This bug was fixed in the package puppet - 2.6.4-2ubuntu2.2
--------------- puppet (2.6.4-2ubuntu2.2) natty-security; urgency=low
* SECURITY UPDATE: unauthenticated directory traversal allows writing of arbitrary files as puppet master - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb, lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb, spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to perform proper input validation. - CVE-2011-3848 - LP: #861182 * debian/patches/fix-rake-spec-missing-require.patch: allow 'rake spec' to run again -- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 08:26:38 -0500
This bug was fixed in the package puppet - 2.6.4-2ubuntu2.2
---------------
puppet (2.6.4-2ubuntu2.2) natty-security; urgency=low
* SECURITY UPDATE: unauthenticated directory traversal allows writing of patches/ CVE-2011- 3848.patch: update lib/puppet/ indirector. rb, puppet/ indirector/ ssl_file. rb, lib/puppet/ indirector/ yaml.rb, unit/indirector /ssl_file. rb and spec/unit/ indirector/ yaml.rb to patches/ fix-rake- spec-missing- require. patch: allow 'rake spec'
arbitrary files as puppet master
- debian/
lib/
spec/
perform proper input validation.
- CVE-2011-3848
- LP: #861182
* debian/
to run again
-- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 08:26:38 -0500