[Secure-testing-commits] r19743 - data/CVE

Henri Salo fgeek-guest at alioth.debian.org
Mon Jul 16 10:28:02 UTC 2012


Author: fgeek-guest
Date: 2012-07-16 10:28:01 +0000 (Mon, 16 Jul 2012)
New Revision: 19743

Modified:
   data/CVE/list
Log:
Stig Sandbeck Mathisen said CVE-2012-3408, CVE-2012-3864, CVE-2012-3865, CVE-2012-3866 and CVE-2012-3867 are fixed in puppet 2.7.18-1 unstable and 2.6.2-5+squeeze6. DSA does not contain information of CVE-2012-3408 nor does the changelog.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-15 18:45:08 UTC (rev 19742)
+++ data/CVE/list	2012-07-16 10:28:01 UTC (rev 19743)
@@ -323,19 +323,19 @@
 CVE-2012-3867
 	RESERVED
 	{DSA-2511-1}
-	- puppet <unfixed>
+	- puppet 2.7.18-1
 CVE-2012-3866
 	RESERVED
 	{DSA-2511-1}
-	- puppet <unfixed>
+	- puppet 2.7.18-1
 CVE-2012-3865
 	RESERVED
 	{DSA-2511-1}
-	- puppet <unfixed>
+	- puppet 2.7.18-1
 CVE-2012-3864
 	RESERVED
 	{DSA-2511-1}
-	- puppet <unfixed>
+	- puppet 2.7.18-1
 CVE-2012-3862
 	RESERVED
 CVE-2012-3861
@@ -1267,7 +1267,8 @@
 	RESERVED
 CVE-2012-3408 [Puppet allows agents with certnames of IP addresses to be impersonated]
 	RESERVED
-	TODO: is puppet affected?
+	{DSA-2511-1}
+	- puppet 2.7.18-1 (medium)
 	NOTE: http://puppetlabs.com/security/cve/cve-2012-3408/
 CVE-2012-3407
 	RESERVED




More information about the Secure-testing-commits mailing list