[Pkg-puppet-devel] CVE-2012-3408 Puppet allows agents with certnames of IP addresses to be impersonated

Stig Sandbeck Mathisen ssm at debian.org
Mon Jul 16 10:47:39 UTC 2012


Henri Salo <henri at nerv.fi> writes:

> Thank you for your answer. I will add this information to Debian
> security tracker.

Thanks.

> Can we get information of CVE-2012-3408 to puppet changelog?

Unfortunately, no. The 2.7.18-1 debian package with the fix for that CVE
was already uploaded. See http://changelogs.debian.net/puppet

-- 
Stig Sandbeck Mathisen <ssm at debian.org>



More information about the Pkg-puppet-devel mailing list