« back to all changes in this revision
Viewing changes to .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving/content.rb
- Committer: Package Import Robot
- Date: 2012-07-10 07:58:03 UTC
- Revision ID: package-import@ubuntu.com-20120710075803-og8iubg2a90dtk7f
* SECURITY UPDATE: Multiple July 2012 security issues
- debian/patches/2.7.17-Puppet-July-2012-CVE-fixes.patch: upstream
patch to fix multiple security issues.
- CVE-2012-3864: arbitrary file read on master from authenticated
clients
- CVE-2012-3865: arbitrary file delete or denial of service on master
from authenticated clients
- CVE-2012-3866: last_run_report.yaml report file is world readable and
leads to arbitrary file read on master by an agent
- CVE-2012-3867: insufficient input validation for agent cert hostnames
- debian/patches/2.7.17-Puppet-July-2012-CVE-fixes.patch: upstream
patch to fix multiple security issues.
- CVE-2012-3864: arbitrary file read on master from authenticated
clients
- CVE-2012-3865: arbitrary file delete or denial of service on master
from authenticated clients
- CVE-2012-3866: last_run_report.yaml report file is world readable and
leads to arbitrary file read on master by an agent
- CVE-2012-3867: insufficient input validation for agent cert hostnames
- files added:
- .pc/.quilt_patches
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/application
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/face
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/face/file
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_bucket
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_bucket/file
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving/mount
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/indirector
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/indirector/file_bucket_file
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/indirector/file_content
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/indirector/file_metadata
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/network
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/reports
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/ssl
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/ssl/certificate_authority
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration/file_bucket
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration/file_serving
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration/network
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/shared_behaviours
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/file_serving
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/file_serving/mount
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/indirector
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/indirector/file_bucket_file
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/indirector/file_content
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/indirector/file_metadata
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/network
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/network/handler
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/reports
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/ssl
- .pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/ssl/certificate_authority
- spec/integration/file_bucket
- files removed:
- lib/puppet/file_bucket/file
- files modified:
- .pc/applied-patches
added
removed
.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving/content.rb
