-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2012-07-10 08:17:46 UTC
-
Revision ID:
package-import@ubuntu.com-20120710081746-7bkf487y35ri07e6
Tags: 2.7.1-1ubuntu3.7
* SECURITY UPDATE: multiple July 2012 security issues
- debian/patches/2.7.9-Puppet-July-2012-CVE-fixes.patch: fix multiple
security issues with backported upstream 2.7.9 patch to 2.7.1.
- CVE-2012-3864: arbitrary file read on master from authenticated
clients
- CVE-2012-3865: arbitrary file delete or denial of service on master
from authenticated clients
- CVE-2012-3866: last_run_report.yaml report file is world readable and
leads to arbitrary file read on master by an agent
- CVE-2012-3867: insufficient input validation for agent cert hostnames