[Bug 1068145] Re: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break
Could you comment on that? It's not a trivial fix for 2.7.x. Sorry for the late reply. -Jeff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1068145 Title: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1068145/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1068145] Re: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break
Could you comment on that? It's not a trivial fix for 2.7.x. Sorry for the late reply. -Jeff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068145 Title: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1068145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1068145] Re: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break
On Fri, May 10, 2013 at 11:51 AM, Adam Stokes adam.sto...@canonical.comwrote: Jeff, I've been searching through the documentation on puppet labs wiki but I am unable to find a tentative release date for 3.2.0. Do you have that information and if the date is set do you mind sharing that with me. The best place to see the list of work targeted at Puppet 3.2.0 is at: http://projects.puppetlabs.com/projects/puppet/roadmap#3.2.0 We released 3.2.0rc2 this week. If there are no new issues reported ande introduced by the release of RC2 then we'll release Puppet 3.2.0 approximately 7 days after the release of RC2. As far as I know we haven't had any reported RC introduced issues, so there's a pretty good chance we'll release Puppet 3.2.0 sometime during the week of 13 May (next week). Unfortunately I can't give a specific date, nor is this information I'm providing authoritative. Eric Sorenson will make the final decision to cut the release, but we're looking pretty good for next week. Please keep an eye on the puppet-announce mailing list, which is one of the places the release announcement will be published. Hope this helps, -Jeff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1068145 Title: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1068145/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1068145] Re: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break
On Fri, May 10, 2013 at 11:51 AM, Adam Stokes adam.sto...@canonical.comwrote: Jeff, I've been searching through the documentation on puppet labs wiki but I am unable to find a tentative release date for 3.2.0. Do you have that information and if the date is set do you mind sharing that with me. The best place to see the list of work targeted at Puppet 3.2.0 is at: http://projects.puppetlabs.com/projects/puppet/roadmap#3.2.0 We released 3.2.0rc2 this week. If there are no new issues reported ande introduced by the release of RC2 then we'll release Puppet 3.2.0 approximately 7 days after the release of RC2. As far as I know we haven't had any reported RC introduced issues, so there's a pretty good chance we'll release Puppet 3.2.0 sometime during the week of 13 May (next week). Unfortunately I can't give a specific date, nor is this information I'm providing authoritative. Eric Sorenson will make the final decision to cut the release, but we're looking pretty good for next week. Please keep an eye on the puppet-announce mailing list, which is one of the places the release announcement will be published. Hope this helps, -Jeff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068145 Title: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1068145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068145] Re: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break
Yes, we're planning to release the fix for this issue in Puppet 3.2 which will hopefully go out as RC1 at the end of this week. I'm not sure how difficult the backport to 2.7 will be, but we did so a slight refactor after fixing the issue, so it is non-trivial at this point. If you have any questions or concerns please let me know, I'm getting all the updates on this issue directly to my inbox. -Jeff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1068145 Title: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1068145/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1068145] Re: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break
Yes, we're planning to release the fix for this issue in Puppet 3.2 which will hopefully go out as RC1 at the end of this week. I'm not sure how difficult the backport to 2.7 will be, but we did so a slight refactor after fixing the issue, so it is non-trivial at this point. If you have any questions or concerns please let me know, I'm getting all the updates on this issue directly to my inbox. -Jeff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068145 Title: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1068145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
