puppet 2.7.1-1ubuntu3.2~natty1 source package in Ubuntu

Changelog

puppet (2.7.1-1ubuntu3.2~natty1) natty-backports; urgency=low

  * Automated backport upload; no source changes.

puppet (2.7.1-1ubuntu3.2) oneiric-security; urgency=low

  * SECURITY UPDATE: puppet master impersonation via incorrect certificates
    - debian/patches/CVE-2011-3872.patch: refactor certificate handling.
    - Thanks to upstream for providing the patch.
    - CVE-2011-3872

puppet (2.7.1-1ubuntu3) oneiric; urgency=low

  * SECURITY UPDATE: k5login can overwrite arbitrary files as root
    - debian/patches/CVE-2011-3869.patch: adjust type/k5login.rb to securely
      open the file before writing to it as root
    - CVE-2011-3869
  * SECURITY UPDATE: didn't drop privileges before creating and changing
    permissions on SSH keys
    - debian/patches/CVE-2011-3870.patch: adjust ssh_authorized_key/parsed.rb
      to drop privileges before creating the ssh directory and setting
      permissions
    - CVE-2011-3870
  * SECURITY UPDATE: fix predictable temporary filename in ralsh
    - debian/patches/CVE-2011-3871.patch: adjust application/resource.rb to
      use an unpredictable filename
    - CVE-2011-3871
  * SECURITY UPDATE: file indirector injection, similar to CVE-2011-3848
    - secure-indirector-file-backed-terminus-base-cla.patch: Since the
      indirector file backed terminus base class is only used by the test
      suite, remove it and update test cases to use a continuing class.

puppet (2.7.1-1ubuntu2) oneiric; urgency=low

  * SECURITY UPDATE: unauthenticated directory traversal allows writing of
    arbitrary files as puppet master
    - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb,
      lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb,
      spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to
      perform proper input validation.
    - CVE-2011-3848
    - LP: #861182

puppet (2.7.1-1ubuntu1) oneiric; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - debian/puppetmaster-passenger.postinst: Use cacrl instead of hostcrl to
      set the location of the CRL in apache2 configuration. Fix apache2
      configuration on upgrade as well (LP: #641001)
    - move all puppet dependencies to puppet-common since all the code
      actually located in puppet-common.
    - move libagueas from a recommend to a dependency.

puppet (2.7.1-1) UNRELEASED; urgency=low

  * New upstream version
  * Bump Standards-Version (no changes)
  * Adjust debian/source/options to allow for a VCS-generated patch
  * Tell adduser not to create /var/lib/puppet (Closes: #609896)
  * Use dpkg-statoverride to handle permissions
  * Allow the use of file-rc (Closes: #625638)
  * Use the pkg-ruby-extras watch service

puppet (2.6.8-1ubuntu1) oneiric; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - debian/puppetmaster-passenger.postinst: Use cacrl instead of hostcrl to
      set the location of the CRL in apache2 configuration. Fix apache2
      configuration on upgrade as well (LP: #641001)
    - move all puppet dependencies to puppet-common since all the code
      actually located in puppet-common.
    - move libagueas from a recommend to a dependency.

puppet (2.6.8-1) unstable; urgency=low

  * New upstream version

puppet (2.6.7-2) unstable; urgency=medium

  * Fix puppetmaster-passenger.postinst to get proper
    ssl configs (Closes: #620635)
  * Fix maintainer scripts ignoring errors

puppet (2.6.7-1) unstable; urgency=low

  * New upstream version

puppet (2.6.6-1) unstable; urgency=low

  * New upstream release 2.6.6

puppet (2.6.6~rc1-1) experimental; urgency=low

  * New upstream release candidate

puppet (2.6.5-1) unstable; urgency=low

  * New upstream version (Closes: #612894)
  * Remove renamed configuration files now handled by other packages (Closes: #564947, #611615)
 -- Micah Gersten <email address hidden>   Mon, 23 Jan 2012 12:08:53 +0000