Puppet Dashboard 1.2.17 is now available. This release of Puppet Dashboard addresses CVE 2012-5664. All users are strongly encouraged to update when possible.
CVE-2012-5664 affects Ruby on Rails, specifically in all versions of ActiveRecord. The vulnerability exposes ActiveRecord to arbitrary SQL Injection. More information on the vulnerability can be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5664 Downloads ======== RPM packages for are available at https://yum.puppetlabs.com/el or /fedora Debian packages are available at https://apt.puppetlabs.com Source can be downloaded from https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.17.tar.gz, along with the accompanying signature file, https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.17.tar.gz.asc . See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet 1.2.17 Security Fixes ================ Aaron Stone (1): 5b7bdca Patch for CVE-2012-5664: options hashes should only be extracted if there are extra parameters -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to puppet-dev@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
