[Pkg-puppet-devel] SECURITY: Authorization vulnerability in Puppet 2.6.x

micah anderson micah at riseup.net
Thu Dec 2 15:36:08 UTC 2010


On Wed, 1 Dec 2010 13:06:16 -0800, Nigel Kersten <nigel at explanatorygap.net> wrote:
> (Note the scope of this is not as bad on Debian as on some of our
> other platforms)

Indeed, I've tried this on my systems, and so far haven't been able to
reproduce the vulnerability. 

> I'm still dealing with the fallout upstream, but can get the merge done tonight.

Does this mean you are going to merge the fix into the Debian
repository? Do you have an isolated fix that we can merge into the
Squeeze targetted release (the squeeze-2.6.2 branch in the repository)?

micah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20101202/61729401/attachment.pgp>


More information about the Pkg-puppet-devel mailing list