[ubuntu/quantal] puppet 2.7.11-1ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Jul 13 17:40:42 UTC 2012 

puppet (2.7.11-1ubuntu3) quantal; urgency=low

  * SECURITY UPDATE: Multiple July 2012 security issues
    - debian/patches/2.7.17-Puppet-July-2012-CVE-fixes.patch: upstream
      patch to fix multiple security issues.
    - CVE-2012-3864: arbitrary file read on master from authenticated
      clients
    - CVE-2012-3865: arbitrary file delete or denial of service on master
      from authenticated clients
    - CVE-2012-3866: last_run_report.yaml report file is world readable and
      leads to arbitrary file read on master by an agent
    - CVE-2012-3867: insufficient input validation for agent cert hostnames
  * debian/control: use ruby1.8 as Build-Depends-Indep to fix FTBFS

Date: Fri, 13 Jul 2012 12:45:14 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/puppet/2.7.11-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 13 Jul 2012 12:45:14 -0400
Source: puppet
Binary: puppet-common puppet puppetmaster-common puppetmaster puppetmaster-passenger vim-puppet puppet-el puppet-testsuite
Architecture: source
Version: 2.7.11-1ubuntu3
Distribution: quantal
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 puppet     - Centralized configuration management - agent startup and compatib
 puppet-common - Centralized configuration management
 puppet-el  - syntax highlighting for puppet manifests in emacs
 puppet-testsuite - Centralized configuration management - test suite
 puppetmaster - Centralized configuration management - master startup and compati
 puppetmaster-common - Puppet master common scripts
 puppetmaster-passenger - Centralised configuration management - master setup to run under
 vim-puppet - syntax highlighting for puppet manifests in vim
Changes: 
 puppet (2.7.11-1ubuntu3) quantal; urgency=low
 .
   * SECURITY UPDATE: Multiple July 2012 security issues
     - debian/patches/2.7.17-Puppet-July-2012-CVE-fixes.patch: upstream
       patch to fix multiple security issues.
     - CVE-2012-3864: arbitrary file read on master from authenticated
       clients
     - CVE-2012-3865: arbitrary file delete or denial of service on master
       from authenticated clients
     - CVE-2012-3866: last_run_report.yaml report file is world readable and
       leads to arbitrary file read on master by an agent
     - CVE-2012-3867: insufficient input validation for agent cert hostnames
   * debian/control: use ruby1.8 as Build-Depends-Indep to fix FTBFS
Checksums-Sha1: 
 7b2879c3cb2670bfca5d3ee99ac2e92ad9c8d07a 2588 puppet_2.7.11-1ubuntu3.dsc
 bb85dd88f6a879bf829da2583b11cd131f5d1ebb 61151 puppet_2.7.11-1ubuntu3.debian.tar.gz
Checksums-Sha256: 
 7eb86a45e4aa76d5d4e30c926b0eb9cce0e53af8988fb2e0e4fafda7ecc0bf77 2588 puppet_2.7.11-1ubuntu3.dsc
 9d51a228cbd075a2562181a5cccb6301fc8d2b400f64e686034c3efe78821cf9 61151 puppet_2.7.11-1ubuntu3.debian.tar.gz
Files: 
 c1cb270d25ef28eeca61da23439ae91d 2588 admin optional puppet_2.7.11-1ubuntu3.dsc
 e847ffc4d33e137e2eaf9cffcfd7070f 61151 admin optional puppet_2.7.11-1ubuntu3.debian.tar.gz
Original-Maintainer: Puppet Package Maintainers <pkg-puppet-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJQAFxeAAoJEGVp2FWnRL6TTVMP/R8ClIp0pEc7diH5W+yTSPND
agco3/5dpXzzoo2nM3sdlhHTN5n97hN3LC+BeP4JJZTOtUynroXBawWd8hwBsjy9
M5f/o9WDXSc8wF2FusCV64Z5BjNZNwOoW5tPOLPKenUpL58WNP6lXDJ8+vOXpB1P
l7bUL/Rz+GcvtAhbHYZ5oqZj3W8CuIbeE/0MITi3gvVGRmZrmE8PS3YPArypVZcR
TZk65mcqvv8HW9AouXZ8znIncFCotG2Ty7Dl6BeyGbhm0B/P9+5dZB43EboTbR/1
w79tZrMMrCi9bWEw2V9ovLNoufOrajYRtoms+hPxBFttdv80VRYNBQLb7/5HYuJc
9JL2fa57KoSvlPTEM5K/cr+Q7h/I94sQvw4HNXH9qYnR12+xE9ooia3lrHHQdR3h
QPzPz6wv5qqJy44DLY+6SfJnT8dCWGSJ687FHsAz2y2ciiI1ZX0HmfIq2icRMnNl
u0jxi7KeQiwwqM2NGULSnqK6I3zJYq56e4VmtgukAKEoKIljNhRxy/9l+DtoHVv2
Iedy1+m8pGCqTBgXRDUYCZ1AvOsJ0eJNRovvbA5cOvfo6xxVTo1cbjjKHMPdP6aq
pB6AR6QLEiG8t4A887xtd2eeDQG1eNoY+q9DhPF4hyUqJ9hJ7WBQX0n+wEXJ32wp
r9UkoKRfDK/ZQtED9jsR
=/UUq
-----END PGP SIGNATURE-----

More information about the Quantal-changes mailing list