[Pkg-puppet-devel] puppet_2.6.2-5+squeeze5_amd64.changes ACCEPTED into proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri Apr 13 18:34:40 UTC 2012 


Notes:
Mapping stable-security to proposed-updates.


Accepted:
puppet-common_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/puppet-common_2.6.2-5+squeeze5_all.deb
puppet-el_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/puppet-el_2.6.2-5+squeeze5_all.deb
puppet-testsuite_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/puppet-testsuite_2.6.2-5+squeeze5_all.deb
puppet_2.6.2-5+squeeze5.debian.tar.gz
  to main/p/puppet/puppet_2.6.2-5+squeeze5.debian.tar.gz
puppet_2.6.2-5+squeeze5.dsc
  to main/p/puppet/puppet_2.6.2-5+squeeze5.dsc
puppet_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/puppet_2.6.2-5+squeeze5_all.deb
puppetmaster_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/puppetmaster_2.6.2-5+squeeze5_all.deb
vim-puppet_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/vim-puppet_2.6.2-5+squeeze5_all.deb


Changes:
puppet (2.6.2-5+squeeze5) stable-security; urgency=high
 .
  * fix for appdmg and pkgdmg providers write packages to insecure location
    allowing for an arbitrary symlink attack (CVE-2012-1906)
  * a REST request could be constructed to do an arbitrary filebucket
    read, overriding the puppetmaster's defined location, this is fixed
    with upstream patch. (CVE-2012-1986)
  * fix filebucke denial of service which allowed arbitrary writes on
    the puppetmaster (CVE-2012-1987)
  * fix for filebucket arbitrary code execution that required access
    to the cert on the agent and an unprivileged account on the master
    (CVE-2012-1988)


Override entries for your package:
puppet-common_2.6.2-5+squeeze5_all.deb - optional admin
puppet-el_2.6.2-5+squeeze5_all.deb - optional admin
puppet-testsuite_2.6.2-5+squeeze5_all.deb - optional admin
puppet_2.6.2-5+squeeze5.dsc - source admin
puppet_2.6.2-5+squeeze5_all.deb - optional admin
puppetmaster_2.6.2-5+squeeze5_all.deb - optional admin
vim-puppet_2.6.2-5+squeeze5_all.deb - optional admin

Announcing to debian-changes at lists.debian.org


Thank you for your contribution to Debian.

More information about the Pkg-puppet-devel mailing list