[ubuntu/precise-security] puppet 2.7.11-1ubuntu2.1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Jul 12 17:03:22 UTC 2012


puppet (2.7.11-1ubuntu2.1) precise-security; urgency=low

  * SECURITY UPDATE: Multiple July 2012 security issues
    - debian/patches/2.7.17-Puppet-July-2012-CVE-fixes.patch: upstream
      patch to fix multiple security issues.
    - CVE-2012-3864: arbitrary file read on master from authenticated
      clients
    - CVE-2012-3865: arbitrary file delete or denial of service on master
      from authenticated clients
    - CVE-2012-3866: last_run_report.yaml report file is world readable and
      leads to arbitrary file read on master by an agent
    - CVE-2012-3867: insufficient input validation for agent cert hostnames

Date: Tue, 10 Jul 2012 07:58:03 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/puppet/2.7.11-1ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Tue, 10 Jul 2012 07:58:03 -0400
Source: puppet
Binary: puppet-common puppet puppetmaster-common puppetmaster puppetmaster-passenger vim-puppet puppet-el puppet-testsuite
Architecture: source
Version: 2.7.11-1ubuntu2.1
Distribution: precise-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 puppet     - Centralized configuration management - agent startup and compatib
 puppet-common - Centralized configuration management
 puppet-el  - syntax highlighting for puppet manifests in emacs
 puppet-testsuite - Centralized configuration management - test suite
 puppetmaster - Centralized configuration management - master startup and compati
 puppetmaster-common - Puppet master common scripts
 puppetmaster-passenger - Centralised configuration management - master setup to run under
 vim-puppet - syntax highlighting for puppet manifests in vim
Changes: 
 puppet (2.7.11-1ubuntu2.1) precise-security; urgency=low
 .
   * SECURITY UPDATE: Multiple July 2012 security issues
     - debian/patches/2.7.17-Puppet-July-2012-CVE-fixes.patch: upstream
       patch to fix multiple security issues.
     - CVE-2012-3864: arbitrary file read on master from authenticated
       clients
     - CVE-2012-3865: arbitrary file delete or denial of service on master
       from authenticated clients
     - CVE-2012-3866: last_run_report.yaml report file is world readable and
       leads to arbitrary file read on master by an agent
     - CVE-2012-3867: insufficient input validation for agent cert hostnames
Checksums-Sha1: 
 b6b83605a96eb3ec5c5b031972150b85f3dc7de7 2593 puppet_2.7.11-1ubuntu2.1.dsc
 162b9ff5edc9f975819ff582f924848f03b29865 61181 puppet_2.7.11-1ubuntu2.1.debian.tar.gz
Checksums-Sha256: 
 504e0182caaf8affb97622dc0c7c4d9fdc45eacb9eb926129a5361487d4d7205 2593 puppet_2.7.11-1ubuntu2.1.dsc
 430107d113e4684e867afe80450126d874e9709717b0756a849594866c64e35c 61181 puppet_2.7.11-1ubuntu2.1.debian.tar.gz
Files: 
 e67a392bd5f25debd76552158d98a9fb 2593 admin optional puppet_2.7.11-1ubuntu2.1.dsc
 de3559dd46ce5e90a457b5b9cfec919d 61181 admin optional puppet_2.7.11-1ubuntu2.1.debian.tar.gz
Original-Maintainer: Puppet Package Maintainers <pkg-puppet-devel at lists.alioth.debian.org>


More information about the Precise-changes mailing list