[Precise] puppet is vulnerable to CVE-2012-1906 and CVE-2012-1986 through CVE-2012-1989
Bug #978708 reported by
Tyler Hicks
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
I've updated the stable releases but will need a sponsor if this is deemed urgent enough to make the Precise release.
Links to Puppet Labs advisories:
http://
http://
http://
http://
http://
Also, while testing, I noticed that 'rake spec' aborts immediately. I traced it down to debian/
To post a comment you must log in.
This debdiff was tested with a local build. It passed the 'umt compare-log', 'umt compare-bin', and 'umt check' verifications. It was also tested with 'cd /usr/share/ puppet- testsuite && rake spec unit'.
It fixes a very early failure in 'rake spec' and now allows the testsuite to finish. I noticed that debian/ patches/ puppet- 12844 was not complete in comparison to the upstream patch. I downloaded the complete patch from:
https:/ /github. com/puppetlabs/ puppet/ commit/ 62738187b8a1ba1 bd2b5e073783674 1b8019a924. patch
Then I did the necessary touch-ups to the patch and replaced the old puppet-12844 with the new, more complete version.
If the partial import of 62738187 was intentional, then this debdiff may not be acceptable. However, it looked like it may have simply been the result of an import error or possibly a non-final version of the upstream patch. Hopefully Marc Cluet can comment on this.