We have rebuilt our Windows package for Puppet 3.4.2 in response to CVE-2013-6393[1]. The package includes ruby 1.9.3-p484 compiled against an updated libyaml. It is available at http://downloads.puppetlabs.com/windows/puppet-3.4.2-20140211.msi
CVE-2013-6393 is a vulnerability in the libyaml library that could lead to a denial of service, and the possibility of arbitrary code execution. [1] - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393 -- Matthaus Owens Release Manager, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACD%3DwAdhr83kf0kR_LGsYBNnLCwPd1SE7gZ00fVZm%2BJx6n3uGw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
