Register | Log in

puppet

configuration management system

Choose email to subscribe with

general

source: puppet (main)
version: 5.5.19-1
maintainer: Puppet Package Maintainers (archive) (DMD)
uploaders: Apollon Oikonomopoulos [DMD] – Micah Anderson [DMD] – Andrew Pollock [DMD] – Stig Sandbeck Mathisen [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.7.2-4+deb8u1
o-o-sec: 3.7.2-4+deb8u1
oldstable: 4.8.2-5
stable: 5.5.10-4
testing: 5.5.19-1
unstable: 5.5.19-1

versioned links

3.7.2-4+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.2-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.5.10-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.5.19-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

puppet (19 bugs: 0, 10, 9, 0)
puppet-master (2 bugs: 0, 2, 0, 0)
puppet-master-passenger

action needed

A new upstream version is available: 5.5.20 high

A new upstream version 5.5.20 is available, you should consider packaging it.

Created: 2020-05-02 Last update: 2020-05-27 00:14

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2020-7943: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13
CVE-2018-11751: Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

Please fix them.

Created: 2020-01-16 Last update: 2020-04-04 05:00

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2020-7943: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13
CVE-2018-11751: Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

Please fix them.

Created: 2020-01-16 Last update: 2020-04-04 05:00

4 bugs tagged patch in the BTS normal

The BTS contains patches fixing 4 bugs, consider including or untagging them.

Created: 2020-02-26 Last update: 2020-05-27 01:32

lintian reports 6 warnings normal

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-05-21 Last update: 2020-05-21 00:07

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2020-7943: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13
CVE-2018-11751: Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

Please fix them.

Created: 2020-01-16 Last update: 2020-04-04 05:00

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2017-10689: In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
CVE-2018-11751: Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

Please fix them.

Created: 2018-02-08 Last update: 2020-04-04 05:00

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2020-7943: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13
CVE-2017-10689: In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
CVE-2018-11751: Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

Please fix them.

Created: 2018-02-08 Last update: 2020-04-04 05:00

news

[2020-03-23] puppet 5.5.19-1 MIGRATED to testing (Debian testing watch)
[2020-03-19] Accepted puppet 5.5.19-1 (source) into unstable (Apollon Oikonomopoulos)
[2019-06-19] puppet 5.5.10-4 MIGRATED to testing (Debian testing watch)
[2019-06-17] Accepted puppet 5.5.10-4 (source all) into unstable (Thomas Goirand)
[2019-06-06] Accepted puppet 5.5.10-3 (source all) into unstable (Thomas Goirand)
[2019-03-18] puppet 5.5.10-2 MIGRATED to testing (Debian testing watch)
[2019-03-13] Accepted puppet 5.5.10-2 (source all) into unstable (Apollon Oikonomopoulos)
[2019-01-18] puppet 5.5.10-1 MIGRATED to testing (Debian testing watch)
[2019-01-16] Accepted puppet 5.5.10-1 (source all) into unstable (Apollon Oikonomopoulos)
[2018-11-11] puppet 5.5.8-1 MIGRATED to testing (Debian testing watch)
[2018-11-09] Accepted puppet 5.5.8-1 (source all) into unstable (Apollon Oikonomopoulos)
[2018-08-31] puppet 5.5.6-1 MIGRATED to testing (Debian testing watch)
[2018-08-29] Accepted puppet 5.5.6-1 (source all) into unstable (Apollon Oikonomopoulos)
[2018-07-26] puppet 5.5.3-1 MIGRATED to testing (Debian testing watch)
[2018-07-23] Accepted puppet 5.5.3-1 (source all) into unstable (Apollon Oikonomopoulos)
[2018-07-11] puppet 5.5.2-2 MIGRATED to testing (Debian testing watch)
[2018-07-09] puppet 5.5.2-1 MIGRATED to testing (Debian testing watch)
[2018-07-08] Accepted puppet 5.5.2-2 (source) into unstable (Apollon Oikonomopoulos)
[2018-07-05] Accepted puppet 5.5.2-1 (source all) into unstable (Apollon Oikonomopoulos)
[2018-03-18] puppet 5.4.0-2 MIGRATED to testing (Debian testing watch)
[2018-03-13] Accepted puppet 5.4.0-2 (source all) into unstable (Apollon Oikonomopoulos)
[2018-02-28] puppet 5.4.0-1 MIGRATED to testing (Debian testing watch)
[2018-02-23] Accepted puppet 5.4.0-1 (source all) into unstable (Apollon Oikonomopoulos)
[2017-09-05] Accepted puppet 5.1.0-1 (source all) into experimental (Apollon Oikonomopoulos)
[2017-07-09] puppet 4.10.4-2 MIGRATED to testing (Debian testing watch)
[2017-07-03] Accepted puppet 4.10.4-2 (source all) into unstable (Apollon Oikonomopoulos)
[2017-07-03] Accepted puppet 2.7.23-1~deb7u4 (source all) into oldoldstable (Antoine Beaupré)
[2017-07-03] puppet 4.10.4-1 MIGRATED to testing (Debian testing watch)
[2017-06-28] Accepted puppet 4.10.4-1 (source) into unstable (Apollon Oikonomopoulos)
[2017-05-31] Accepted puppet 3.7.2-4+deb8u1 (source all) into proposed-updates->stable-new, proposed-updates (Apollon Oikonomopoulos)

1
2

bugs [bug history graph]

all: 26 28
RC: 0
I&N: 15 17
M&W: 11
F&P: 0
patch: 4

links

homepage
lintian (0, 6)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.5.10-4ubuntu3
28 bugs (2 patches)
patches for 5.5.10-4ubuntu3

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing