Branches for Precise

Author: Tyler Hicks
Revision Date: 2012-04-11 03:55:10 UTC

* SECURITY UPDATE: Arbitrary file writes via predictable filename usage in
  appdmg and pkgdmg providers (LP: #978708)
  - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
  - CVE-2012-1906
* SECURITY UPDATE: Arbitrary file reads via Filebucket REST requests
  - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
  - CVE-2012-1986
* SECURITY UPDATE: Denial of service via Filebucket text/marshall support
  - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
  - CVE-2012-1987
* SECURITY UPDATE: Arbitrary code execution via Filebucket requests
  - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
  - CVE-2012-1988
* SECURITY UPDATE: Arbritrary file writes via predictable telnet output log
  filename
  - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
  - CVE-2012-1989
* debian/patches/puppet-12844: Re-fetch the patch from upstream since some
  missing pieces cause 'rake spec' to abort immediately

Author: Adam Stokes
Revision Date: 2013-09-24 14:58:14 UTC

debian/patches/2.7.11-remove-process_name-performance.patch:
Fixes performance regression caused by a thread that loops forever in
order to change a process name when told so (LP: #995719)

Author: Marc Deslauriers
Revision Date: 2014-01-09 07:56:00 UTC

* SECURITY REGRESSION: Incorrect default file mode (LP: #1267385)
  - debian/patches/CVE-2013-4969-regression.patch: fix incorrect file
    mode in lib/puppet/type/file.rb, lib/puppet/util.rb,
    spec/unit/type/file_spec.rb.
  - CVE-2013-4969

Author: Marc Deslauriers
Revision Date: 2014-01-09 07:56:00 UTC

* SECURITY REGRESSION: Incorrect default file mode (LP: #1267385)
  - debian/patches/CVE-2013-4969-regression.patch: fix incorrect file
    mode in lib/puppet/type/file.rb, lib/puppet/util.rb,
    spec/unit/type/file_spec.rb.
  - CVE-2013-4969

Author: Marc Cluet
Revision Date: 2012-03-16 16:25:19 UTC

* Correct patch DEP3 header format