[ubuntu/maverick-security] puppet 2.6.1-0ubuntu2.1 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Thu Sep 29 02:03:41 UTC 2011 

puppet (2.6.1-0ubuntu2.1) maverick-security; urgency=low

  * SECURITY UPDATE: unauthenticated directory traversal allows writing of
    arbitrary files as puppet master
    - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb,
      lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb,
      spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to
      perform proper input validation.
    - CVE-2011-3848
    - LP: #861182

Date: Wed, 28 Sep 2011 08:28:21 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/puppet/2.6.1-0ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Wed, 28 Sep 2011 08:28:21 -0500
Source: puppet
Binary: puppet puppetmaster-common puppetmaster puppetmaster-passenger puppet-common vim-puppet puppet-el puppet-testsuite
Architecture: source
Version: 2.6.1-0ubuntu2.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 puppet     - Centralized configuration management - agent startup and compatib
 puppet-common - Centralized configuration management
 puppet-el  - syntax highlighting for puppet manifests in emacs
 puppet-testsuite - Centralized configuration management - test suite
 puppetmaster - Centralized configuration management - master startup and compati
 puppetmaster-common - Puppet master common scripts
 puppetmaster-passenger - Centralised configuration management - master setup to run under
 vim-puppet - syntax highlighting for puppet manifests in vim
Launchpad-Bugs-Fixed: 861182
Changes: 
 puppet (2.6.1-0ubuntu2.1) maverick-security; urgency=low
 .
   * SECURITY UPDATE: unauthenticated directory traversal allows writing of
     arbitrary files as puppet master
     - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb,
       lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb,
       spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to
       perform proper input validation.
     - CVE-2011-3848
     - LP: #861182
Checksums-Sha1: 
 4c64ee088dec53ae96b44516dff4004d872d9ba1 2296 puppet_2.6.1-0ubuntu2.1.dsc
 77b7e9a140df03293551d09e4d0d883c49b50001 35731 puppet_2.6.1-0ubuntu2.1.debian.tar.gz
Checksums-Sha256: 
 7e238348ccec9b8bfdbfdaf5d873297cd4e6fb78c471e52d63daee11bd08454e 2296 puppet_2.6.1-0ubuntu2.1.dsc
 e4488c90a43d012c1248abc463ff27c72efe74923d2be9d0dc3f72023774ce61 35731 puppet_2.6.1-0ubuntu2.1.debian.tar.gz
Files: 
 0f86fe37e73166680a06887770e2cd8b 2296 admin optional puppet_2.6.1-0ubuntu2.1.dsc
 531ee37678f8ab566da95b9f1e4f7c4e 35731 admin optional puppet_2.6.1-0ubuntu2.1.debian.tar.gz
Original-Maintainer: Puppet Package Maintainers <pkg-puppet-devel at lists.alioth.debian.org>

More information about the Maverick-changes mailing list