[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update status for puppet issues
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 23 05:22:35 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1e1a5419 by Salvatore Bonaccorso at 2018-02-23T06:20:51+01:00
Update status for puppet issues
Add fixing version for CVE-2017-10689 which got resolved uploading new
upstream version 5.4.0 to unstable.
CVE-2017-10960 did affect only experimental and the 5.4.0-1 upload
included the fix as well.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -38846,13 +38846,12 @@ CVE-2017-10692
CVE-2017-10691
RESERVED
CVE-2017-10690 (In previous versions of Puppet Agent it was possible for the agent to ...)
- [experimental] - puppet <unfixed> (bug #890440)
- puppet <not-affected> (Only affects Puppet 5, only in experimental)
NOTE: https://puppet.com/security/cve/CVE-2017-10690
NOTE: https://tickets.puppetlabs.com/browse/PUP-8225
NOTE: Fixed by: https://github.com/puppetlabs/puppet/commit/bd87bef2c3862d333f4c1f2b148b147d449a375b
CVE-2017-10689 (In previous versions of Puppet Agent it was possible to install a ...)
- - puppet <unfixed> (bug #890412)
+ - puppet 5.4.0-1 (bug #890412)
[stretch] - puppet <no-dsa> (Minor issue)
[jessie] - puppet <no-dsa> (Minor issue)
[wheezy] - puppet <not-affected> (vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e1a5419e398ec030013a2fe9459d3c8dcda7908
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e1a5419e398ec030013a2fe9459d3c8dcda7908
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180223/ebefc1aa/attachment.html>
More information about the Secure-testing-commits
mailing list