Comment 2 for bug 844743

This bug was fixed in the package bcfg2 - 1.1.2-2ubuntu1

---------------
bcfg2 (1.1.2-2ubuntu1) oneiric; urgency=low

  * Merge upstream bugfix only release 1.1.2.
  * Also fixes CVE 2011-3211 (LP: #844743)

  * Merge from debian unstable. Remaining changes:
    - Added patches:
      + Add NagiosGen patch to support "parents" in Nagios
      + Add BackupPCGen plugin by Revolution Linux (off by default).
      + Make ssh_known_hosts base64 to avoid timeouts (SSHGen).
    - Recommends: Move graphviz to Suggests (avoid libX11 on a server).
    - Suggests: Move genshi and cheetah to Recommends (for templating).

bcfg2 (1.1.2-2) unstable; urgency=high

  * Urgency=high due to security fix
  * Apply patch from Torsten Rehn to honor BCFG2_SERVER_OPTIONS in the
    server init script (Closes: #634875)
  * Remove deprecated Breaks: ${python:Breaks}
  * Add dependency on patch to bcfg2-server, the Cfg plugin needs it
    (Closes: #638826)
  * Build-Depend on python-all instead of just python
  * Refresh patches to match what current gbp-pq generates
  * Apply patch from Chris St. Pierre to fix security issues caused by
    unescaped shell commands (Closes: #640028)

bcfg2 (1.1.2-1) unstable; urgency=low

  * New upstream version 1.1.2
  * Patches 0004 and 0005 included upstream, remove them
  * Update Standards-Version to 3.9.2.0, no changes
 -- Stephane Graber <email address hidden> Thu, 08 Sep 2011 09:38:14 -0400