Accepted puppet 2.6.2-5+squeeze5 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 05 Apr 2012 11:49:02 -0400
Source: puppet
Binary: puppet puppetmaster puppet-common vim-puppet puppet-el puppet-testsuite
Architecture: source all
Version: 2.6.2-5+squeeze5
Distribution: stable-security
Urgency: high
Maintainer: Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>
Changed-By: Micah Anderson <micah@debian.org>
Description:
puppet - Centralized configuration management - agent startup and compatib
puppet-common - Centralized configuration management
puppet-el - syntax highlighting for puppet manifests in emacs
puppet-testsuite - Centralized configuration management - test suite
puppetmaster - Centralized configuration management - master startup and compati
vim-puppet - syntax highlighting for puppet manifests in vim
Changes:
puppet (2.6.2-5+squeeze5) stable-security; urgency=high
.
* fix for appdmg and pkgdmg providers write packages to insecure location
allowing for an arbitrary symlink attack (CVE-2012-1906)
* a REST request could be constructed to do an arbitrary filebucket
read, overriding the puppetmaster's defined location, this is fixed
with upstream patch. (CVE-2012-1986)
* fix filebucke denial of service which allowed arbitrary writes on
the puppetmaster (CVE-2012-1987)
* fix for filebucket arbitrary code execution that required access
to the cert on the agent and an unprivileged account on the master
(CVE-2012-1988)
Checksums-Sha1:
c6b2071dddf29373121f507302f3d2508e80a700 2382 puppet_2.6.2-5+squeeze5.dsc
4509247dd0564a51a190fc814ee0122d131c6274 136483 puppet_2.6.2-5+squeeze5.debian.tar.gz
b8fafe78682d6f3e10880f7f09ce6cc311d8d939 209928 puppet_2.6.2-5+squeeze5_all.deb
089da64dc818d840247e296d841cb103b0ebb35d 212816 puppetmaster_2.6.2-5+squeeze5_all.deb
0360f58cf41da2264d68b3708fdf1d22be47df52 739284 puppet-common_2.6.2-5+squeeze5_all.deb
ed76ad209f8d9ab2c6abc785570d5524fabc48db 200558 vim-puppet_2.6.2-5+squeeze5_all.deb
218632794468055875177e21ed9427462b7bed6a 202934 puppet-el_2.6.2-5+squeeze5_all.deb
af51d078247ac2346a57ba142b49b59e27a8efbc 883300 puppet-testsuite_2.6.2-5+squeeze5_all.deb
Checksums-Sha256:
77a276f5e13835bda60dd9d8a0228d3a2e9545af2899ef218e9152034a631424 2382 puppet_2.6.2-5+squeeze5.dsc
2b68845788c038fc943b26bcb636957bddde8b6c428222618e6bb871ef05d452 136483 puppet_2.6.2-5+squeeze5.debian.tar.gz
7ff807a8d9f6bda5f5538677e6594f7ff91df06bcf32c05a267ca63157b3e176 209928 puppet_2.6.2-5+squeeze5_all.deb
5beab94128f4fd5076c527663750214fdc943965fffae5ea809d66d9883c7205 212816 puppetmaster_2.6.2-5+squeeze5_all.deb
b0ee71637edb1cc80417b8c486b366a74393ddb9401e159693dda684e4de8268 739284 puppet-common_2.6.2-5+squeeze5_all.deb
d4a6e81c7076e4be27c32cf8444483aaddb4d374e44cf120467081e86462c0de 200558 vim-puppet_2.6.2-5+squeeze5_all.deb
938364c8b32f48b3f54d8b37b05c3e3a8ab798184eb40cb245c8ee5da29f7aa7 202934 puppet-el_2.6.2-5+squeeze5_all.deb
e2fd33d9499a4cbe6306583be0cf5319823326cacb9617c117c1d80d8e3cb96c 883300 puppet-testsuite_2.6.2-5+squeeze5_all.deb
Files:
537b569f9caf1544613bf66498612fa0 2382 admin optional puppet_2.6.2-5+squeeze5.dsc
d008ec442f6700b210238e65c35abe04 136483 admin optional puppet_2.6.2-5+squeeze5.debian.tar.gz
f0ebd48487d87e51be879d6826f59a8d 209928 admin optional puppet_2.6.2-5+squeeze5_all.deb
e13fb7066797d6f5bdb47f2541be9859 212816 admin optional puppetmaster_2.6.2-5+squeeze5_all.deb
41fee80a466f57dd69c468f0a5886cbf 739284 admin optional puppet-common_2.6.2-5+squeeze5_all.deb
f8f1b2ab1c8990a72750c279a47eba0b 200558 admin optional vim-puppet_2.6.2-5+squeeze5_all.deb
918f778bb1df58dc8a710c1799103b8b 202934 admin optional puppet-el_2.6.2-5+squeeze5_all.deb
349fef05b413dcc4d720b364abdb3500 883300 admin optional puppet-testsuite_2.6.2-5+squeeze5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJPhaArAAoJEIy/mjIoYaeQ9BAP/jdIDkoOa9Hw4KFLawdvuf/J
gwI9VCLDmrscH9g2DVv5IHkZnibw+DC/N1xV0FYlSL1vHXKnvHFOlRyFeYooUJ0l
DBKmoJzsLjiKCfr6DFBj6vwAtfkcnh9KKgoI1VMcM3CWXm44nwgObo26SfRyHwvC
AMEfdxRfTVSi2+btiOIdyDVlyyw4dxCQcIlylhqhaWO/vQndzzFbOG0A0pG5g2MZ
Qk78OrfanGNC73lNdik+C3JWDGiJ+kP5mJxtAiY+jNvCPu7fT2higY+4ZEvRf4zx
fFXDeU1agAFG2UuIRFe6eG4RERmNmxsfX256FnCt5IgtopWgdac9q1DbCsVycAFZ
FKumNN7XOJLaDuKCFEHFAT5bU0oa7TwlS6vuc8TdNaYihPjCpkxQG6AbGFAigt8o
Yd9mvmVijwOXM/wUZChzx4EG5dd3o+0gcyOJGSmarQayy7LKgEAzquLOpkPJx5QG
1BAwk8FU/NZ5wF6fvAsT6HWTaOCw62rIYjnKVVfeGJwkmTYY86PMtI3rWGwXwSQh
MVoeX1bbfgH1oIEpVH4N+XwpGUk6NNOrzk8BcYNr1swyJH+D7zcRlRWubQktQLzI
zbbHzcX+M4SNpC8T6pBTiDTtWmIgMGEPvMSgoEYq3Azh2kpqH3DbgkMswRkR+rmc
ewsVRWjtRh0UdHAyGuCD
=Vsgs
-----END PGP SIGNATURE-----
Accepted:
puppet-common_2.6.2-5+squeeze5_all.deb
to main/p/puppet/puppet-common_2.6.2-5+squeeze5_all.deb
puppet-el_2.6.2-5+squeeze5_all.deb
to main/p/puppet/puppet-el_2.6.2-5+squeeze5_all.deb
puppet-testsuite_2.6.2-5+squeeze5_all.deb
to main/p/puppet/puppet-testsuite_2.6.2-5+squeeze5_all.deb
puppet_2.6.2-5+squeeze5.debian.tar.gz
to main/p/puppet/puppet_2.6.2-5+squeeze5.debian.tar.gz
puppet_2.6.2-5+squeeze5.dsc
to main/p/puppet/puppet_2.6.2-5+squeeze5.dsc
puppet_2.6.2-5+squeeze5_all.deb
to main/p/puppet/puppet_2.6.2-5+squeeze5_all.deb
puppetmaster_2.6.2-5+squeeze5_all.deb
to main/p/puppet/puppetmaster_2.6.2-5+squeeze5_all.deb
vim-puppet_2.6.2-5+squeeze5_all.deb
to main/p/puppet/vim-puppet_2.6.2-5+squeeze5_all.deb
Reply to: