-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2012-07-13 12:45:14 UTC
-
Revision ID:
package-import@ubuntu.com-20120713124514-dg9d4uvv4nq2tg8d
Tags: 2.7.11-1ubuntu3
* SECURITY UPDATE: Multiple July 2012 security issues
- debian/patches/2.7.17-Puppet-July-2012-CVE-fixes.patch: upstream
patch to fix multiple security issues.
- CVE-2012-3864: arbitrary file read on master from authenticated
clients
- CVE-2012-3865: arbitrary file delete or denial of service on master
from authenticated clients
- CVE-2012-3866: last_run_report.yaml report file is world readable and
leads to arbitrary file read on master by an agent
- CVE-2012-3867: insufficient input validation for agent cert hostnames
* debian/control: use ruby1.8 as Build-Depends-Indep to fix FTBFS