[ubuntu/lucid-security] puppet 0.25.4-2ubuntu6.7 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Wed Apr 11 05:04:10 UTC 2012
puppet (0.25.4-2ubuntu6.7) lucid-security; urgency=low
* SECURITY UPDATE: Arbitrary file writes via predictable filename usage in
appdmg and pkgdmg providers
- lib/puppet/provider/package/{appdmg.rb,pkgdmg.rb}: Use mktmpdir when
downloading packages. Based on upstream patch.
- CVE-2012-1906
* SECURITY UPDATE: Arbitrary file reads via Filebucket REST requests
- lib/puppet/network/http/api/v1.rb: Fix for bucket_path security
vulnerability. Based on upstream patch.
- CVE-2012-1986
* SECURITY UPDATE: Denial of service via Filebucket text/marshall support
- lib/puppet/network/formats.rb: Removed text/marshal support. Based on
upstream patch.
- CVE-2012-1987
* SECURITY UPDATE: Arbitrary code execution via Filebucket requests
- lib/puppet/network/http/api/v1.rb: Fix for bucket_path security
vulnerability. Based on upstream patch.
- CVE-2012-1988
* spec/unit/property/keyvalue.rb: Fix testsuite failure caused by hash
randomization in Ruby. Based on upstream patch.
- 765036c707a29077107674ad5c6277df6e637b28
Date: Tue, 10 Apr 2012 11:47:14 -0500
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/puppet/0.25.4-2ubuntu6.7
-------------- next part --------------
Format: 1.8
Date: Tue, 10 Apr 2012 11:47:14 -0500
Source: puppet
Binary: puppet puppetmaster puppet-common vim-puppet puppet-el puppet-testsuite
Architecture: source
Version: 0.25.4-2ubuntu6.7
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description:
puppet - centralised configuration management for networks
puppet-common - common files for puppet and puppetmaster
puppet-el - Emacs syntax highlighting for puppet manifests
puppet-testsuite - centralized configuration management control for networks
puppetmaster - centralised configuration management control daemon
vim-puppet - Vim syntax highlighting for puppet manifests
Changes:
puppet (0.25.4-2ubuntu6.7) lucid-security; urgency=low
.
* SECURITY UPDATE: Arbitrary file writes via predictable filename usage in
appdmg and pkgdmg providers
- lib/puppet/provider/package/{appdmg.rb,pkgdmg.rb}: Use mktmpdir when
downloading packages. Based on upstream patch.
- CVE-2012-1906
* SECURITY UPDATE: Arbitrary file reads via Filebucket REST requests
- lib/puppet/network/http/api/v1.rb: Fix for bucket_path security
vulnerability. Based on upstream patch.
- CVE-2012-1986
* SECURITY UPDATE: Denial of service via Filebucket text/marshall support
- lib/puppet/network/formats.rb: Removed text/marshal support. Based on
upstream patch.
- CVE-2012-1987
* SECURITY UPDATE: Arbitrary code execution via Filebucket requests
- lib/puppet/network/http/api/v1.rb: Fix for bucket_path security
vulnerability. Based on upstream patch.
- CVE-2012-1988
* spec/unit/property/keyvalue.rb: Fix testsuite failure caused by hash
randomization in Ruby. Based on upstream patch.
- 765036c707a29077107674ad5c6277df6e637b28
Checksums-Sha1:
5818b7127fd25008b0046bb30d0e56397c99cc44 2209 puppet_0.25.4-2ubuntu6.7.dsc
605cb974916d83500e62ca2c0cda88a3a8f64e75 61262 puppet_0.25.4-2ubuntu6.7.diff.gz
Checksums-Sha256:
0a2edf7ab05ba0edcb41040887390c50750ba455b81d3369df3a76bbef8fc268 2209 puppet_0.25.4-2ubuntu6.7.dsc
0fb49a3dc27c512dc157f95f1e53b9fb50039fb8fe2cbe17b1b99ee51c3e192d 61262 puppet_0.25.4-2ubuntu6.7.diff.gz
Files:
a5e4a2a10d1820269c0b41231de80158 2209 admin optional puppet_0.25.4-2ubuntu6.7.dsc
bc66de5db8b927b6594a99f3f40af6d4 61262 admin optional puppet_0.25.4-2ubuntu6.7.diff.gz
Original-Maintainer: Puppet Package Maintainers <pkg-puppet-devel at lists.alioth.debian.org>
More information about the Lucid-changes
mailing list