Source: puppet X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security
Hi, The following vulnerability was published for puppet. CVE-2021-27025[0]: | A flaw was discovered in Puppet Agent where the agent may silently | ignore Augeas settings or may be vulnerable to a Denial of Service | condition prior to the first 'pluginsync'. https://puppet.com/security/cve/cve-2021-27025 https://github.com/puppetlabs/puppet/commit/da8b73edca174309a9bef5f62cd276933fe733e8 (6.25.1) This is too intrusive to backport (and has limited impact) to released suites, but still filing a bug to track it. This can be closed when puppet-agent 7 gets uploaded to unstable. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-27025 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27025 Please adjust the affected versions in the BTS as needed.
