[Pkg-puppet-devel] Bug#775535: Bug#775535: CVE-2015-1029
Stig Sandbeck Mathisen
ssm at debian.org
Sat Feb 21 19:58:13 UTC 2015
Moritz Muehlenhoff <jmm at debian.org> writes:
> On Sat, Jan 17, 2015 at 12:09:51AM +0100, Moritz Muehlenhoff wrote:
>> Package: puppet-module-puppetlabs-stdlib
>> Severity: important
>> Tags: security
>>
>> Hi,
>> please see http://puppetlabs.com/security/cve/cve-2015-1029
>
> It's been a month, what's the status?
I replied with
http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/2015-January/009318.html,
but it seems I managed to send it as a followup to the pkg-puppet-devel
mailing list, and not to the BTS.
Sorry about that.
I think there is an error in the CVE. After reading the code, I think it
should be "facter versions older than 1.7", and not "facter version 1.7
and newer".
--
Stig Sandbeck Mathisen
More information about the Pkg-puppet-devel
mailing list