[Pkg-puppet-devel] Bug#863212: puppet: CVE-2017-2295: unsafe YAML deserialization
Salvatore Bonaccorso
carnil at debian.org
Tue May 23 17:10:15 UTC 2017
Source: puppet
Version: 3.7.2-1
Severity: grave
Tags: upstream security patch
Hi,
the following vulnerability was published for puppet.
CVE-2017-2295[0]:
Unsafe YAML deseralization
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-2295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295
[1] https://puppet.com/security/cve/cve-2017-2295
[2] https://github.com/puppetlabs/puppet/commit/06d8c51367ca932b9da5d9b01958cfc0adf0f2ea
Regards,
Salvatore
More information about the Pkg-puppet-devel
mailing list