[Git][security-tracker-team/security-tracker][master] Add CVE-2018-11751/puppet

Salvatore Bonaccorso carnil at debian.org
Thu Jan 16 06:23:12 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89956942 by Salvatore Bonaccorso at 2020-01-16T07:21:33+01:00
Add CVE-2018-11751/puppet

For now kept it as undetermined, but it looks as per references that the
issue is fixed in 6.4.0 upstream and would affect all earlier 6.x
versions.

Needs triage to see all previous versions are affected by the issue and
then move the status from undetermined to unfixed.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -93278,6 +93278,9 @@ CVE-2018-11753
 CVE-2018-11752 (Previous releases of the Puppet cisco_ios module output SSH session de ...)
 	NOT-FOR-US: cisco_ios Puppet module
 CVE-2018-11751 (Previous versions of Puppet Agent didn't verify the peer in the SSL co ...)
+	- puppet <undetermined>
+	NOTE: https://puppet.com/security/cve/CVE-2018-11751/
+	NOTE: https://tickets.puppetlabs.com/browse/PUP-9459
 	TODO: check
 CVE-2018-11750 (Previous releases of the Puppet cisco_ios module did not validate a ho ...)
 	NOT-FOR-US: cisco_ios Puppet module



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/899569424a0e0991fa735b9bf1189268fb23a2e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/899569424a0e0991fa735b9bf1189268fb23a2e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200116/a60ede39/attachment.html>


More information about the debian-security-tracker-commits mailing list