Comment 21 for bug 861182

This bug was fixed in the package puppet - 2.6.4-2ubuntu2.2

---------------
puppet (2.6.4-2ubuntu2.2) natty-security; urgency=low

  * SECURITY UPDATE: unauthenticated directory traversal allows writing of
    arbitrary files as puppet master
    - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb,
      lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb,
      spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to
      perform proper input validation.
    - CVE-2011-3848
    - LP: #861182
  * debian/patches/fix-rake-spec-missing-require.patch: allow 'rake spec'
    to run again
 -- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 08:26:38 -0500