[Git][security-tracker-team/security-tracker][master] Track as well puppetserver itp bug for puppetserver CVEs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 4 20:47:49 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd13b5f0 by Salvatore Bonaccorso at 2022-10-04T21:47:05+02:00
Track as well puppetserver itp bug for puppetserver CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -111562,11 +111562,12 @@ CVE-2021-27025 (A flaw was discovered in Puppet Agent where the agent may silent
CVE-2021-27024 (A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD ...)
NOT-FOR-US: Continuous Delivery for Puppet Enterprise
CVE-2021-27023 (A flaw was discovered in Puppet Agent and Puppet Server that may resul ...)
- - puppet-agent <not-affected> (Fixed before initial release, in 6.25.1)
- puppet <removed>
[bullseye] - puppet <ignored> (Minor issue)
[buster] - puppet <ignored> (Minor issue)
[stretch] - puppet <ignored> (Minor issue)
+ - puppet-agent <not-affected> (Fixed before initial release, in 6.25.1)
+ - puppetserver <itp> (bug #830904)
NOTE: https://puppet.com/security/cve/cve-2021-27023
NOTE: https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61 (6.25.1)
NOTE: Marginal/unclear security implications, the redirects are fully under control of
@@ -190895,6 +190896,7 @@ CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debuggi
[experimental] - puppetdb 7.10.1-1
- puppetdb <unfixed> (low)
[buster] - puppetdb <no-dsa> (Minor issue)
+ - puppetserver <itp> (bug #830904)
NOTE: https://puppet.com/security/cve/CVE-2020-7943/
NOTE: https://github.com/puppetlabs/puppet_metrics_dashboard/pull/92
CVE-2020-7942 (Previously, Puppet operated on a model that a node with a valid certif ...)
@@ -395854,6 +395856,7 @@ CVE-2016-2786 (The pxp-agent component in Puppet Enterprise 2015.3.x before 2015
NOTE: https://puppet.com/security/cve/cve-2016-2786
CVE-2016-2785 (Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before ...)
- puppet <not-affected> (Vulnerable code only in 4.x)
+ - puppetserver <itp> (bug #830904)
NOTE: https://puppet.com/security/cve/cve-2016-2785
NOTE: https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
CVE-2016-2784 (CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Ca ...)
@@ -437096,7 +437099,9 @@ CVE-2014-7172
CVE-2014-7171
RESERVED
CVE-2014-7170 (Race condition in Puppet Server 0.2.0 allows local users to obtain sen ...)
- NOT-FOR-US: Puppet Server (replacement for puppetmaster)
+ - puppetserver <itp> (bug #830904)
+ NOTE: https://puppet.com/security/cve/cve-2014-7170
+ NOTE: Is actually a packaging bug in upstream provided packages fixed in 0.2.0.
CVE-2014-7204 (jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a de ...)
{DSA-3042-1 DLA-69-1}
- exuberant-ctags 1:5.9~svn20110310-8 (bug #742605)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd13b5f0a3730e303a48a390e83ccb2d7c423444
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd13b5f0a3730e303a48a390e83ccb2d7c423444
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221004/05b84135/attachment.htm>
More information about the debian-security-tracker-commits
mailing list