lp://staging/ubuntu/natty-security/puppet
- Get this branch:
- bzr branch lp://staging/ubuntu/natty-security/puppet
Branch merges
Related source package recipes
Branch information
Recent revisions
- 57. By Marc Deslauriers
-
* SECURITY UPDATE: multiple July 2012 security issues
- debian/patches/ 2.6.4-Puppet- July-2012- CVE-fixes. patch: fix multiple
security issues. Patch from upstream, with an additional fix to
lib/puppet/ reports/ store.rb.
- CVE-2012-3864: arbitrary file read on master from authenticated
clients
- CVE-2012-3865: arbitrary file delete or denial of service on master
from authenticated clients
- CVE-2012-3867: insufficient input validation for agent cert hostnames - 56. By Tyler Hicks
-
* SECURITY UPDATE: Arbitrary file writes via predictable filename usage in
appdmg and pkgdmg providers
- debian/patches/ CVE-2012- 1906_CVE- 2012-1986_ to_CVE- 2012-1989. patch
- CVE-2012-1906
* SECURITY UPDATE: Arbitrary file reads via Filebucket REST requests
- debian/patches/ CVE-2012- 1906_CVE- 2012-1986_ to_CVE- 2012-1989. patch
- CVE-2012-1986
* SECURITY UPDATE: Denial of service via Filebucket text/marshall support
- debian/patches/ CVE-2012- 1906_CVE- 2012-1986_ to_CVE- 2012-1989. patch
- CVE-2012-1987
* SECURITY UPDATE: Arbitrary code execution via Filebucket requests
- debian/patches/ CVE-2012- 1906_CVE- 2012-1986_ to_CVE- 2012-1989. patch
- CVE-2012-1988
* debian/patches/ fix-unpredictab le-hash- ordering- tests.patch: Fix testsuite
failures caused by hash randomization in Ruby - 55. By Jamie Strandboge
-
* SECURITY UPDATE: correctly drop group privileges
- debian/patches/ CVE-2012- 1053_CVE- 2012-1054. patch
- CVE-2012-1053
* SECURITY UPDATE: properly handle symlinks with Klogin
- debian/patches/ CVE-2012- 1053_CVE- 2012-1054. patch
- CVE-2012-1054 - 54. By Jamie Strandboge
-
* SECURITY UPDATE: fix access to remote resource when auth.conf is
missing which was was reintroduced in 2.6.4-2ubuntu1.
- debian/patches/ CVE-2011- 0528.patch: Disable remote ralsh by default
- CVE-2011-0528 - 53. By Marc Deslauriers
-
* REGRESSION FIX (LP: #881361)
- debian/patches/ CVE-2011- 3872.patch: updated to fix regression with
"puppetca" command. - 52. By Marc Deslauriers
-
* SECURITY UPDATE: puppet master impersonation via incorrect certificates
- debian/patches/ CVE-2011- 3872.patch: refactor certificate handling.
- Thanks to upstream for providing the patch.
- CVE-2011-3872 - 51. By Jamie Strandboge
-
* SECURITY UPDATE: k5login can overwrite arbitrary files as root
- debian/patches/ CVE-2011- 3869.patch: adjust type/k5login.rb to securely
open the file before writing to it as root
- CVE-2011-3869
* SECURITY UPDATE: didn't drop privileges before creating and changing
permissions on SSH keys
- debian/patches/ CVE-2011- 3870.patch: adjust ssh_authorized_ key/parsed. rb
to drop privileges before creating the ssh directory and setting
permissions
- CVE-2011-3870
* SECURITY UPDATE: fix predictable temporary filename in ralsh
- debian/patches/ CVE-2011- 3871.patch: adjust application/ resource. rb to
use an unpredictable filename
- CVE-2011-3871
* SECURITY UPDATE: file indirector injection, similar to CVE-2011-3848
- secure-indirector- file-backed- terminus- base-cla. patch: Since the
indirector file backed terminus base class is only used by the test
suite, remove it and update test cases to use a continuing class. - 50. By Jamie Strandboge
-
* SECURITY UPDATE: unauthenticated directory traversal allows writing of
arbitrary files as puppet master
- debian/patches/ CVE-2011- 3848.patch: update lib/puppet/ indirector. rb,
lib/puppet/ indirector/ ssl_file. rb, lib/puppet/ indirector/ yaml.rb,
spec/unit/indirector /ssl_file. rb and spec/unit/ indirector/ yaml.rb to
perform proper input validation.
- CVE-2011-3848
- LP: #861182
* debian/patches/ fix-rake- spec-missing- require. patch: allow 'rake spec'
to run again
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/oneiric/puppet
