Debian Package Tracker

Date: Fri, 13 Apr 2012 18:34:40 +0000
From: Micah Anderson <micah@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted puppet 2.6.2-5+squeeze5 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 05 Apr 2012 11:49:02 -0400
Source: puppet
Binary: puppet puppetmaster puppet-common vim-puppet puppet-el puppet-testsuite
Architecture: source all
Version: 2.6.2-5+squeeze5
Distribution: stable-security
Urgency: high
Maintainer: Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>
Changed-By: Micah Anderson <micah@debian.org>
Description: 
 puppet     - Centralized configuration management - agent startup and compatib
 puppet-common - Centralized configuration management
 puppet-el  - syntax highlighting for puppet manifests in emacs
 puppet-testsuite - Centralized configuration management - test suite
 puppetmaster - Centralized configuration management - master startup and compati
 vim-puppet - syntax highlighting for puppet manifests in vim
Changes: 
 puppet (2.6.2-5+squeeze5) stable-security; urgency=high
 .
   * fix for appdmg and pkgdmg providers write packages to insecure location
     allowing for an arbitrary symlink attack (CVE-2012-1906)
   * a REST request could be constructed to do an arbitrary filebucket
     read, overriding the puppetmaster's defined location, this is fixed
     with upstream patch. (CVE-2012-1986)
   * fix filebucke denial of service which allowed arbitrary writes on
     the puppetmaster (CVE-2012-1987)
   * fix for filebucket arbitrary code execution that required access
     to the cert on the agent and an unprivileged account on the master
     (CVE-2012-1988)
Checksums-Sha1: 
 c6b2071dddf29373121f507302f3d2508e80a700 2382 puppet_2.6.2-5+squeeze5.dsc
 4509247dd0564a51a190fc814ee0122d131c6274 136483 puppet_2.6.2-5+squeeze5.debian.tar.gz
 b8fafe78682d6f3e10880f7f09ce6cc311d8d939 209928 puppet_2.6.2-5+squeeze5_all.deb
 089da64dc818d840247e296d841cb103b0ebb35d 212816 puppetmaster_2.6.2-5+squeeze5_all.deb
 0360f58cf41da2264d68b3708fdf1d22be47df52 739284 puppet-common_2.6.2-5+squeeze5_all.deb
 ed76ad209f8d9ab2c6abc785570d5524fabc48db 200558 vim-puppet_2.6.2-5+squeeze5_all.deb
 218632794468055875177e21ed9427462b7bed6a 202934 puppet-el_2.6.2-5+squeeze5_all.deb
 af51d078247ac2346a57ba142b49b59e27a8efbc 883300 puppet-testsuite_2.6.2-5+squeeze5_all.deb
Checksums-Sha256: 
 77a276f5e13835bda60dd9d8a0228d3a2e9545af2899ef218e9152034a631424 2382 puppet_2.6.2-5+squeeze5.dsc
 2b68845788c038fc943b26bcb636957bddde8b6c428222618e6bb871ef05d452 136483 puppet_2.6.2-5+squeeze5.debian.tar.gz
 7ff807a8d9f6bda5f5538677e6594f7ff91df06bcf32c05a267ca63157b3e176 209928 puppet_2.6.2-5+squeeze5_all.deb
 5beab94128f4fd5076c527663750214fdc943965fffae5ea809d66d9883c7205 212816 puppetmaster_2.6.2-5+squeeze5_all.deb
 b0ee71637edb1cc80417b8c486b366a74393ddb9401e159693dda684e4de8268 739284 puppet-common_2.6.2-5+squeeze5_all.deb
 d4a6e81c7076e4be27c32cf8444483aaddb4d374e44cf120467081e86462c0de 200558 vim-puppet_2.6.2-5+squeeze5_all.deb
 938364c8b32f48b3f54d8b37b05c3e3a8ab798184eb40cb245c8ee5da29f7aa7 202934 puppet-el_2.6.2-5+squeeze5_all.deb
 e2fd33d9499a4cbe6306583be0cf5319823326cacb9617c117c1d80d8e3cb96c 883300 puppet-testsuite_2.6.2-5+squeeze5_all.deb
Files: 
 537b569f9caf1544613bf66498612fa0 2382 admin optional puppet_2.6.2-5+squeeze5.dsc
 d008ec442f6700b210238e65c35abe04 136483 admin optional puppet_2.6.2-5+squeeze5.debian.tar.gz
 f0ebd48487d87e51be879d6826f59a8d 209928 admin optional puppet_2.6.2-5+squeeze5_all.deb
 e13fb7066797d6f5bdb47f2541be9859 212816 admin optional puppetmaster_2.6.2-5+squeeze5_all.deb
 41fee80a466f57dd69c468f0a5886cbf 739284 admin optional puppet-common_2.6.2-5+squeeze5_all.deb
 f8f1b2ab1c8990a72750c279a47eba0b 200558 admin optional vim-puppet_2.6.2-5+squeeze5_all.deb
 918f778bb1df58dc8a710c1799103b8b 202934 admin optional puppet-el_2.6.2-5+squeeze5_all.deb
 349fef05b413dcc4d720b364abdb3500 883300 admin optional puppet-testsuite_2.6.2-5+squeeze5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJPhaArAAoJEIy/mjIoYaeQ9BAP/jdIDkoOa9Hw4KFLawdvuf/J
gwI9VCLDmrscH9g2DVv5IHkZnibw+DC/N1xV0FYlSL1vHXKnvHFOlRyFeYooUJ0l
DBKmoJzsLjiKCfr6DFBj6vwAtfkcnh9KKgoI1VMcM3CWXm44nwgObo26SfRyHwvC
AMEfdxRfTVSi2+btiOIdyDVlyyw4dxCQcIlylhqhaWO/vQndzzFbOG0A0pG5g2MZ
Qk78OrfanGNC73lNdik+C3JWDGiJ+kP5mJxtAiY+jNvCPu7fT2higY+4ZEvRf4zx
fFXDeU1agAFG2UuIRFe6eG4RERmNmxsfX256FnCt5IgtopWgdac9q1DbCsVycAFZ
FKumNN7XOJLaDuKCFEHFAT5bU0oa7TwlS6vuc8TdNaYihPjCpkxQG6AbGFAigt8o
Yd9mvmVijwOXM/wUZChzx4EG5dd3o+0gcyOJGSmarQayy7LKgEAzquLOpkPJx5QG
1BAwk8FU/NZ5wF6fvAsT6HWTaOCw62rIYjnKVVfeGJwkmTYY86PMtI3rWGwXwSQh
MVoeX1bbfgH1oIEpVH4N+XwpGUk6NNOrzk8BcYNr1swyJH+D7zcRlRWubQktQLzI
zbbHzcX+M4SNpC8T6pBTiDTtWmIgMGEPvMSgoEYq3Azh2kpqH3DbgkMswRkR+rmc
ewsVRWjtRh0UdHAyGuCD
=Vsgs
-----END PGP SIGNATURE-----


Accepted:
puppet-common_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/puppet-common_2.6.2-5+squeeze5_all.deb
puppet-el_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/puppet-el_2.6.2-5+squeeze5_all.deb
puppet-testsuite_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/puppet-testsuite_2.6.2-5+squeeze5_all.deb
puppet_2.6.2-5+squeeze5.debian.tar.gz
  to main/p/puppet/puppet_2.6.2-5+squeeze5.debian.tar.gz
puppet_2.6.2-5+squeeze5.dsc
  to main/p/puppet/puppet_2.6.2-5+squeeze5.dsc
puppet_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/puppet_2.6.2-5+squeeze5_all.deb
puppetmaster_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/puppetmaster_2.6.2-5+squeeze5_all.deb
vim-puppet_2.6.2-5+squeeze5_all.deb
  to main/p/puppet/vim-puppet_2.6.2-5+squeeze5_all.deb
News for package puppet
