[Pkg-puppet-devel] Bug#775535: Bug#775535: CVE-2015-1029
Moritz Mühlenhoff
jmm at inutil.org
Wed Feb 25 19:01:05 UTC 2015
On Sat, Feb 21, 2015 at 08:58:13PM +0100, Stig Sandbeck Mathisen wrote:
> Moritz Muehlenhoff <jmm at debian.org> writes:
>
> > On Sat, Jan 17, 2015 at 12:09:51AM +0100, Moritz Muehlenhoff wrote:
> >> Package: puppet-module-puppetlabs-stdlib
> >> Severity: important
> >> Tags: security
> >>
> >> Hi,
> >> please see http://puppetlabs.com/security/cve/cve-2015-1029
> >
> > It's been a month, what's the status?
>
> I replied with
> http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/2015-January/009318.html,
> but it seems I managed to send it as a followup to the pkg-puppet-devel
> mailing list, and not to the BTS.
>
> Sorry about that.
>
> I think there is an error in the CVE. After reading the code, I think it
> should be "facter versions older than 1.7", and not "facter version 1.7
> and newer".
Confirmed. I've updated the Debian Security Tracker.
Cheers,
Moritz
More information about the Pkg-puppet-devel
mailing list