[Pkg-puppet-devel] Bug#775535: Bug#775535: CVE-2015-1029

Stig Sandbeck Mathisen ssm at debian.org
Sat Feb 21 19:58:13 UTC 2015


Moritz Muehlenhoff <jmm at debian.org> writes:

> On Sat, Jan 17, 2015 at 12:09:51AM +0100, Moritz Muehlenhoff wrote:
>> Package: puppet-module-puppetlabs-stdlib
>> Severity: important
>> Tags: security
>> 
>> Hi,
>> please see http://puppetlabs.com/security/cve/cve-2015-1029
>
> It's been a month, what's the status?

I replied with
http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/2015-January/009318.html,
but it seems I managed to send it as a followup to the pkg-puppet-devel
mailing list, and not to the BTS.

Sorry about that.

I think there is an error in the CVE. After reading the code, I think it
should be "facter versions older than 1.7", and not "facter version 1.7
and newer".

-- 
Stig Sandbeck Mathisen



More information about the Pkg-puppet-devel mailing list