[Pkg-puppet-devel] security fix for lenny

micah micah at riseup.net
Thu Feb 11 22:56:31 UTC 2010


There currently is a unresolved security issue with the puppet package
in lenny[0], it has to do with an issue that was fixed with the 0.25
upload, and seems like it is relatively trivial to backport into the
lenny puppet (at least according to the bug report[1] where Andrew
indicates the git changeset that would fix it).

Does anyone have a few spare cycles to make a debian package for the
security team? I unfortunately will not be able to put any time into
puppet for the next couple weeks. This should be relatively easy though:
just pulling in that fix, making a changelog entry mentioning the CVE
and closing the bug, and then sending the diffs to security at d.o.

micah

0. http://security-tracker.debian.org/tracker/source-package/puppet
1. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551073


-- 
"It is no measure of health to be well adjusted to a profoundly sick society." - J Krishnamurti 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20100211/3d7901fa/attachment.pgp>


More information about the Pkg-puppet-devel mailing list