[Pkg-puppet-devel] Puppet vulnerabilites?
Micah Anderson
micah at riseup.net
Sat Sep 19 16:42:56 UTC 2009
* Micah Anderson <micah at riseup.net> [2009-09-19 12:41-0400]:
> * Andrew Pollock <apollock at debian.org> [2009-09-19 12:18-0400]:
> > I just became aware of http://lwn.net/Articles/352712/
> >
> > No idea yet if any of it's applicable to our packages
>
>
> Funny, I just read that the other day...
>
> The first one is a somewhat security bug, the other three are not at
> all. i dont understand why they were listed as security bugs as well,
> none of the others are marked as security in the redhat trackers
> either. Its a bit of LWN crackery.
>
> For example, redhat's `/etc/init.d/puppet status` returns errors is one
> of them...
>
> The first one doesn't have a CVE assigned, and does work with 0.24.5 in
> unstable, i'm not sure about 0.25 as I haven't tried it yet, but I think
> it is also affected. The issue is tracked here:
>
> http://projects.reductivelabs.com/issues/1890
err sorry: http://projects.reductivelabs.com/issues/show/1806
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20090919/590b3f0a/attachment.pgp>
More information about the Pkg-puppet-devel
mailing list