[Pkg-puppet-devel] Bug#712745: Re: Bug#712745: Bug#7712745: puppet: CVE-2013-3567
Raphael Geissert
geissert at debian.org
Tue Aug 20 09:02:53 UTC 2013
Hi again,
On 31 July 2013 17:43, Chris Boot <crb at tiger-computing.co.uk> wrote:
> This patch isn't part of 2.7.18-5, which is currently in wheezy. We've
> had to roll our own update internally that includes the patch in order
> to correctly process reports from other servers.
Are you sure that this issue wasn't already present before the security update?
After reviewing all the fields I don't see any extra being added or
deleted. There is one issue, however, where the report format wasn't
bumped to version 3 but this comes from upstream:
http://projects.puppetlabs.com/issues/15739
You could check if that is the issue by modifying
transaction/report.rb's initialize to @report_format = 3.
Regards,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the Pkg-puppet-devel
mailing list