I've uploaded new packages for puppet which fixed the following security problems: CVE-2011-3848 Resist directory traversal attacks through indirections. In various versions of Puppet it was possible to cause a directory traversal attack through the SSLFile indirection base class. This was variously triggered through the user-supplied key, or the Subject of the certificate, in the code. For the squeeze-backports distribution the problems have been fixed in version 2.7.1-1~bpo60+2. micah --
Attachment:
pgpEZJw86rwIp.pgp
Description: PGP signature