~ubuntu-branches/ubuntu/natty/puppet/natty-updates

Viewing all changes in revision 50.

  • Committer: Package Import Robot
  • Author(s): Jamie Strandboge
  • Date: 2011-09-28 08:26:38 UTC
  • Revision ID: package-import@ubuntu.com-20110928082638-t8ntk3m72k24o8p5
Tags: 2.6.4-2ubuntu2.2
* SECURITY UPDATE: unauthenticated directory traversal allows writing of
  arbitrary files as puppet master
  - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb,
    lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb,
    spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to
    perform proper input validation.
  - CVE-2011-3848
  - LP: #861182
* debian/patches/fix-rake-spec-missing-require.patch: allow 'rake spec'
  to run again

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: