Re: Puppet: possible arbitrary file overwriting in lenny
On Fri, 03 Dec 2010 18:37:09 +0100, Didier Conchaudron wrote:
> It seems like that puppet package in lenny is not patched against
> According to secunia, there is also a local privileges escalation
> I don't really the time to investigate and check if lenny version is
> really vulnerable but considering the latest entry in puppet's Changelog
> I assume that no change has been done since early 2009.
According to the security tracker ,, these issues are indeed
unfixed. They are considered no-dsa, which means that they can/should
be fixed in an SPU upload if there is someone interested in doing the
work but won't be fixed via a DSA.