[Git][security-tracker-team/security-tracker][master] puppetserver is in the archive now

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jan 19 08:16:09 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bab836e7 by Moritz Muehlenhoff at 2023-01-19T09:15:33+01:00
puppetserver is in the archive now

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -138359,7 +138359,7 @@ CVE-2021-27023 (A flaw was discovered in Puppet Agent and Puppet Server that may
 	[buster] - puppet <ignored> (Minor issue)
 	[stretch] - puppet <ignored> (Minor issue)
 	- puppet-agent <not-affected> (Fixed before initial release, in 6.25.1)
-	- puppetserver <itp> (bug #830904)
+	- puppetserver <not-affected> (Fixed before initial release, in 7.4.2)
 	NOTE: https://puppet.com/security/cve/cve-2021-27023
 	NOTE: https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61 (6.25.1)
 	NOTE: Marginal/unclear security implications, the redirects are fully under control of
@@ -217716,7 +217716,7 @@ CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debuggi
 	[experimental] - puppetdb 7.10.1-1
 	- puppetdb 7.11.2-2 (low)
 	[buster] - puppetdb <no-dsa> (Minor issue)
-	- puppetserver <itp> (bug #830904)
+	- puppetserver <not-affected> (Fixed before initial release, in 6.11.1)
 	NOTE: https://puppet.com/security/cve/CVE-2020-7943/
 	NOTE: https://github.com/puppetlabs/puppet_metrics_dashboard/pull/92
 CVE-2020-7942 (Previously, Puppet operated on a model that a node with a valid certif ...)
@@ -422616,7 +422616,7 @@ CVE-2016-2786 (The pxp-agent component in Puppet Enterprise 2015.3.x before 2015
 	NOTE: https://puppet.com/security/cve/cve-2016-2786
 CVE-2016-2785 (Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before  ...)
 	- puppet <not-affected> (Vulnerable code only in 4.x)
-	- puppetserver <itp> (bug #830904)
+	- puppetserver <not-affected> (Fixed before initial release, in 2.3.2)
 	NOTE: https://puppet.com/security/cve/cve-2016-2785
 	NOTE: https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
 CVE-2016-2784 (CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Ca ...)
@@ -463855,7 +463855,7 @@ CVE-2014-7172
 CVE-2014-7171
 	RESERVED
 CVE-2014-7170 (Race condition in Puppet Server 0.2.0 allows local users to obtain sen ...)
-	- puppetserver <itp> (bug #830904)
+	- puppetserver <not-affected> (Upstream-specific packaging bug)
 	NOTE: https://puppet.com/security/cve/cve-2014-7170
 	NOTE: Is actually a packaging bug in upstream provided packages fixed in 0.2.0.
 CVE-2014-7204 (jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a de ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bab836e73a159812983c318de1060ac7fad873f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bab836e73a159812983c318de1060ac7fad873f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230119/bdc5622f/attachment.htm>

More information about the debian-security-tracker-commits mailing list