puppet and puppetmaster
 puppet-el  - Emacs syntax highlighting for puppet manifests
 puppet-testsuite - centralized configuration management control for networks
 puppetmaster - centralised configuration management control daemon
 vim-puppet - Vim syntax highlighting for puppet manifests
Launchpad-Bugs-Fixed: 861182 861182
Changes: 
 puppet (0.25.4-2ubuntu6.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: unauthenticated directory traversal allows writing of
     arbitrary files as puppet master (LP: #861182)
     - update lib/puppet/indirector.rb, lib/puppet/indirector/ssl_file.rb,
       lib/puppet/indirector/yaml.rb, spec/unit/indirector/ssl_file.rb and
       spec/unit/indirector/yaml.rb to perform proper input validation.
       Patch from upstream (Daniel Pittman <daniel at puppetlabs.com>)
       6e5a821cbf94b220dfc021ff7ebad0831c60e207
     - CVE-2011-3848
     - LP: #861182
Checksums-Sha1: 
 1c357bb66d88abb61e6fa12f608ef64f928e6921 2209 puppet_0.25.4-2ubuntu6.2.dsc
 a0e015d48a18380d4d7b932ce80d5f0b06f90bb8 42860 puppet_0.25.4-2ubuntu6.2.diff.gz
Checksums-Sha256: 
 b1bbd9e8873990376347db3266d9f39082c206cacfb9cdb520f50087c080058b 2209 puppet_0.25.4-2ubuntu6.2.dsc
 bd869516941eb8b2ee304d1bb241d453ae7875f131d06f79100c8bb77a405342 42860 puppet_0.25.4-2ubuntu6.2.diff.gz
Files: 
 43b62d8de44afbf9d6e0a6fb559dafda 2209 admin optional puppet_0.25.4-2ubuntu6.2.dsc
 5ffa201a78e590cb57835cba3f4662e7 42860 admin optional puppet_0.25.4-2ubuntu6.2.diff.gz
Original-Maintainer: Puppet Package Maintainers <pkg-puppet-devel at lists.alioth.debian.org>

More information about the Lucid-changes mailing list