Ubuntu
puppet package

  1. Bug #861182
  2. Comment #20

Comment 20 for bug 861182

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package puppet - 2.7.1-1ubuntu2

---------------
puppet (2.7.1-1ubuntu2) oneiric; urgency=low

  * SECURITY UPDATE: unauthenticated directory traversal allows writing of
    arbitrary files as puppet master
    - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb,
      lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb,
      spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to
      perform proper input validation.
    - CVE-2011-3848
    - LP: #861182
 -- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 07:55:44 -0500