We have rebuilt our Windows package for Puppet 3.4.2 in response to CVE-2013-6393[1]. The package includes ruby 1.9.3-p484 compiled against an updated libyaml. It is available at http://downloads.puppetlabs.com/windows/puppet-3.4.2-20140211.msi
CVE-2013-6393 is a vulnerability in the libyaml library that could lead to a denial of service, and the possibility of arbitrary code execution. [1] - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393 -- Matthaus Owens Release Manager, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACD%3DwAdhr83kf0kR_LGsYBNnLCwPd1SE7gZ00fVZm%2BJx6n3uGw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
