[Pkg-puppet-devel] Puppet vulnerabilites?
Micah Anderson
micah at riseup.net
Sat Sep 19 16:41:51 UTC 2009
* Andrew Pollock <apollock at debian.org> [2009-09-19 12:18-0400]:
> I just became aware of http://lwn.net/Articles/352712/
>
> No idea yet if any of it's applicable to our packages
Funny, I just read that the other day...
The first one is a somewhat security bug, the other three are not at
all. i dont understand why they were listed as security bugs as well,
none of the others are marked as security in the redhat trackers
either. Its a bit of LWN crackery.
For example, redhat's `/etc/init.d/puppet status` returns errors is one
of them...
The first one doesn't have a CVE assigned, and does work with 0.24.5 in
unstable, i'm not sure about 0.25 as I haven't tried it yet, but I think
it is also affected. The issue is tracked here:
http://projects.reductivelabs.com/issues/1890
micah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20090919/e8796853/attachment.pgp>
More information about the Pkg-puppet-devel
mailing list