[Bug 1023931]
sorry for delay. 2.7.18 in cvs. please mark stable 2.7.18. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
(In reply to comment #3) > sorry for delay. > 2.7.18 in cvs. please mark stable 2.7.18. Thanks. Arches, please test and mark stable: =app-admin/puppet-2.7.18 Target Keywords: "amd64 hppa ppc sparc x86" -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
x86 stable -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
Stable for HPPA. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
amd64 stable -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
CVE-2012-3867 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3867): lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. CVE-2012-3866 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3866): lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file. CVE-2012-3865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3865): Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. CVE-2012-3864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3864): Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
are you sure its stable? vv@crusader /var/db/pkg $ emerge -pvt puppet These are the packages that would be merged, in reverse order: Calculating dependencies | !!! Problem resolving dependencies for app-admin/puppet ... done! !!! The ebuild selected to satisfy "puppet" has unmet requirements. - app-admin/puppet-2.7.18::gentoo USE="-augeas -diff -doc -emacs -ldap -minimal -rrdtool (-selinux) -shadow -sqlite3 -test -vim-syntax -xemacs" RUBY_TARGETS="-ruby18" The following REQUIRED_USE flag constraints are unsatisfied: ruby_targets_ruby18 The above constraints are a subset of the following complete expression: any-of ( ruby_targets_ruby18 ) vv@crusader /var/db/pkg $ -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
(In reply to comment #9) > are you sure its stable? > > > vv@crusader /var/db/pkg $ emerge -pvt puppet > > These are the packages that would be merged, in reverse order: > > Calculating dependencies | > > !!! Problem resolving dependencies for app-admin/puppet > ... done! > > !!! The ebuild selected to satisfy "puppet" has unmet requirements. > - app-admin/puppet-2.7.18::gentoo USE="-augeas -diff -doc -emacs -ldap > -minimal -rrdtool (-selinux) -shadow -sqlite3 -test -vim-syntax -xemacs" > RUBY_TARGETS="-ruby18" > > The following REQUIRED_USE flag constraints are unsatisfied: > ruby_targets_ruby18 > > The above constraints are a subset of the following complete expression: > any-of ( ruby_targets_ruby18 ) > > vv@crusader /var/db/pkg $ same with all puppet ebuilds. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
stable does not mean what you say and viceversa. THe error is clear: > The following REQUIRED_USE flag constraints are unsatisfied: > ruby_targets_ruby18 So you need to enable ruby18 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
(In reply to comment #11) > stable does not mean what you say and viceversa. > > THe error is clear: > > The following REQUIRED_USE flag constraints are unsatisfied: > > ruby_targets_ruby18 > > So you need to enable ruby18 I had to read emerge messages carefully. Sorry for bothering all crowd -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
ppc stable. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
sparc stable -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
Thanks, folks. GLSA Vote: no. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931]
GLSA vote: no. Closing noglsa. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931] [NEW] (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408, 3864, 3865, 3866, 3867})
*** This bug is a security vulnerability *** Public security bug reported: http://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes#2.7.18 This is a security release in the 2.7.x branch. CVE-2012-3864 Arbitrary file read on the puppet master from authenticated clients (high) It is possible to construct an HTTP get request from an authenticated client with a valid certificate that will return the contents of an arbitrary file on the Puppet master that the master has read-access to. CVE-2012-3865 Arbitrary file delete/D.O.S on Puppet Master from authenticated clients (high) Given a Puppet master with the "Delete" directive allowed in auth.conf for an authenticated host, an attacker on that host can send a specially crafted Delete request that can cause an arbitrary file deletion on the Puppet master, potentially causing a denial of service attack. Note that this vulnerability does *not* exist in Puppet as configured by default. CVE-2012-3866 last_run_report.yaml is world readable (medium) The most recent Puppet run report is stored on the Puppet master with world-readable permissions. The report file contains the context diffs of any changes to configuration on an agent, which may contain sensitive information that an attacker can then access. The last run report is overwritten with every Puppet run. Arbitrary file read on the Puppet master by an agent (medium) This vulnerability is dependent upon CVE-2012-3866 "last_run_report.yml is world readable" above. By creating a hard link of a Puppet-managed file to an arbitrary file that the Puppet master can read, an attacker forces the contents to be written to the puppet run summary. The context diff is stored in last_run_report.yaml, which can then be accessed by the attacker. CVE-2012-3867 Insufficient input validation for agent hostnames (low) An attacker could trick the administrator into signing an attacker's certificate rather than the intended one by constructing specially crafted certificate requests containing specific ANSI control sequences. It is possible to use the sequences to rewrite the order of text displayed to an administrator such that display of an invalid certificate and valid certificate are transposed. If the administrator signs the attacker's certificate, the attacker can then man-in-the-middle the agent. CVE-2012-3408 Agents with certnames of IP addresses can be impersonated (low) If an authenticated host with a certname of an IP address changes IP addresses, and a second host assumes the first host's former IP address, the second host will be treated by the puppet master as the first one, giving the second host access to the first host's catalog. Note: This will not be fixed in Puppet versions prior to the forthcoming 3.x. Instead, with this Puppet 2.7.18, IP-based authentication in Puppet < 3.x is deprecated, and a warning will be issued when used. Hotfixes http://puppetlabs.com/security/cve/cve-2012-3408/hotfixes/ ** Affects: puppet (Ubuntu) Importance: Undecided Status: New ** Affects: gentoo Importance: Unknown Status: Unknown ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3408 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3864 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3865 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3866 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3867 ** Bug watch added: Gentoo Bugzilla #425112 https://bugs.gentoo.org/show_bug.cgi?id=425112 ** Also affects: gentoo via https://bugs.gentoo.org/show_bug.cgi?id=425112 Importance: Unknown Status: Unknown ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931] Re: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408, 3864, 3865, 3866, 3867})
http://puppetlabs.com/security/cve/cve-2012-3864/hotfixes/ http://puppetlabs.com/security/cve/cve-2012-3865/hotfixes/ http://puppetlabs.com/security/cve/cve-2012-3866/hotfixes/ http://puppetlabs.com/security/cve/cve-2012-3867/hotfixes/ -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931] Re: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408, 3864, 3865, 3866, 3867})
cated host with a certname of an IP address changes IP addresses, and a second host assumes the first host's former IP address, the second host will be treated by the puppet master as the first one, giving the second host access to the first host's catalog. Note: This will not be fixed in Puppet versions prior to the forthcoming 3.x. Instead, with this announcement IP-based authentication in Puppet < 3.x is deprecated. # Commits in Fixes # These commits will be in the 2.7.x and 2.6.x branches, respectively. 2.7.x = qfd44bf5 Tighten permissions on classfile, resourcefile, lastrunfile, and lastrunreport. 4d7c9fd Use "inspect" when listing certificates bd2820e Don't allow the creation of SSL objects with invalid certnames f341962 Validate CSR CN and provided certname before signing 38c5a4e Add specs for selector terminuses of file_{content,metadata} 9e920a8 Fix whitespace inside parentheses 2d01c2b Use head method to determine if file is in file bucket 40ee670 Always use the local file_bucket on master d881b4b Fail more gracefully when finding module files if no file is specified 20ab0e9 Reject file requests containing .. 10f6cb8 Add Selector terminus for file_content/file_metadata ab9150b Deprecate IP-based authentication d804782 Reject directory traversal in store report processor 2.6.x = 554eefc Reject directory traversal in store report processor 9607bd7 Use "inspect" when listing certificates 0144e68 Don't allow the creation of SSL objects with invalid certnames dfedaa5 Validate CSR CN and provided certname before signing 8eb0cd8 Add specs for selector terminuses of file_{content,metadata} 828c16a Fix whitespace inside parentheses e7ef153 Always use the local file_bucket on master 29ae87d Fail more gracefully when finding module files if no file is specified c872619 Reject file requests containing .. c3c7462 Add Selector terminus for file_content/file_metadata If you have any questions or need additional clarification on anything, please respond to distro-maintain...@puppetlabs.com. Thank you, Moses Mendoza Release Engineer, Puppet Labs Reply at: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/comments/0 On 2012-07-11T21:52:19+00:00 Ackle wrote: Thanks for the report, Matthew. Reply at: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/comments/1 On 2012-07-11T21:54:18+00:00 Ackle wrote: *** Bug 425846 has been marked as a duplicate of this bug. *** Reply at: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/comments/2 ** Changed in: gentoo Importance: Unknown => Low -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931] Re: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408, 3864, 3865, 3866, 3867})
http://www.ubuntu.com/usn/usn-1506-1/ ** Also affects: puppet (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: puppet (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: puppet (Ubuntu Quantal) Importance: Undecided Status: New ** Also affects: puppet (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: puppet (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: puppet (Ubuntu Natty) Status: New => Fix Released ** Changed in: puppet (Ubuntu Quantal) Status: New => Confirmed ** Changed in: puppet (Ubuntu Quantal) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: puppet (Ubuntu Precise) Status: New => Fix Released ** Changed in: puppet (Ubuntu Oneiric) Status: New => Fix Released ** Changed in: puppet (Ubuntu Lucid) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931] Re: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408, 3864, 3865, 3866, 3867})
This is fixed in quantal now too. ** Changed in: puppet (Ubuntu Quantal) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931] Re: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408, 3864, 3865, 3866, 3867})
** Branch linked: lp:ubuntu/puppet -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023931] Re: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408, 3864, 3865, 3866, 3867})
** Changed in: gentoo Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1023931 Title: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867}) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1023931/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs