← Back to branch summary

~ubuntu-branches/ubuntu/precise/puppet/precise-security

« back to all changes in this revision

Viewing changes to lib/puppet/ssl/certificate_authority/interface.rb

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2012-07-10 07:58:03 UTC
  • Revision ID: package-import@ubuntu.com-20120710075803-og8iubg2a90dtk7f
Tags: 2.7.11-1ubuntu2.1
* SECURITY UPDATE: Multiple July 2012 security issues
  - debian/patches/2.7.17-Puppet-July-2012-CVE-fixes.patch: upstream
    patch to fix multiple security issues.
  - CVE-2012-3864: arbitrary file read on master from authenticated
    clients
  - CVE-2012-3865: arbitrary file delete or denial of service on master
    from authenticated clients
  - CVE-2012-3866: last_run_report.yaml report file is world readable and
    leads to arbitrary file read on master by an agent
  - CVE-2012-3867: insufficient input validation for agent cert hostnames

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/puppet/ssl/certificate_authority/interface.rb
88
88
          names = certs.values.map(&:keys).flatten
89
89
 
90
90
          name_width = names.sort_by(&:length).last.length rescue 0
 
91
          # We quote these names, so account for those characters
 
92
          name_width += 2
91
93
 
92
94
          output = [:request, :signed, :invalid].map do |type|
93
95
            next if certs[type].empty?
113
115
 
114
116
          alt_names.delete(host)
115
117
 
116
 
          alt_str = "(alt names: #{alt_names.join(', ')})" unless alt_names.empty?
 
118
          alt_str = "(alt names: #{alt_names.map(&:inspect).join(', ')})" unless alt_names.empty?
117
119
 
118
120
          glyph = {:signed => '+', :request => ' ', :invalid => '-'}[type]
119
121
 
120
 
          name = host.ljust(width)
 
122
          name = host.inspect.ljust(width)
121
123
          fingerprint = "(#{ca.fingerprint(host, @digest)})"
122
124
 
123
125
          explanation = "(#{verify_error})" if verify_error