subject:"\[Bug 1267385\] \[NEW\] Default file mode now 0600 instead of 0644 \(regression in CVE\-2013\-4969 fix\)"

[Bug 1267385] [NEW] Default file mode now 0600 instead of 0644 (regression in CVE-2013-4969 fix)

2014-01-09 Thread Dominic Cleal

Public bug reported: The fix for CVE-2013-4969 (tempfile vulnerability) contained a regression affecting the default file mode if none is specified on a file resource. This has been fixed in upstream 3.4.2 and 2.7.25. Upstream bug: https://tickets.puppetlabs.com/browse/PUP-1255 Please apply

[Bug 1267385] [NEW] Default file mode now 0600 instead of 0644 (regression in CVE-2013-4969 fix)

2014-01-09 Thread Dominic Cleal

Public bug reported: The fix for CVE-2013-4969 (tempfile vulnerability) contained a regression affecting the default file mode if none is specified on a file resource. This has been fixed in upstream 3.4.2 and 2.7.25. Upstream bug: https://tickets.puppetlabs.com/browse/PUP-1255 Please apply