This bug was fixed in the package puppet - 2.6.1-0ubuntu2.1
--------------- puppet (2.6.1-0ubuntu2.1) maverick-security; urgency=low
* SECURITY UPDATE: unauthenticated directory traversal allows writing of arbitrary files as puppet master - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb, lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb, spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to perform proper input validation. - CVE-2011-3848 - LP: #861182 -- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 08:28:21 -0500
This bug was fixed in the package puppet - 2.6.1-0ubuntu2.1
---------------
puppet (2.6.1-0ubuntu2.1) maverick-security; urgency=low
* SECURITY UPDATE: unauthenticated directory traversal allows writing of patches/ CVE-2011- 3848.patch: update lib/puppet/ indirector. rb, puppet/ indirector/ ssl_file. rb, lib/puppet/ indirector/ yaml.rb, unit/indirector /ssl_file. rb and spec/unit/ indirector/ yaml.rb to
arbitrary files as puppet master
- debian/
lib/
spec/
perform proper input validation.
- CVE-2011-3848
- LP: #861182
-- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 08:28:21 -0500