[Pkg-puppet-devel] Bug#686286: puppet: Please document in NEWS file that the use of IP addresses in cert name could lead to security issues (CVE-2012-3408)
Laurent Bigonville
bigon at debian.org
Thu Aug 30 21:01:00 UTC 2012
Source: puppet
Version: 2.7.18-1
Severity: normal
Hi,
Could you please document in NEWS file that the use of IP addresses in
cert name is deprecated and could lead to security issues.
For more information, please see:
http://security-tracker.debian.org/tracker/CVE-2012-3408
http://puppetlabs.com/security/cve/cve-2012-3408/
Cheers
Laurent Bigonville
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.5-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Pkg-puppet-devel
mailing list