Comment 23 for bug 861182

This bug was fixed in the package puppet - 0.25.4-2ubuntu6.2

---------------
puppet (0.25.4-2ubuntu6.2) lucid-security; urgency=low

  * SECURITY UPDATE: unauthenticated directory traversal allows writing of
    arbitrary files as puppet master (LP: #861182)
    - update lib/puppet/indirector.rb, lib/puppet/indirector/ssl_file.rb,
      lib/puppet/indirector/yaml.rb, spec/unit/indirector/ssl_file.rb and
      spec/unit/indirector/yaml.rb to perform proper input validation.
      Patch from upstream (Daniel Pittman <email address hidden>)
      6e5a821cbf94b220dfc021ff7ebad0831c60e207
    - CVE-2011-3848
    - LP: #861182
 -- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 08:30:14 -0500