This bug was fixed in the package puppet - 2.7.11-1ubuntu2
--------------- puppet (2.7.11-1ubuntu2) precise; urgency=low
* SECURITY UPDATE: Arbitrary file writes via predictable filename usage in appdmg and pkgdmg providers (LP: #978708) - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch - CVE-2012-1906 * SECURITY UPDATE: Arbitrary file reads via Filebucket REST requests - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch - CVE-2012-1986 * SECURITY UPDATE: Denial of service via Filebucket text/marshall support - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch - CVE-2012-1987 * SECURITY UPDATE: Arbitrary code execution via Filebucket requests - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch - CVE-2012-1988 * SECURITY UPDATE: Arbritrary file writes via predictable telnet output log filename - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch - CVE-2012-1989 * debian/patches/puppet-12844: Re-fetch the patch from upstream since some missing pieces cause 'rake spec' to abort immediately -- Tyler Hicks <email address hidden> Wed, 11 Apr 2012 03:55:10 -0500
This bug was fixed in the package puppet - 2.7.11-1ubuntu2
---------------
puppet (2.7.11-1ubuntu2) precise; urgency=low
* SECURITY UPDATE: Arbitrary file writes via predictable filename usage in patches/ CVE-2012- 1906_CVE- 2012-1986_ to_CVE- 2012-1989. patch patches/ CVE-2012- 1906_CVE- 2012-1986_ to_CVE- 2012-1989. patch patches/ CVE-2012- 1906_CVE- 2012-1986_ to_CVE- 2012-1989. patch patches/ CVE-2012- 1906_CVE- 2012-1986_ to_CVE- 2012-1989. patch patches/ CVE-2012- 1906_CVE- 2012-1986_ to_CVE- 2012-1989. patch patches/ puppet- 12844: Re-fetch the patch from upstream since some
appdmg and pkgdmg providers (LP: #978708)
- debian/
- CVE-2012-1906
* SECURITY UPDATE: Arbitrary file reads via Filebucket REST requests
- debian/
- CVE-2012-1986
* SECURITY UPDATE: Denial of service via Filebucket text/marshall support
- debian/
- CVE-2012-1987
* SECURITY UPDATE: Arbitrary code execution via Filebucket requests
- debian/
- CVE-2012-1988
* SECURITY UPDATE: Arbritrary file writes via predictable telnet output log
filename
- debian/
- CVE-2012-1989
* debian/
missing pieces cause 'rake spec' to abort immediately
-- Tyler Hicks <email address hidden> Wed, 11 Apr 2012 03:55:10 -0500