On Sat, Feb 21, 2015 at 08:58:13PM +0100, Stig Sandbeck Mathisen wrote: > Moritz Muehlenhoff <j...@debian.org> writes: > > > On Sat, Jan 17, 2015 at 12:09:51AM +0100, Moritz Muehlenhoff wrote: > >> Package: puppet-module-puppetlabs-stdlib > >> Severity: important > >> Tags: security > >> > >> Hi, > >> please see http://puppetlabs.com/security/cve/cve-2015-1029 > > > > It's been a month, what's the status? > > I replied with > http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/2015-January/009318.html, > but it seems I managed to send it as a followup to the pkg-puppet-devel > mailing list, and not to the BTS. > > Sorry about that. > > I think there is an error in the CVE. After reading the code, I think it > should be "facter versions older than 1.7", and not "facter version 1.7 > and newer".
Confirmed. I've updated the Debian Security Tracker. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org