[Git][security-tracker-team/security-tracker][master] mark puppet as ignored for released distros
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Nov 30 11:12:40 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e5227ca6 by Moritz Muehlenhoff at 2021-11-30T12:12:03+01:00
mark puppet as ignored for released distros
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45877,14 +45877,23 @@ CVE-2021-27026 (A flaw was divered in Puppet Enterprise and other Puppet product
NOT-FOR-US: Puppet Enterprise
CVE-2021-27025 (A flaw was discovered in Puppet Agent where the agent may silently ign ...)
- puppet <unfixed>
+ [bullseye] - puppet <ignored> (Minor issue, too intrusive to backport)
+ [buster] - puppet <ignored> (Minor issue, too intrusive to backport)
NOTE: https://puppet.com/security/cve/cve-2021-27025
NOTE: https://github.com/puppetlabs/puppet/commit/da8b73edca174309a9bef5f62cd276933fe733e8 (6.25.1)
+ NOTE: Limited impact, needs a malformed custom type provider
CVE-2021-27024 (A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD ...)
NOT-FOR-US: Continuous Delivery for Puppet Enterprise
CVE-2021-27023 (A flaw was discovered in Puppet Agent and Puppet Server that may resul ...)
- puppet <unfixed>
+ [bullseye] - puppet <ignored> (Minor issue)
+ [buster] - puppet <ignored> (Minor issue)
NOTE: https://puppet.com/security/cve/cve-2021-27023
NOTE: https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61 (6.25.1)
+ NOTE: Marginal/unclear security implications, the redirects are fully under control of
+ NOTE: the puppet masters and the advisory states this CVE would be similar to CVE-2018-1000007,
+ NOTE: but CVE is for curl, which obviously has different scope being a library. Plus, all
+ NOTE: reasonably secure installations use client auth on the agents
CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
NOTE: https://puppet.com/security/cve/CVE-2021-27022/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5227ca6648bed4fc133606ab5273faae564eb8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5227ca6648bed4fc133606ab5273faae564eb8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211130/16c160f4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list