[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[BSA-050] Security Update for puppet

I've uploaded new packages for puppet which fixed the following security

 Resist directory traversal attacks through indirections.

 In various versions of Puppet it was possible to cause a directory
 traversal attack through the SSLFile indirection base class.  This was
 variously triggered through the user-supplied key, or the Subject of
 the certificate, in the code.

For the squeeze-backports distribution the problems have been fixed in
version 2.7.1-1~bpo60+2.



Attachment: pgpEZJw86rwIp.pgp
Description: PGP signature

Reply to: