-
Committer:
Package Import Robot
-
Author(s):
Jamie Strandboge
-
Date:
2011-09-28 07:55:44 UTC
-
Revision ID:
package-import@ubuntu.com-20110928075544-41hipl74vw9llqq6
Tags: 2.7.1-1ubuntu2
* SECURITY UPDATE: unauthenticated directory traversal allows writing of
arbitrary files as puppet master
- debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb,
lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb,
spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to
perform proper input validation.
- CVE-2011-3848
- LP: #861182