Ubuntu
puppet package

  1. Bug #978708
  2. Comment #5

Comment 5 for bug 978708

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package puppet - 2.7.11-1ubuntu2

---------------
puppet (2.7.11-1ubuntu2) precise; urgency=low

  * SECURITY UPDATE: Arbitrary file writes via predictable filename usage in
    appdmg and pkgdmg providers (LP: #978708)
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1906
  * SECURITY UPDATE: Arbitrary file reads via Filebucket REST requests
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1986
  * SECURITY UPDATE: Denial of service via Filebucket text/marshall support
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1987
  * SECURITY UPDATE: Arbitrary code execution via Filebucket requests
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1988
  * SECURITY UPDATE: Arbritrary file writes via predictable telnet output log
    filename
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1989
  * debian/patches/puppet-12844: Re-fetch the patch from upstream since some
    missing pieces cause 'rake spec' to abort immediately
 -- Tyler Hicks <email address hidden> Wed, 11 Apr 2012 03:55:10 -0500