This bug was fixed in the package puppet - 2.7.1-1ubuntu2
--------------- puppet (2.7.1-1ubuntu2) oneiric; urgency=low
* SECURITY UPDATE: unauthenticated directory traversal allows writing of arbitrary files as puppet master - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb, lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb, spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to perform proper input validation. - CVE-2011-3848 - LP: #861182 -- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 07:55:44 -0500
This bug was fixed in the package puppet - 2.7.1-1ubuntu2
---------------
puppet (2.7.1-1ubuntu2) oneiric; urgency=low
* SECURITY UPDATE: unauthenticated directory traversal allows writing of patches/ CVE-2011- 3848.patch: update lib/puppet/ indirector. rb, puppet/ indirector/ ssl_file. rb, lib/puppet/ indirector/ yaml.rb, unit/indirector /ssl_file. rb and spec/unit/ indirector/ yaml.rb to
arbitrary files as puppet master
- debian/
lib/
spec/
perform proper input validation.
- CVE-2011-3848
- LP: #861182
-- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 07:55:44 -0500