-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2012-07-10 07:58:03 UTC
-
Revision ID:
package-import@ubuntu.com-20120710075803-og8iubg2a90dtk7f
Tags: 2.7.11-1ubuntu2.1
* SECURITY UPDATE: Multiple July 2012 security issues
- debian/patches/2.7.17-Puppet-July-2012-CVE-fixes.patch: upstream
patch to fix multiple security issues.
- CVE-2012-3864: arbitrary file read on master from authenticated
clients
- CVE-2012-3865: arbitrary file delete or denial of service on master
from authenticated clients
- CVE-2012-3866: last_run_report.yaml report file is world readable and
leads to arbitrary file read on master by an agent
- CVE-2012-3867: insufficient input validation for agent cert hostnames