[Pkg-puppet-devel] CVE-2012-3408 Puppet allows agents with certnames of IP addresses to be impersonated

Stig Sandbeck Mathisen ssm at debian.org
Mon Jul 16 10:47:39 UTC 2012

Henri Salo <henri at nerv.fi> writes:

> Thank you for your answer. I will add this information to Debian
> security tracker.


> Can we get information of CVE-2012-3408 to puppet changelog?

Unfortunately, no. The 2.7.18-1 debian package with the fix for that CVE
was already uploaded. See http://changelogs.debian.net/puppet

Stig Sandbeck Mathisen <ssm at debian.org>

More information about the Pkg-puppet-devel mailing list