Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5227ca6 by Moritz Muehlenhoff at 2021-11-30T12:12:03+01:00
mark puppet as ignored for released distros
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45877,14 +45877,23 @@ CVE-2021-27026 (A flaw was divered in Puppet
Enterprise and other Puppet product
NOT-FOR-US: Puppet Enterprise
CVE-2021-27025 (A flaw was discovered in Puppet Agent where the agent may
silently ign ...)
- puppet <unfixed>
+ [bullseye] - puppet <ignored> (Minor issue, too intrusive to backport)
+ [buster] - puppet <ignored> (Minor issue, too intrusive to backport)
NOTE: https://puppet.com/security/cve/cve-2021-27025
NOTE:
https://github.com/puppetlabs/puppet/commit/da8b73edca174309a9bef5f62cd276933fe733e8
(6.25.1)
+ NOTE: Limited impact, needs a malformed custom type provider
CVE-2021-27024 (A flaw was discovered in Continuous Delivery for Puppet
Enterprise (CD ...)
NOT-FOR-US: Continuous Delivery for Puppet Enterprise
CVE-2021-27023 (A flaw was discovered in Puppet Agent and Puppet Server that
may resul ...)
- puppet <unfixed>
+ [bullseye] - puppet <ignored> (Minor issue)
+ [buster] - puppet <ignored> (Minor issue)
NOTE: https://puppet.com/security/cve/cve-2021-27023
NOTE:
https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61
(6.25.1)
+ NOTE: Marginal/unclear security implications, the redirects are fully
under control of
+ NOTE: the puppet masters and the advisory states this CVE would be
similar to CVE-2018-1000007,
+ NOTE: but CVE is for curl, which obviously has different scope being a
library. Plus, all
+ NOTE: reasonably secure installations use client auth on the agents
CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a
task with ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
NOTE: https://puppet.com/security/cve/CVE-2021-27022/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5227ca6648bed4fc133606ab5273faae564eb8e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5227ca6648bed4fc133606ab5273faae564eb8e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
