[ubuntu/natty-security] puppet 2.6.4-2ubuntu2.2 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Thu Sep 29 02:03:35 UTC 2011 

puppet (2.6.4-2ubuntu2.2) natty-security; urgency=low

  * SECURITY UPDATE: unauthenticated directory traversal allows writing of
    arbitrary files as puppet master
    - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb,
      lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb,
      spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to
      perform proper input validation.
    - CVE-2011-3848
    - LP: #861182
  * debian/patches/fix-rake-spec-missing-require.patch: allow 'rake spec'
    to run again

Date: Wed, 28 Sep 2011 08:26:38 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/puppet/2.6.4-2ubuntu2.2
-------------- next part --------------
Format: 1.8
Date: Wed, 28 Sep 2011 08:26:38 -0500
Source: puppet
Binary: puppet-common puppet puppetmaster-common puppetmaster puppetmaster-passenger vim-puppet puppet-el puppet-testsuite
Architecture: source
Version: 2.6.4-2ubuntu2.2
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 puppet     - Centralized configuration management - agent startup and compatib
 puppet-common - Centralized configuration management
 puppet-el  - syntax highlighting for puppet manifests in emacs
 puppet-testsuite - Centralized configuration management - test suite
 puppetmaster - Centralized configuration management - master startup and compati
 puppetmaster-common - Puppet master common scripts
 puppetmaster-passenger - Centralised configuration management - master setup to run under
 vim-puppet - syntax highlighting for puppet manifests in vim
Launchpad-Bugs-Fixed: 861182
Changes: 
 puppet (2.6.4-2ubuntu2.2) natty-security; urgency=low
 .
   * SECURITY UPDATE: unauthenticated directory traversal allows writing of
     arbitrary files as puppet master
     - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb,
       lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb,
       spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to
       perform proper input validation.
     - CVE-2011-3848
     - LP: #861182
   * debian/patches/fix-rake-spec-missing-require.patch: allow 'rake spec'
     to run again
Checksums-Sha1: 
 173513d9bc06a557ad707c3fbee140af958e865e 2296 puppet_2.6.4-2ubuntu2.2.dsc
 1c33b08e360611a3e737eaad4cc2ab97d64d524a 35177 puppet_2.6.4-2ubuntu2.2.debian.tar.gz
Checksums-Sha256: 
 6fdf29cb3a44280559f3583424875c15181ba992192c900727a5295e396c1935 2296 puppet_2.6.4-2ubuntu2.2.dsc
 f6c77c8751bb61849b43918d27cd0b257544e3517f1a5dc09f1c58d61b2eecab 35177 puppet_2.6.4-2ubuntu2.2.debian.tar.gz
Files: 
 6559289809aa9c75e08aca51f1f948d1 2296 admin optional puppet_2.6.4-2ubuntu2.2.dsc
 d401082053010ec8ff69ce821edf5bf1 35177 admin optional puppet_2.6.4-2ubuntu2.2.debian.tar.gz
Original-Maintainer: Puppet Package Maintainers <pkg-puppet-devel at lists.alioth.debian.org>

More information about the Natty-changes mailing list