-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 10 Jul 2012 13:57:49 +0200 Source: puppet Binary: puppet puppetmaster puppet-common vim-puppet puppet-el puppet-testsuite Architecture: source all Version: 2.6.2-5+squeeze6 Distribution: stable-security Urgency: high Maintainer: Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org> Changed-By: Stig Sandbeck Mathisen <ssm@debian.org> Description: puppet - Centralized configuration management - agent startup and compatib puppet-common - Centralized configuration management puppet-el - syntax highlighting for puppet manifests in emacs puppet-testsuite - Centralized configuration management - test suite puppetmaster - Centralized configuration management - master startup and compati vim-puppet - syntax highlighting for puppet manifests in vim Changes: puppet (2.6.2-5+squeeze6) stable-security; urgency=high . * Add patch to fix puppet master vulnerabilities (CVE-2012-3864, CVE-2012-3865, CVE-2012-3866, CVE-2012-3867) - CVE-2012-3864: Arbitrary file read on the puppet master from authenticated clients (high) - CVE-2012-3865: Arbitrary file delete/D.O.S on Puppet Master from authenticated clients (high) - CVE-2012-3866: last_run_report.yaml is world readable (medium) - CVE-2012-3867: Insufficient input validation for agent hostnames (low) Checksums-Sha1: 46a3988d5a46c96f504a3122e9a8794ea947b5b9 1535 puppet_2.6.2-5+squeeze6.dsc 3fc93ad2ac53bc54e48bf992233259a02a33ce54 151874 puppet_2.6.2-5+squeeze6.debian.tar.gz 25dff60155824b1edc0cb5adf4ea0339c0a5bafa 210572 puppet_2.6.2-5+squeeze6_all.deb 30c636cfc10105bd1410f08b73d933b20b2bcf43 214002 puppetmaster_2.6.2-5+squeeze6_all.deb a9224c869e60efd85c39ffbb7d6a5a8013f30e1b 742322 puppet-common_2.6.2-5+squeeze6_all.deb e601e942876ecbe7d50ad583f617a1b2c0ef14b7 201128 vim-puppet_2.6.2-5+squeeze6_all.deb a783adc3105ef3ffbec3ddf74bf02793f7109c35 203682 puppet-el_2.6.2-5+squeeze6_all.deb 3edc5d03b1b473727f7dae5d1c413c666c9276e9 890070 puppet-testsuite_2.6.2-5+squeeze6_all.deb Checksums-Sha256: e8483b9bb2a7a4375fe39666ea7eb093e60b15b4b1e3cdbc741484b3c3023067 1535 puppet_2.6.2-5+squeeze6.dsc c4993ed4b4284d74991cbe689e86ed4fc9413a05befe3b93329db55973c4e19d 151874 puppet_2.6.2-5+squeeze6.debian.tar.gz e263a3d02ab8f94ea297df4b1948793afb0d9b68edc65d25eb8edb1c2709c811 210572 puppet_2.6.2-5+squeeze6_all.deb 698c9f32dca98a4aeb6a4ec7b0a39fc07ea2baba5b14cfa6aeac46d5f9976469 214002 puppetmaster_2.6.2-5+squeeze6_all.deb 2f3e657e1b64e4a9d52cc93b4bd2e71fd807260976896b196fbbeb64c26e94ae 742322 puppet-common_2.6.2-5+squeeze6_all.deb 3ce40a5309455a61370d9ee5355b7d9786c65f6d4d62a313df23184538ded32d 201128 vim-puppet_2.6.2-5+squeeze6_all.deb 32affa2acb4be6dd6e29b89e4125c3a139583aa240f6a3742ed4fc3ea46d55c2 203682 puppet-el_2.6.2-5+squeeze6_all.deb e173418913e5bfd229f0f93f0bd29352390f0577c58749a5ec6d5c3aa61cc651 890070 puppet-testsuite_2.6.2-5+squeeze6_all.deb Files: 7870cf71071d771cfd45918c01d531b3 1535 admin optional puppet_2.6.2-5+squeeze6.dsc ab9e9c68f42396641e8559f888c6b443 151874 admin optional puppet_2.6.2-5+squeeze6.debian.tar.gz 34efd96a91fa3864bf1e84eeff57cc76 210572 admin optional puppet_2.6.2-5+squeeze6_all.deb 5d27610adf7b1a260fd0e4bdfcb85f7c 214002 admin optional puppetmaster_2.6.2-5+squeeze6_all.deb dda56c50f4edb155a85b30801789030a 742322 admin optional puppet-common_2.6.2-5+squeeze6_all.deb 1e0cddba218424b3e37b411bec0c377d 201128 admin optional vim-puppet_2.6.2-5+squeeze6_all.deb c93e67fe42837546acbfa3148ff6c919 203682 admin optional puppet-el_2.6.2-5+squeeze6_all.deb 3b835f6b55933f9a883bbb19faebfeeb 890070 admin optional puppet-testsuite_2.6.2-5+squeeze6_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk/8R68ACgkQQONU2fom4u5cCgCeJQYRx9uZ06U9eLHdsVoA7lpN dssAoI7RKuQVs4D3qpmnO3/DpNykVPPu =SHy+ -----END PGP SIGNATURE-----