[Bug 978708] Re: [Precise] puppet is vulnerable to CVE-2012-1906 and CVE-2012-1986 through CVE-2012-1989
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Apr 11 12:59:42 UTC 2012
ACK on the debdiff, uploaded to Precise.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/978708
Title:
[Precise] puppet is vulnerable to CVE-2012-1906 and CVE-2012-1986
through CVE-2012-1989
Status in “puppet” package in Ubuntu:
Confirmed
Bug description:
I've updated the stable releases but will need a sponsor if this is
deemed urgent enough to make the Precise release.
Links to Puppet Labs advisories:
http://puppetlabs.com/security/cve/cve-2012-1906/
http://puppetlabs.com/security/cve/cve-2012-1986/
http://puppetlabs.com/security/cve/cve-2012-1987/
http://puppetlabs.com/security/cve/cve-2012-1988/
http://puppetlabs.com/security/cve/cve-2012-1989/
Also, while testing, I noticed that 'rake spec' aborts immediately. I
traced it down to debian/patches/puppet-12844 being incomplete in
comparison to the upstream commit but did not dig down much deeper
than that.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/978708/+subscriptions
More information about the Ubuntu-sponsors
mailing list