[ubuntu/oneiric-security] puppet 2.7.1-1ubuntu3.7 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Jul 12 17:03:28 UTC 2012
puppet (2.7.1-1ubuntu3.7) oneiric-security; urgency=low
* SECURITY UPDATE: multiple July 2012 security issues
- debian/patches/2.7.9-Puppet-July-2012-CVE-fixes.patch: fix multiple
security issues with backported upstream 2.7.9 patch to 2.7.1.
- CVE-2012-3864: arbitrary file read on master from authenticated
clients
- CVE-2012-3865: arbitrary file delete or denial of service on master
from authenticated clients
- CVE-2012-3866: last_run_report.yaml report file is world readable and
leads to arbitrary file read on master by an agent
- CVE-2012-3867: insufficient input validation for agent cert hostnames
Date: Tue, 10 Jul 2012 08:17:46 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/puppet/2.7.1-1ubuntu3.7
-------------- next part --------------
Format: 1.8
Date: Tue, 10 Jul 2012 08:17:46 -0400
Source: puppet
Binary: puppet-common puppet puppetmaster-common puppetmaster puppetmaster-passenger vim-puppet puppet-el puppet-testsuite
Architecture: source
Version: 2.7.1-1ubuntu3.7
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
puppet - Centralized configuration management - agent startup and compatib
puppet-common - Centralized configuration management
puppet-el - syntax highlighting for puppet manifests in emacs
puppet-testsuite - Centralized configuration management - test suite
puppetmaster - Centralized configuration management - master startup and compati
puppetmaster-common - Puppet master common scripts
puppetmaster-passenger - Centralised configuration management - master setup to run under
vim-puppet - syntax highlighting for puppet manifests in vim
Changes:
puppet (2.7.1-1ubuntu3.7) oneiric-security; urgency=low
.
* SECURITY UPDATE: multiple July 2012 security issues
- debian/patches/2.7.9-Puppet-July-2012-CVE-fixes.patch: fix multiple
security issues with backported upstream 2.7.9 patch to 2.7.1.
- CVE-2012-3864: arbitrary file read on master from authenticated
clients
- CVE-2012-3865: arbitrary file delete or denial of service on master
from authenticated clients
- CVE-2012-3866: last_run_report.yaml report file is world readable and
leads to arbitrary file read on master by an agent
- CVE-2012-3867: insufficient input validation for agent cert hostnames
Checksums-Sha1:
837856e1b7eb335a597de3212acb7499ca30888f 2299 puppet_2.7.1-1ubuntu3.7.dsc
df516a631f8a817ee1f34bb3e579bff154e5f167 120254 puppet_2.7.1-1ubuntu3.7.debian.tar.gz
Checksums-Sha256:
c1a99e5da2179199b63aa87c007599bd79c48a6f154d5eafcee872d1864eeb04 2299 puppet_2.7.1-1ubuntu3.7.dsc
196980e38ab147e4bfbd30dc513cab0c028cf7834475ba869dba5030f6efa98c 120254 puppet_2.7.1-1ubuntu3.7.debian.tar.gz
Files:
1560a42b7448dd19f801e67ca51da4ce 2299 admin optional puppet_2.7.1-1ubuntu3.7.dsc
90578c59bea6b6f50ad2bc43dff57407 120254 admin optional puppet_2.7.1-1ubuntu3.7.debian.tar.gz
Original-Maintainer: Puppet Package Maintainers <pkg-puppet-devel at lists.alioth.debian.org>
More information about the Oneiric-changes
mailing list