Ubuntu

“puppet” 2.7.1-1ubuntu3.6 source package in The Oneiric Ocelot

Publishing history

2.7.1-1ubuntu3.6
SUPERSEDED: Oneiric pocket Updates in component main and section admin
  • Removed from disk on 2012-07-14.
  • Removal requested on 2012-07-13.
  • Superseded on 2012-07-12 by puppet - 2.7.1-1ubuntu3.7
  • Published on 2012-04-11
  • Copied from ubuntu oneiric in Private PPA for Ubuntu Security Team
2.7.1-1ubuntu3.6
SUPERSEDED: Oneiric pocket Security in component main and section admin
  • Removed from disk on 2012-07-13.
  • Removal requested on 2012-07-13.
  • Superseded on 2012-07-12 by puppet - 2.7.1-1ubuntu3.7
  • Published on 2012-04-11
  • Copied from ubuntu oneiric in Private PPA for Ubuntu Security Team

Changelog

puppet (2.7.1-1ubuntu3.6) oneiric-security; urgency=low

  * SECURITY UPDATE: Arbitrary file writes via predictable filename usage in
    appdmg and pkgdmg providers
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1906
  * SECURITY UPDATE: Arbitrary file reads via Filebucket REST requests
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1986
  * SECURITY UPDATE: Denial of service via Filebucket text/marshall support
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1987
  * SECURITY UPDATE: Arbitrary code execution via Filebucket requests
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1988
  * SECURITY UPDATE: Arbritrary file writes via predictable telnet output log
    filename
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1989
  * debian/patches/fix-unpredictable-hash-ordering-tests.patch: Fix testsuite
    failures caused by hash randomization in Ruby
 -- Tyler Hicks <email address hidden>   Tue, 10 Apr 2012 11:47:14 -0500